1. Field of the Invention
The present invention relates to integrated circuit technology and for security in integrated circuits. More particularly, the present invention relates to apparatus and methods for a tamper resistant bus for secure lock bit transfer within an integrated circuit.
2. The Prior Art
It is often desirable to prevent secure information within an integrated circuit from external tampering while it is transferred over an internal data bus to other locations within the chip. In one particular application, field-programmable-gate-array (FPGA) integrated circuits manufactured and marketed by Microsemi Corporation include an on-chip bus that is used to transmit security lock information to the controller from non-volatile storage. The security lock information prevents FPGA programming and interrogation operations such as read the core, erase security, etc.
In previous designs, each item to be locked was stored as (r*k) redundant flash bits. These bits were sensed and transmitted over a very wide data path to the controller that abuts the flash sensing circuits. The redundant bits are used individually to inhibit independent sub-functions of the operation that is to be locked, thus inhibiting the operation. Probing up to r−1 signals of the data path will not be sufficient to unlock the operation. The minimum Hamming distance, d, for a set of redundant lock bits will be r.
TABLE 1k (# ofn (Bus Width)Lock bits)r = 2r = 3r = 4r = 5123452468103691215481216205101520256121824307142128358162432409182736451020304050112233445512243648601326395265142842567015304560751632486480173451688518365472901938577695k 2 * k 3 * k 4 * k 5 * k
Table 1 shows the lock bit bus width n that will be required for schemes using k lock bits and a tamper resistance r in the prior art scheme for tamper resistances of r=2 through r=5.
As can be seen from an examination of Table 1, this approach is impractical or inefficient in designs that have a large physical separation between the flash storage and the controller circuits, since a very wide bus between these elements is required, adding area to the integrated circuit die. The value of r could be reduced to decrease the die area needed to support the lock bit bus but such a modification would be at the expense of making it easier to force a new valid state on the bus through probing.