The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
A programmable logic device (PLD), for example a field programmable gate array (FPGA), is an integrated circuit consisting of programmable logic blocks and programmable routing. This programmable logic and routing can be configured with a configuration bitstream that can be loaded into the PLD from an external source. For modern PLDs, this configuration is mediated by one or more programmable processors and associated firmware embedded in the PLD. Many PLDs, including FPGAs, also typically include addressable Random Access Memory (RAM) and Read-Only Memory (ROM) associated with these processors and embedded firmware. For example, the ROM may contain processor instructions and other associated data that allows the FPGA to go through an initial boot process, and that boot process may include loading the RAM with additional processor instructions or associated data from an external source (such as header data contained in the external bitstream). The embedded ROM code or firmware may also contain instructions for performing security checks (such as calculating elliptic-curve signing algorithms for authentication), or code for preforming debug and self-check operations.
It is very important for PLD users to protect the embedded firmware from tampering or hacking. Furthermore, PLDs are often incorporated in equipment that requires a high-level of security (such as military and financial applications), which make them targets for attacks by hackers and other malicious entities. A common method of attacking the PLD would be to surreptitiously embed malicious software or code that may be executed by the processors in the PLD. For example in an FPGA, this malicious software might be inserted into the FPGA's ROM by manipulating the masks used to program the ROM, or by directly manipulating the ROM bits of individual devices as they pass through the supply channel (such as by using laser probes or Focused Ion Beam technology). From an attacker's perspective, it may be much easier to tamper with the device—and to make the devices do what the attacker desires—by tampering with the embedded code on the device, as compared to tampering with the logic gates in the device.
Thus, a key component of securing PLDs is to ensure that the embedded firmware is secure against intrusion. Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device, and reading that ID via a Joint Test Action Group (JTAG) command. However, for a PLD that is fully controlled by internal processors, unique IDs or other such JTAG responses can be easily spoofed, and cannot ensure that a device does not contain malicious code. Other security measures include public-key authentication of the external boot code, but a public-key can also be easily spoofed, for example if the attacker has already inserted Trojan software into the embedded ROM firmware of an FPGA responsible for authentication. In some cases, possibly by attacking certain debug facilities of the device, the malicious code might be stored into the RAM of a FPGA or another PLD. Therefore, there is a long felt need to develop a method of detecting if an attacker is already inside the firmware or the “security envelope” of a PLD.