1. Field of the Invention
This invention relates generally to methods, systems, machine readable media and apparatus for protecting intellectual property (“IP”). More specifically, this invention relates to techniques for protecting designs and/or configuration data in SRAM-based programmable logic devices and similar configurable devices.
2. Description of Related Art
A programmable logic device (PLD) is a programmable integrated circuit that allows the user of the circuit, using software control, to customize the logic functions the circuit will perform. Programmable logic devices supplied by integrated circuit manufacturers like Altera Corporation of San Jose, Calif. are not inherently capable of performing any specific function. The user, in conjunction with software supplied by the PLD manufacturer, can program the PLD to perform the specific function or functions required by the user's application. The PLD then can function like a dedicated logic chip.
A typical PLD consists of an array of logic cells that can be individually programmed and interconnected to each other to provide internal input and output signals, thus permitting the performance of highly complex combinational and sequential logic functions. Users typically prepare electronic designs using CAD software tools, usually provided by the chip vendor, to do technology mapping, partitioning and placement, routing and binary configuration data output generation. The resulting binary configuration data can be programmed into a ROM connected to the configurable device or downloaded to the configurable device from a connected computer.
A program is implemented in a PLD by setting the states of programmable elements such as memory cells. These memory cells may be implemented with volatile memories, such as SRAMs, which lose their programmed states upon termination of power to the system. If the programmable elements used are volatile memories, the memory cells must be configured upon each system power-up in order to configure the PLD.
In this disclosure, a “configurable device” is a programmable device that ultimately contains user logic (that is, the function(s) programmed and implemented in a programmable device by a user, for example an electronic design). Typically, such a device has a volatile memory and must be programmed upon each power-up, though not every configurable device must possess these characteristics. Examples of configurable devices include SRAM PLDs and RAM-based PLDs (for example, Altera FLEX and STRATIX devices).
Moreover, in this disclosure, a “secure device” is defined to be a non-volatile programmable device, a custom logic device, a microprocessor or other similar device that is a secure device (that is, a device from which a design cannot be directly determined or read out of the device, such as an Altera MAX device) and which installs user logic and possibly other functionalities into a configurable device (as defined above) from a configuration data memory (a “storage device”). As noted below, a storage device may be a component separate and distinct from a secure device or the two devices may be integrated to some degree in a single component. Where a storage device and a secure device are distinct, the two devices may be connected by a secure link to prevent copying of data transferred between the two devices.
To use a configurable device (such as an SRAM-based FPGA), a user captures a user's electronic design using any of several design capture tools and then uses software tools to convert the captured design into a specific bitwise representation that can be stored in a storage device, such as an EEPROM. Upon startup, the storage device supplies the bitwise representation to the configurable device, typically under the control of a secure device, enabling the configurable device to perform the function of the programmed electronic design.
In some cases, the configuration data in a storage device is a bitwise representation that, when installed by a secure device into a configurable device can implement user logic to be used by the configurable device. However, the configuration data may also take on other formats and these are considered to be within the scope of the present invention. For example, either or both of the configurable device and the secure device might include an integrated microprocessor. Part of the configuration data would then be computer code that would be used by the microprocessors. The microprocessors could implement the functionality of random number generators, encryption and decryption circuits, and comparators that might otherwise be implemented with logic. The actual user logic in the configurable device would still be implemented in the normal fashion—just the configuration security circuits would be implemented with the microprocessors. Any appropriate manner of storing and using configuration data is deemed to fall within the meaning of the term “configuration data” in this disclosure.
By the time a bitwise representation is created, it typically represents significant time, money and effort. To encourage individuals and companies to continue to invest in the research and development of new electronic designs, and to protect the investment represented by existing completed designs, it is desirable to provide some method of protecting the electronic designs from illegal or otherwise unauthorized copying and/or use, which has become a more acute problem in the field.
To make an illegal copy of the electronic design, as implemented in a configurable logic device, one need only make a copy of the bitwise representation stored in the storage device. This can be done by copying the bitstreams transmitted externally between a configurable device and the device installing the configuration data and using the copied bitstream with a copied configurable device. Thus, the copied bitwise representation can be illegally used with other programmable devices. It therefore is desirable to make it as difficult as possible to copy the bitwise representation of the electronic design.
Several techniques have been developed to address the illegal copying of programmable device programming software by users. The goal of these techniques is to make it impossible (or at least much more difficult) to illegally copy user designs and/or other proprietary information or data. While these efforts have met with some success, they have some shortcomings.
As noted above, microprocessors can been used to configure programmable devices prior to operation. However, implementing a microprocessor to configure the device does not address the security issue. A microprocessor must still externally transmit the configuration data to the configurable device. The configuration data is of finite length and can therefore be captured and used to configure another device without authority from the design's owner.
In another prior technique, the device being programmed sends a constant stream of data to a control device. If the data stream is not correct, the control device can assert a reconfiguration signal and stop operation of the programmable device. The data stream can be generated in a number of different ways to prevent decoding of the data stream's pattern. However, if the reconfiguration signal is disconnected, the control device loses power over the device being programmed. While some measures can be taken to try and monitor the status of the devices' link, unscrupulous users can still circumvent these protective measures. Furthermore, the configuration data that is driven to the configurable device could be captured and used to configure the configurable device without the control device.
Another technique for preventing the theft of design software is found in U.S. Pat. No. 5,970,142. In that design, the configurable device generates an encryption key which is transmitted to the control device (also referred to as a storage device in the '142 Patent). An encryption circuit in the control device encrypts all of the configuration data and sends the encrypted configuration data to the configurable device. The configurable device then decrypts the entire configuration data and uses the decrypted configuration data to program the configurable device to create the user logic.
As will be appreciated, the system requires that all of the configuration data be encrypted and decrypted completely. This approach also requires either that special circuitry be incorporated into the configurable device and the storage device or that unencrypted data be used to configure part of the configurable device before transfer of the encrypted configuration data. Configuration data cannot be used to create a decryptor in the configurable device since that data is encrypted before it is sent to the configurable device. As will be appreciated, this technique cannot be practically “retrofitted” into existing configurable device systems, due to the special circuitry and/or multiple configuration steps needed for its implementation. As will be appreciated by those skilled in the art, onboard encryption and/or storage/generation of an encryption key is both more expensive and more complicated. The key must be well hidden and area and/or other resources on the configurable device are permanently dedicated to security unnecessarily sometimes.
Techniques that permit full use of designs and configuration data while protecting the proprietary interests of the owners of the intellectual property incorporated in such designs, systems and devices would represent a significant advancement in the art.