1. Field of the Invention
This invention relates generally to methods, systems, machine readable media and apparatus for protecting intellectual property (“IP”). More specifically, this invention relates to techniques for protecting designs and/or configuration data in SRAM-based programmable logic devices and similar configurable devices.
2. Description of Related Art
A programmable logic device (PLD) is a programmable integrated circuit that allows the user of the circuit, using software control, to customize the logic functions the circuit will perform. Examples of PLDs are FPGAs (Field Programmable Gate Arrays) and EPLDs (Erasable Programmable Logic Devices). The logic functions previously performed by small, medium and large scale integration integrated circuits can instead be performed by programmable logic devices. Programmable logic devices supplied by integrated circuit manufacturers like Altera Corporation of San Jose, Calif. (a more detailed description of these products can be found at “www.altera.com”) are not inherently capable of performing any specific function. The user, in conjunction with software supplied by the PLD manufacturer, can program the PLD to perform the specific function or functions required by the user's application. The PLD then can function in a larger system designed by the user, just as though dedicated logic chips were employed.
A typical PLD consists of an array of logic cells that can be individually programmed and arbitrarily interconnected to each other to provide internal input and output signals, thus permitting the performance of highly complex combinational and sequential logic functions. The program is implemented in the PLD by setting the states of programmable elements such as memory cells. These memory cells may be implemented with volatile memories, such as SRAMs, which lose their programmed states upon termination of power to the system. If the programmable elements used are volatile memories, the memory cells must be configured upon each system power-up in order to configure the PLD.
In this disclosure, a “configurable device” or “configurable PLD” is defined to be a programmable device that ultimately contains the user logic (that is, the function(s) programmed and implemented in a PLD by a user). Typically, such a device has a volatile memory and must be programmed upon each power-up, though not every configurable device must possess these characteristics. Examples of configurable devices include SRAM PLDs and RAM-based PLDs (for example, Altera FLEX devices).
Moreover, in this disclosure, a “secure device” is defined to be a non-volatile programmable device, a custom logic device, a microprocessor or other similar device that is a secure device (that is, a device from which a design cannot be directly determined or read out of the device, such as an Altera MAX device) and which installs user logic and possibly other functionalities into a configurable device (as defined above) from a configuration data memory (a “storage device”). As noted below, a storage device may be a component separate and distinct from a secure device or the two devices may be integrated to some degree in a single component. Where a storage device and a secure device are distinct, the two devices may be connected by a secure link to prevent copying of data transferred between the two devices.
To use a configurable PLD (such as an SRAM-based FPGA), a user captures a circuit design using any of several design capture tools and then uses software tools to convert the captured design into a specific bitwise representation which can be stored in a storage device, such as an EEPROM. Upon startup, the storage device supplies the bitwise representation to the configurable PLD, typically under the control of a secure device, enabling the configurable PLD to perform the function of the programmed circuit design.
In some cases, the configuration data in a storage device is a bitwise representation that, when installed by a secure device, such as an EEPROM PLD, into a configurable device, such as an SRAM PLD, can implement user logic and possibly other functionalities to be used by the configurable device. However, the configuration data may also take on other formats and these are considered to be within the scope of the present invention. For example, either or both of the configurable device and the secure device might include an integrated microprocessor. Part of the configuration data would then be computer code that would be used by the microprocessors. The microprocessors could implement the functionality of random number generators, encryption and decryption circuits, and comparators that might otherwise be implemented with logic. The actual user logic in the configurable device would still be implemented in the normal fashion—just the configuration security circuits would be implemented with the microprocessors. Any appropriate manner of storing and using configuration data is deemed to fall within the a meaning of the term “configuration data” in this disclosure.
By the time a bitwise representation is created, it represents significant amounts of time, money and effort. To encourage individuals and companies to continue to invest in the research and development of new circuit designs, and to protect the investment represented by existing completed designs, it is desirable to provide some method of protecting the circuit designs from illegal or otherwise unauthorized copying and/or use.
To make an illegal copy of the circuit design, as implemented in a configurable logic device, one need only make a copy of the bitwise representation stored in the storage device. This can be done by copying the bitstreams transmitted externally between a configurable device and the device installing the configuration data and using the copies bitstream with a copied configurable device. Thus, the copied bitwise representation can be illegally used with other programmable logic devices. Therefore, it is desirable to make it more difficult to copy the bitwise representation of the circuit design.
Several techniques have been developed to address the illegal copying of PLD programming software by users. While these efforts have met with some success, they have some shortcomings.
As noted above, microprocessors can been used to configure PLDs prior to operation. However, implementing a microprocessor to configure the device does not address the security issue. A microprocessor must still externally transmit the configuration data to the configurable PLD. The configuration data is of finite length and can therefore be captured and used to configure another device without authority from the design's owner.
In another prior technique, a configuration of which is shown in FIG. 1, the device being programmed 110 sends a constant stream of data 120 to a control device 130. If the data stream is not correct, the control device 130 can assert a reconfiguration signal 140 and stop operation of the programmable device 110. The data stream 120 can be generated in a number of different ways to prevent decoding of the data stream's pattern. However, if the reconfiguration signal is disconnected, the control device loses power over the device being programmed. While some measures can be taken to try and monitor the status of the devices' link, unscrupulous users can still circumvent these protective measures. Furthermore, the configuration data that is driven to the configurable PLD could be captured and used to configure the configurable PLD without the control device 130.
Another technique for combating the theft of design software is found in U.S. Pat. No. 5,970,142. In that design, the configurable device generates an encryption key which is transmitted to the control device (also referred to as a storage device in the '142 patent). An encryption circuit in the control device encrypts all of the configuration data which is then sent to the PLD. The PLD subsequently decrypts the entire configuration data and uses the decrypted configuration data to program the PLD user logic. As will be appreciated, the system requires that all of the configuration data be encrypted and decrypted completely. This approach also requires either that special circuitry be incorporated into the PLD and the storage device or that unencrypted data be used to configure part of the configurable device before transfer of the encrypted configuration data. Configuration data cannot be used to create a decryptor in the configurable PLD since that data is encrypted before it is sent to the configurable PLD. As will be appreciated, this technique cannot be practically “retrofitted” into existing configurable PLD systems, due to the special circuitry and/or multiple configuration steps needed for its implementation.
Techniques that permit full use of designs and configuration data while protecting the proprietary interests of the owners of the intellectual property incorporated in such designs, systems and devices would represent a significant advancement in the art.