This invention relates generally to programmable logic devices and specifically to improving security for programmable logic devices.
Programmable logic devices (PLDs) are a class of integrated circuits which can be programmed by a user to implement user-defined logic functions. Early PLDs included an AND array which logically ANDs two or more input signals to produce product terms (P-terms), and an OR array which logically ORs two or more of the P-terms provided by the AND array to generate a sum-of-products term. A complex programmable logic device (CPLD) incorporates several early PLDs and associated connection circuitry onto a single integrated circuit.
Typically, a CPLD includes a plurality of function blocks that are selectively connected to one another and to input/output (I/O) modules by a programmable interconnect matrix. Each function block includes an AND array and a set of macrocells. The AND array includes a set of input lines for receiving selected input signals from the programmable interconnect matrix, and a set of product term (P-term) lines for transmitting P-term signals to the macrocells. Each macrocell includes an OR gate which is programmable to receive one or more of the P-term signals transmitted on the P-term lines. The OR gate produces a sum-of-products term that may be selectively transmitted to the I/O modules, to the interconnect matrix, or to adjacent macrocells.
One problem with conventional PLDs is that the input AND array in each function block consumes electric power at all times, even when the input signals are not changing. This power management problem has been addressed by Jenkins, Seltzer, and Curd in U.S. Pat. No. 6,172,518, incorporated herein by reference, which discloses a power management scheme that may selectively power down individual PLD components with minimal performance degradation. More specifically, this power management scheme designates a function block to generate a power control signal (VENA) that may be used to selectively power down the function blocks and the I/O modules. The power control signal VENA may also be used to force selected device input pins to a static state during in-system programming (ISP) operations. Typically, the signal VENA is distributed through the PLD by a power control rail, which in turn is coupled to an external device pin to allow users to externally observe the signal VENA.
In addition, the signal VENA may be used to disable the input pins of a PLD, as described below with respect to the well-known CPLD 1 shown in FIG. 1. CPLD 1 is shown to include an input signal blocking circuit 10, a function block 20, an observation (VENA) pin 30, a plurality of input pins 40(1)-40(n) and corresponding input buffers 42(1)-42(n), and a power control (VENA) rail 50. Input signal blocking circuit 10 includes a datagate 12, a buffer 14, and a plurality of NMOS input pass transistors 16(1)-16(n). Datagate 12 is an NMOS pass transistor having a gate coupled to a supply voltage VDD, and buffer 14 may be any suitable driver circuit. Input pass transistors 16(1)-16(n) are coupled between respective input pins 40(1)-40(n) and input buffers 42(1)-42(n). Input buffers 42(1)-42(n) are typically CMOS inverters. Function block 20, which is shown to include a well-known macrocell 22 having a flip-flop 24 and buffer 26, is designated as a control function block to generate the signal VENA in a well-known manner as described, for example, in U.S. Pat. No. 6,172,518. The signal VENA is output from macrocell 22 onto VENA rail 50, which in turn provides VENA to the gates of input pass transistors 16(1)-16(n) via datagate 12 and buffer 14.
When VENA is de-asserted (e.g., to logic high) by function block 20, input pass transistors 16(1)-16(n) are conductive and allow input signals provided on input pins 40(1)-40(n) to pass to corresponding input buffers 42(1)42(n), which in turn route the input signals to internal PLD logic (not shown). Conversely, when VENA is asserted (e.g., to logic low), input pass transistors 16(1)-16(n) are not conductive and prevent input signals provided on input pins 40(1)-40(n) from passing to corresponding input buffers 42(1)-42(n), thereby disabling input pins 40(1)-40(n).
The observation pin 30 is connected to VENA rail 50 to allow for external observation of the signal VENA. In this manner, a user may monitor observation pin 30 to determine whether selected PLD elements (e.g., function blocks, I/O modules, and input pins) are powered down and/or disabled when the signal VENA is asserted. Unfortunately, observation pin 30 may be used to circumvent the input pin disabling feature of PLD 1 by forcing VENA to a desired state.
For example, in secure applications where a register in the PLD is used to store an access key, a user may be prompted to enter a password through input pins 40 to access the PLD or to access a host system (for example, a cellular phone, personal digital assistant, or other device) which includes the PLD. Typically, the password is provided by the user on input pins 40 and compared to the key stored in the PLD. If there is a match, VENA may be de-asserted to enable input pins 40, and if there is not a match, VENA may remain asserted to disable input pins 40. However, a user having knowledge of observation pin 30""s connection to VENA rail 50 may be able to drive pin 30 with sufficient strength to force VENA to a de-asserted state, irrespective of whether function block 20 has de-asserted VENA (e.g., in response to a valid password). In this manner, observation pin 30 may be used to override VENA and thus breach the security of the PLD and/or its host system.
Therefore, there is a need for an input pin signal blocking circuit that allows for external observation of the power control signal VENA without being vulnerable to security overrides using the observation pin.
A method and apparatus are disclosed that prevent a user from overriding a power control signal from an observation pin. In accordance with one embodiment of the present invention, a function block of a PLD that generates the power control signal provides the power control signal to a distributed power control rail, which in turn is externally observable from an observation pin. The function block also provides the power control signal as a feed forward signal to an input signal blocking circuit. In response to the feed forward signal, the input signal blocking circuit selectively controls the device input pins. For one embodiment, an asserted feed forward signal causes the input signal blocking circuit to disable the input pins, and a de-asserted feed forward signal causes the input signal blocking circuit to enable the device input pins.
For some embodiments, the input signal blocking circuit includes a plurality of input pass transistors, each coupled between a corresponding device input pin and internal PLD logic and having a gate to receive the feed forward signal. For other embodiments, the feed forward signal is selectively provided to the input pass transistors via logic gates in response to corresponding control bits. For still other embodiments, the power control signal on the distributed rail may be selected to control the device input pins via the input pass transistors.
The feed forward signal is not accessible from the external observation pin, and therefore cannot be externally altered (e.g., overridden) from the observation pin by a user attempting to circumvent the input pin disabling mechanism. In this manner, embodiments of the present invention provide improved PLD security while allowing the state of the power control signal to be externally observed.