The invention relates to field programmable gate arrays, more especially but not exclusively to volatile field programmable gate arrays.
A field programmable gate array (FPGA) includes a functional portion comprising a logical structure, the configuration of which is programmable into states defined by configuration data specified for the application concerned at the design stage and loadable into the FPGA.
FPGA""s based on volatile technology are in widespread use. The companies Altera Corporation and Xilinx, Inc. have been active in this field. Such volatile FPGA""s lose their configuration when power is removed. Volatile FPGA""s are therefore reconfigured on power-up by reloading the configuration data which is held externally. To perform this function, volatile FPGA""s are provided with circuitry for routing the respective configuration data to the appropriate elements within the functional portion of the FPGA.
At the time of reloading the configuration data on power-up, it would be relatively straightforward to observe the configuration data by intercepting the data stream between the external configuration data store and the FPGA as the FPGA is being configured. Moreover, unauthorized reverse engineering of a programmed FPGA could make use of the intercepted configuration data.
A first possibility would be to obtain unprogrammed FPGA""s on the open market and to program them with intercepted configuration data.
A second possibility would be to reverse engineer the design of the FPGA at the logic level from the configuration data and to manufacture FPGA""s to that design which could then be programmed with the intercepted configuration data or other configuration data. This would be possible if the relationship between the intercepted configuration data and the resulting configuration of the FPGA were known. It could also then be possible to make modifications to the reverse engineered FPGA design, for example to use the unauthorized reverse engineering of the original FPGA logic as a springboard for further designs, or in order to mask the fact that the design had been obtained by reverse engineering from the original FPGA.
A third possibility, which could be adopted if the relationship between the configuration data and the resulting configuration of the FPGA were not known, would be to reverse engineer the FPGA at the hardware level using slice and scan methods, or other hardware cloning techniques.
There is thus the potential for unauthorized copying of commercially valuable configuration data, which may well have been created following original design work, perhaps involving teams of designers over significant periods of time. Moreover, there is the potential for unauthorized reverse engineering of FPGA hardware at the logic level through the use of configuration data obtained by the unauthorized interception of data during the FPGA configuration process.
Particular and preferred aspects of the invention are set out in the accompanying independent and dependent claims. Features of the dependent claims may be combined with those of the independent claims as appropriate and in combinations other than those explicitly set out in the claims.
According to a first aspect of the invention there is provided a field programmable gate array designed to receive encrypted configuration data and having on its input side decryption logic for acting on the encrypted configuration data received on reconfiguration, e.g. on power-up, to decrypt it. The decrypted configuration data can then be handled within the field programmable gate array in a conventional manner, i.e. distributed to configure the logical structure of the functional portion of the field programmable gate array.
In an embodiment of the invention, the decryption logic accesses a decryption key stored within the FPGA. The decryption algorithm then uses the key as an operand. The decryption algorithm is preferably stateful rather than stateless. A stateful algorithm may be realized in hardware based on a standard linear feedback shift register (LFSR) design. Typically, the key memory will be formed of non-volatile memory elements, for example EEPROM, and the functional portion of the gate array will be formed of volatile elements, for example SRAM. The key size may be typically of the order of 1K bits or more, with the size being chosen to provide the desired data security level having regard to current code cracking technology. Smaller key sizes may be appropriate for some applications, for example 64 bits, 128 bits or 256 bits.
Since the key memory will typically only constitute a small fraction of the FPGA in comparison to the gate array of the functional portion of the FPGA, the key memory can be realized in the hardware with a relatively large feature size which is beneficial to yields.
According to a second aspect of the invention there is provided a method of processing field programmable gate array configuration data. The method comprises: inputting configuration data; encrypting the configuration data; and storing the encrypted configuration data into a configuration data memory or intermediate recording medium for subsequent loading into a configuration data memory. The encryption may use an algorithm that utilizes an encryption key. A decryption key can be generated from the encryption key and the decryption key can then be embedded in a non-volatile memory of a field programmable gate array to which it is intended to supply the encrypted configuration data.
According to a third aspect of the invention there is provided a method of reconfiguring a field programmable gate array. The method comprises: inputting encrypted configuration data into the field programmable gate array; decrypting the encrypted configuration data; and distributing the decrypted configuration data to configure the field programmable gate array. In the third aspect of the invention the decrypting step may include applying a decryption algorithm to the encrypted configuration data using a decryption key, stored in non-volatile form within the field programmable gate array, as an operand of the algorithm. The decryption algorithm may be stateful or stateless.
