This application is a divisional of U.S. patent application Ser. No. 10/112,790 entitled “Methods and Circuits for Protecting Proprietary Configuration Data for Programmable Logic Devices” By Stephen M. Trimberger, filed Mar. 29, 2002, which is incorporated herein by reference.
A PLD (programmable logic device) is an integrated circuit that performs digital logic functions selected by a designer. PLDs include logic blocks and interconnect lines, and typically both the logic blocks and interconnect lines are programmable. One common type of PLD is an FPGA (field programmable gate array), in which the logic blocks typically include lookup tables and flip-flops that generate and store any logic function of their input signals. Another type of PLD is the CPLD (complex programmable logic device), in which the logic blocks perform the AND function and the OR function and the selection of input signals is programmable.
Designs implemented in PLDs have become so complex that it often takes months to complete and debug a design to be implemented in a PLD. When the design is going into a system of which the PLD is a part and is to be sold for profit, the designer does not want the result of this design effort to be copied by someone else. The designer often wants to keep the design a trade secret.
Many PLDs, particularly FPGAs, use volatile configuration memory that must be loaded from an external device such as a PROM every time the PLD is powered up. Since configuration data is stored external to the PLD and must be transmitted through a configuration access port, the privacy of the design can easily be violated by an attacker who monitors the data on the configuration access port, e.g. by putting probes on board traces.
Efforts have been made to encrypt designs, but it is difficult to make the design both secure from attackers and easy to use by legitimate users. Finding an appropriate encryption algorithm is not a problem. Several encryption algorithms, for example, the Data Encryption Standard (DES) and the more secure Advanced Encryption Standard (AES) algorithms are known for encrypting blocks of data. Cipher block chaining (CBC), in which each block of data is XORed with the immediately previous block and then encrypted, allows the DES or AES to encrypt a serial stream of data and these are therefore appropriate for encrypting a bitstream for configuring a PLD. A key used for encrypting the design must somehow be communicated in a secure way between the PLD and the structure that decrypts the design, so the design can be decrypted by the PLD before being used to configure the PLD. Then, once the PLD has been configured using the unencrypted design, the design must continue to be protected from unauthorized discovery. And, to make matters still more difficult, a single PLD configuration may include “cores,” or subdesigns, from several vendors, and each vendor may use a different key to protect his or her core.
A Nov. 24, 1997, publication by Peter Alfke of Xilinx, Inc., entitled “Configuration Issues: Power-up, Volatility, Security, Battery Back-up” describes several steps that can be taken to protect a design in an existing FPGA device having no particular architectural features within the FPGA to protect the design. Loading design configuration data into the FPGA and then removing the source of the configuration data but using a battery to maintain continuous power to the FPGA while holding the FPGA in a standby non-operational mode is one method. However, power and system cost requirements make this method impractical for many applications.
Nonvolatile configuration memory is another possibility. If the design is loaded at the factory before the device is sold, it is difficult for a purchaser of the configured PLD device to determine what the design is. It is possible, however, to discover the program states of non-volatile memories, and consequently to reverse-engineer proprietary PLD designs. Some memory technologies, such as antifuses, are vulnerable to inspection under a microscope. Memory technologies that rely on stored charge can be attacked by chemically treating memory cells to determine their charge states after removing overlaying metal layers. Also disadvantageous, nonvolatile memory fabrication requires a more complex and more expensive process technology than standard CMOS process technology, and takes longer to bring to market.
It is also known to store a decryption key in nonvolatile memory in a PLD, load an encrypted bitstream into the PLD and decrypt the bitstream using the stored key. This prevents an attacker from reading the bitstream as it is being loaded into the PLD, and does retain the key when power is removed from the PLD. Such arrangements are described by Austin in U.S. Pat. No. 5,388,157 and by Trimberger in U.S. patent application Ser. No. 09/253,401 entitled “Method and Apparatus for Protecting Proprietary Configuration Data for Programmable Logic Devices,” both of which are incorporated herein by reference. However, these arrangements do not protect user's designs from all modes of attack.
There is a need for additional design protection methods that are convenient, reliable, and secure.