《美国国家航空航天局技术简报》近期在 6 月刊中以封面报道的形式刊登了《FPGA 在新一代安全 A&D 系统中的作用》一文。该文章由 Xilinx 高级研究员应用工程师 (Senior Staff Applications Engineer) Ed Peterson 执笔。
Because today’s FPGAs include millions of programmable logic elements, design teams can program an individual FPGA to do the job of many chips. To streamline the design process, design teams heavily leverage the hard IP that vendors incorporate into their FPGA architectures. Design teams also implement soft IP from FPGA vendors, IP vendors, or their own IP. Hard IP that FPGA vendors implement in their devices is typically very high-performance and lowpower. FPGA architectures commonly include hard IP blocks such as dedicated engines that are used only for bitstream decryption and a slew of general system functions like Ethernet MAC/PHY, PCI-E interface, and memory controllers. Some devices also include hardened microprocessor cores. An illustration of the typical Hard IP content of an FPGA is shown in Figure 2.
Soft IP from FPGA and IP vendors can range from standard functions/ blocks IP such as processor cores and graphics engines, to more market- and application-specific specialized functions and interfaces. Where hard IP is already implemented in the silicon and can’t be modified, design teams implement soft IP in programmable logic elements in the FPGA. As such, designers can place IP in almost any location in their FPGA designs. Design teams integrate the hardware description language code (typically Verilog or VHDL) for these soft IP blocks with the rest of the logic description for the design. They then use vendor tools (design software) to compile the design and create a bitstream that programs their design into the FPGA when the chip boots up.
Programming Considerations
Programming FPGAs requires some planning to ensure that security aspects are addressed and implemented early enough in the design flow so as to not impact floor planning, resource, or pinout requirements. Practical designs require a security-centric design methodology. These security measures, also called anti-tamper (AT), can be grouped into two categories — active and passive security. The table shows the various active and passive security options in the Xilinx FPGA family.
Passive security measures are those that do not require the user to do anything special other than select their use during various phases of the design cycle. The phases of the FPGA design cycle are no-power, power with no configuration, and configured. In the no-power condition, there are two major security options for storing the decryption key for the bitstream that is being used — Battery Backed and eFUSE. eFuse is a built-in technology and does not require additional components. BBRAM supports both active and passive key clearing but requires an external battery, which requires supplier support for operation at high-temp and long lifetimes.
To ensure that programming transfer is secure, some FPGA products support encrypted bitstreams that get decrypted in the dedicated hard IP block inside the FPGA. This methodology allows for a standard development flow that uses in-house, vendor-provided, and third-party Electronic Design Automation (EDA) tools to ensure the system function is correct, and there’s a way to securely transfer the design information to the part. These cryptographic solutions follow the standard and support the NIST Hashed Message Auth entication Code (HMAC) standard for authentication.
The active security systems are grouped into three categories — prevention, detection, and penalty. The prevention methods are active functions that restrict the loading and transferring of data to specific times when the data movement has been approved. The detection methods are focused on the verification or contextual compliance, which can direct a penalty action in response to active overbuilding (cloning) detection, bitstream integrity checking, JTAG activity detection, temperature, and voltage monitoring. The FPGAs also have an eFUSE capability that extends to support a 57-bit Device DNA ID, which can be used to uniquely define a part and help eliminate counterfeiting and overproduction risks. The monitor and detection methods that can be incorporated into the design and are controllable in the device include readback CRC & JTAG disable, and a FIPS 140 system monitor.
The penalty responses from tampering are in the form of data clearing to shut down the operation of the FPGA. These are a keyclear function that will clear the AES key for decryption in BBR as a result of a tamper detect, and IPROG, which is an internal function that responds by clearing the contents of the configuration memory, all of the flipflops, and the key memory (but not the AES encryption key).
Modern FPGA devices are an essential part of high-performance and high-security application systems. The fundamental architectures of the product, the design/development tools, and workflows for the devices have progressively grown in sophistication to incorporate ever more advanced security features necessary for the task.
It should be noted that any AT features enabled at the FPGA-level should always be part of an overall system-level AT solution. The features and techniques outlined in this article will provide for a very good “AT umbrella” for the FPGA itself; however, AT is most effective when it is part of a multi-layer approach developed with the entire system in mind.
Remember, no single AT feature or technique is going to be 100% effective all of the time or solve all your AT needs for the entire system. However, making the adversary’s job as difficult (and expensive) as possible and following a layered approach will almost always yield very good (if not excellent) results.
This article was written by Ed Peterson, Senior Staff Applications Engineer, Xilinx Inc. (San Jose, CA). For more information, visit http://info.hotims.com/40434-500.
本视频基于Xilinx公司的Artix-7FPGA器件以及各种丰富的入门和进阶外设,提供了一些典型的工程实例,帮助读者从FPGA基础知识、逻辑设计概念
本课程为“从零开始大战FPGA”系列课程的基础篇。课程通俗易懂、逻辑性强、示例丰富,课程中尤其强调在设计过程中对“时序”和“逻辑”的把控,以及硬件描述语言与硬件电路相对应的“
课程中首先会给大家讲解在企业中一般数字电路从算法到流片这整个过程中会涉及到哪些流程,都分别使用什么工具,以及其中每个流程都分别做了
@2003-2020 中国电子顶级开发网