UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer
Explorer
592 Views
Registered: ‎08-31-2016

Disable bitstream file read back in Vivado

Jump to solution

Hi,

I want to protect my bit stream file from being Read back through JTAG or any other way. 

Is there any bit stream file security settings in vivado?

Regards,

Vinay

Vinay Shenoy
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Xilinx Employee
Xilinx Employee
513 Views
Registered: ‎06-06-2018

Re: Disable bitstream file read back in Vivado

Jump to solution

Hi @vinay_shenoy,

No there are no loop holes in both as concerned to readback from FPGA.

Basic setting to avoid Readback is  setting "BITSTREAM.READBACK.SECURITY"  to  Level1 or Level 2 based on your requirement.

Encryption (AES) is an advanced method of disabling the readback. here a 256 bit key will be generated for the bitstream. After the device has been programmed with the correct encryption key, the device can be configured with an encrypted bitstream. After configuration with an encrypted bitstream, it is not possible to read the configuration memory through JTAG or SelectMAP readback, regardless of the bitstream security setting.

 

Note : But we don't have control over the Flash or PROM. if the hacker, hacks the Bitstream through flash, there comes the importance of encryption.And encrypted bitstream will be of no use to hacker. 

Regards,

Deepak D N

-------------------------------------------------------------------------------------------------------------------------------------------

Please reply or give kudo or Mark it as an Accepted Solution.

-------------------------------------------------------------------------------------------------------------------------------------------

7 Replies
Xilinx Employee
Xilinx Employee
589 Views
Registered: ‎06-06-2018

Re: Disable bitstream file read back in Vivado

Jump to solution

Hi @vinay_shenoy,

readback.JPG

 

you can set this option in Bitstream settings to disable the readback. Please refer UG908 for more information. And also disable Persist option in Bistream setting.

 

Hope this helps.

 

Regards,

Deepak D N

--------------------------------------------------------------------------------------------

Please Reply or Give Kudo or Mark it as an accepted Solution.

--------------------------------------------------------------------------------------------

0 Kudos
Explorer
Explorer
573 Views
Registered: ‎08-31-2016

Re: Disable bitstream file read back in Vivado

Jump to solution

Hi @ddn,
Can you please give me more insights on highlighted stuffs in Read back settings attached.
There are couple of options under drop down menu and I need some inputs in understanding them.
What is the typical settings I've to do to disable Read back?

Also, I'd appreciate if there's any hack anyone can do to retrive the bitstream info even after disabling read back in bitstream settings.

Regards,

Vinay Shenoy

Vinay Shenoy
Readback2.PNG
0 Kudos
Scholar u4223374
Scholar
561 Views
Registered: ‎04-26-2015

Re: Disable bitstream file read back in Vivado

Jump to solution

@vinay_shenoy The obvious way to read back the bitstream is to connect to the configuration PROM directly (external on every Xilinx chip except for the Spartan 3AN and the CPLDs) and read the bitstream from that. You obviously can't disable reading the bitstream from the configuration PROM (because then the FPGA can't configure itself), and I'm pretty sure that if you can configure the chip over JTAG then you can load a bitstream that will read the contents of the configuration PROM.

 

The "fix" for this is encrypted boot. The FPGA has an internal encryption key that cannot be read back (with appropriate security settings) or changed, and the bitstream on the configuration PROM is encrypted with that key. An attacker could easily read back the bitstream, but with no way to decrypt it they're not going to get any benefit from it.

Moderator
Moderator
556 Views
Registered: ‎01-15-2008

Re: Disable bitstream file read back in Vivado

Jump to solution

readback security setting set_property BITSTREAM.READBACK.SECURITY with value of Level1 (disables readback) or Level2 (disables both readback and reconfiguration).

Incase you want to reconfigure the fpga then suggested to use level1.

we would suggest you to go with the encryption of the bitstream which should help in your case

More details on this you can refer to the following link

https://www.xilinx.com/support/documentation/application_notes/xapp1239-fpga-bitstream-encryption.pdf

https://www.xilinx.com/support/documentation/application_notes/xapp1267-encryp-efuse-program.pdf

Tags (1)
Xilinx Employee
Xilinx Employee
553 Views
Registered: ‎06-06-2018

Re: Disable bitstream file read back in Vivado

Jump to solution

Hi @vinay_shenoy,

below states the 3 options which you queried me from GUI:

1. Prevents the assertions of GHIGH and GSR during
configuration. This is required for the active partial
reconfiguration enhancement features.

2. Selects between the top and bottom ICAP ports.

3.Specifies whether to disable Readback and
Reconfiguration.
Note: Specifying Security Level1 disables Readback.
Specifying Security Level2 disables Readback and
Reconfiguration.

 

Encryption of Bitstream is also recommended.

 

Regards,

Deepak D N

--------------------------------------------------------------------------------------------------

Please reply or give kudo or Mark it as an Accepted Solution.

--------------------------------------------------------------------------------------------------

Explorer
Explorer
525 Views
Registered: ‎08-31-2016

Re: Disable bitstream file read back in Vivado

Jump to solution

@u4223374 @ddn@kkn

Hello all, Thank you for your responses!

Is there any loopholes with readback security setting BITSTREAM.READBACK.SECURITY alone?

Why do you all recommend to go with encrypting the bitstream file?

Regards,

Vinay Shenoy

 

Vinay Shenoy
0 Kudos
Highlighted
Xilinx Employee
Xilinx Employee
514 Views
Registered: ‎06-06-2018

Re: Disable bitstream file read back in Vivado

Jump to solution

Hi @vinay_shenoy,

No there are no loop holes in both as concerned to readback from FPGA.

Basic setting to avoid Readback is  setting "BITSTREAM.READBACK.SECURITY"  to  Level1 or Level 2 based on your requirement.

Encryption (AES) is an advanced method of disabling the readback. here a 256 bit key will be generated for the bitstream. After the device has been programmed with the correct encryption key, the device can be configured with an encrypted bitstream. After configuration with an encrypted bitstream, it is not possible to read the configuration memory through JTAG or SelectMAP readback, regardless of the bitstream security setting.

 

Note : But we don't have control over the Flash or PROM. if the hacker, hacks the Bitstream through flash, there comes the importance of encryption.And encrypted bitstream will be of no use to hacker. 

Regards,

Deepak D N

-------------------------------------------------------------------------------------------------------------------------------------------

Please reply or give kudo or Mark it as an Accepted Solution.

-------------------------------------------------------------------------------------------------------------------------------------------