According to a fourth aspect of the invention there is provided a field programmable gate array configurable according to externally inputted encrypted configuration data. The gate array has non-volatile memory elements loaded with a decryption key and also data manipulation elements forming part of a configuration data input channel and arranged to apply a decryption algorithm responsive to the decryption key to configuration data passing through the input channel.
Furthermore, a field programmable gate array module may be provided, the module including a field programmable gate array as well as a non-volatile configuration data memory, the field programmable gate array and its memory being interconnected by a configuration data transfer link.
In an alternative embodiment of the invention, there is provided a field programmable gate array comprising: a configurable logical structure having a default state and being configurable into a programmed state by configuration data; an input for receiving encrypted configuration data; and data storage for storing a set of configuration data for defining a programmed state, wherein, in the default state, the configurable logic structure serves to decrypt encrypted configuration data received at the input and to output the decrypted configuration data to the data storage for subsequent reconfiguration of the configurable logic structure into a programmed state. The data storage may comprise a plurality of configuration data holding registers and there may be provided a state machine connected to detect completion of decryption by the configurable logic structure and to trigger the data holding registers to load the configuration data stored therein into the configurable logic structure.
With the above embodiments and aspects of the invention, it is thus possible to improve the security of intellectual property and confidential information embodied in an FPGA design, both in respect of the logic structure designed by the FPGA manufacturer and in respect of the configuration data developed for specific applications by FPGA application designers. The decryption, i.e. descrambling, circuitry is arranged inside the FPGA and operates on the configuration data supplied to it from outside the FPGA. The configuration data supplied to the FPGA is thus stored outside the FPGA in encrypted form for the external circuit that uses the FPGA. Obtaining the configuration data, for example by interception during power-up of the FPGA, will thus result in the interception of encrypted configuration data rather than configuration data in raw, unscrambled form. The task of establishing the relationship between the encrypted configuration data and the logic design of the FPGA can thus be rendered considerably more arduous, since this relationship is made less transparent by the encryption. Moreover, different encryption can be used in different FPGA""s, even if the same raw configuration data is to be programmed into a plurality of FPGA""s, thus serving to make the interpretation of intercepted configuration data still more difficult.
In one embodiment of the invention, the application designer has the responsibility of defining at least one aspect of the decryption process. In the embodiment described further below, the designer defines a decryption key. A decryption algorithm, which uses the designer-defined key as an operand, is predefined by the FPGA manufacturer and will typically be embedded in the FPGA hardware. A corresponding encryption key and encryption algorithm will also be defined. Corresponding encryption and decryption keys may be identical or different.
In one approach, the FPGA is provided with an input through which the application designer can enter the key into non-volatile memory within the FPGA. With this embodiment, there is preferably also structure for disabling subsequent external access to the key""s non-volatile memory to hinder unauthorized access to the key at a later time. For example, the key input may be manufactured to be responsive to a disabling signal which, when received, effects an irreversible change in the FPGA so as to bar subsequent external communication to the decryption key.
In another approach, there is no input by which the key""s non-volatile memory may be externally programmed by the application designer. Instead, the application designer informs the FPGA manufacturer of the desired key and the manufacturer embeds the key as a part of the manufacturing process.
The first-mentioned approach has the advantage of enhanced data security regarding the key information which needs only be known to the application designer. The second-mentioned approach has the advantage that the FPGA has no externally accessible channels through to the non-volatile key memory.
The application designer can be given the task of generating the encrypted configuration data set after completion of the application design, i.e. generation of the encrypted configuration data from the raw, unencrypted configuration data. For this, the application designer would use the encryption key corresponding to the above-mentioned decryption key in conjunction with a design tool, which could be provided by the FPGA manufacturer, in which is programmed an encryption algorithm constituting the inverse of the decryption algorithm embedded in the FPGA. The design tool may be software or hardware based.
Since the configuration data is stored in encrypted form, and also transmitted to the FPGA during power-up in encrypted form, a barrier to reverse engineering is erected. If cloning is attempted, the pirate will need to know how the encryption and decryption is configured, but obtaining this information from the FPGA would be likely to be arduous in the extreme. Reverse engineering of the FPGA hardware can be made still more difficult by scattering the non-volatile memory elements used to store the designer-defined decryption data around the FPGA chip. Techniques for dispersing elements in this way are known from the art of secure microcontroller design, where ROM elements are distributed, or spatially scattered, so that they do not form a regular and recognizable pattern which may then be scanned automatically.