The present invention relates to configuring field programmable gate arrays generally, and more particularly to protecting configuration bitstreams from detection or alteration.
Field programmable gate array devices are logic or mixed signal devices that may be configured to provide a desirable user-defined function. FPGAs are typically configured using data received from a configuration device. This configuration data may be referred to as a configuration bitstream or program object file (POF). This bitstream opens and closes switches formed on an FPGA such that desired electrical connections are made.
Modern FPGAs contain hundreds of thousands of logic gates, as well as processors, memories, dedicated analog function blocks, and other circuits. This large amount requires a similarly large configuration bitstream to configure it. For example, 55 Megabits of configuration data are now needed by some FPGAs.
This configuration data represents an FPGA user design that is the outcome of a huge investment in manpower and research and development costs, often in the million dollar range. To protect this investment, configuration bitstreams are often encrypted. The encrypted bitstream is decrypted using a key stored on the FPGA, and the FPGA is then configured. When the FPGA is configured by a configuration device, the bitstream that is susceptible to detection is encrypted and thus protected.
Unfortunately, problems remain even with encryption. For example, if the key can be erased or modified, then the protected device can be reconfigured to perform a new function. This can be particularly problematic if the device is performing an important function, such as network security. Similar problems remain if other types of encoding are used.
Thus, what is needed are circuits, methods, and apparatus for storing encoding keys in such a way that they cannot be modified or erased. In this way, the unauthorized reconfiguration of FPGAs can be prevented.