In modern electronic devices circuitry is often defined with scan capability. More specifically, a particular portion of circuitry can be defined to have a scan input chain and a scan output chain. Each of the scan input and output chains is defined by a set of serially connected registers, wherein each register is typically defined to store a single bit signal. Scan input data can be clocked through the various registers in the scan input chain. The scan input data represents binary input signals for the portion of circuitry to be tested by the scan input and output chains. Once the scan input chain is loaded, the scan input data is clocked through the circuitry to be tested. Various output signals generated by the circuitry based on the scan input data are then clocked out to the registers that define the scan output chain. Then, the scan output data is clocked out in a serial manner to be compared with expected scan output data. If the scan output data matches expectation, the circuitry is considered to be operating correctly. If the scan output data does match expectation, the circuitry is considered to be malfunctioning.
With direct access to the scan output chain, a malevolent entity may be able to decipher the logical function of a portion of circuitry by analyzing the scan output data resulting from a large number of scan input data combinations. The malevolent entity could then exploit the deciphered logical function of the circuitry. For example, if the circuitry in question were defined to provide a security feature, the deciphered logical function of the circuitry could be used by the malevolent entity to bypass the security feature.
Additionally, in the context of a programmable logic device (PLD), circuitry of the PLD is configured based on configuration data stored in a configuration memory. The configuration data is used to control a number of configuration devices within the PLD. A controlled state of the various configuration devices serves to establish circuitry connectivity and associated logic functions within the PLD. Thus, with direct access to the configuration data and knowledge of the underlying PLD structure, a malevolent entity may be able to ascertain the logic function of the configured PLD. The malevolent entity could then exploit the deciphered logic function of the configured PLD.
In view of the foregoing, a solution is needed to ensure that security sensitive data, such as scan output data and PLD configuration data, is protected from direct access and exploitation. Additionally, the solution for protecting the security sensitive data should not interfere with legitimate access to the security sensitive data.