UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Voyager
Voyager
409 Views
Registered: ‎08-16-2018

How do I protect my IP with a third party?

Jump to solution

Thinking of having a third party for hw manufacturing and even assembly and shipping. I will have to provide the configuration files. I may trust the third party and sign whatever necessary, yes, but "leaks" do exist, how can I prevent all my effort and investor's risk not ending up in lower cost copies?

I have thought of sending an SD card to the customers but anyways there could be some "customers" just interested in the config to clone it.

0 Kudos
1 Solution

Accepted Solutions
Xilinx Employee
Xilinx Employee
350 Views
Registered: ‎08-10-2008

回复: How do I protect my IP with a third party?

Jump to solution

If the end customer would accept that they need to program the key into FPGA by themselves, then yes, it's applicable. You can first ask anyone to program the encrypted config image into SPI or BPI, and then provide the key only to the end customer.

Anyhow this brings in another issue: the key can only be programmed into FPGA through JTAG port (with a supported Xilinx programming cable), which means, you will need to leave JTAG port open on the board. Well in most cases, an open JTAG port means FPGA is open. Though Xilinx provides settings to disable readback from JTAG port, still many customers would not like to leave JTAG open in the production board.

Please take a look at xapp1267, Xilinx provides some combinations to secure FPGA bit. Check if you are interested in any of them and we can then discuss. 

 

------------------------------------------------------------------------------------------------------------
Don't forget to reply, kudo, and accept as solution.
---------------------------------------------------------------------------------------------------------
4 Replies
Xilinx Employee
Xilinx Employee
369 Views
Registered: ‎08-10-2008

回复: How do I protect my IP with a third party?

Jump to solution

If you can have the HW board beforehand, you may consider programing the FPGA with AES keys by yourself. Then you only need to provide encrypted bitstreams. Without the keys, the config bits are useless.

------------------------------------------------------------------------------------------------------------
Don't forget to reply, kudo, and accept as solution.
---------------------------------------------------------------------------------------------------------
Voyager
Voyager
356 Views
Registered: ‎08-16-2018

回复: How do I protect my IP with a third party?

Jump to solution

@iguo

That's interesting but if we, the IP owners, have to configure the boards that would imply an extra shipping steps, customs clearance, etc. which isn't desirable.

Taking your idea, would it be possible to send encrypted bitstreams to flash the memory while keeping the key, then supplying that key to the customer?

There is also the potential issue of sending encrypted files, I think the only country who bans that is US, that wouldn't affect us.

Xilinx Employee
Xilinx Employee
351 Views
Registered: ‎08-10-2008

回复: How do I protect my IP with a third party?

Jump to solution

If the end customer would accept that they need to program the key into FPGA by themselves, then yes, it's applicable. You can first ask anyone to program the encrypted config image into SPI or BPI, and then provide the key only to the end customer.

Anyhow this brings in another issue: the key can only be programmed into FPGA through JTAG port (with a supported Xilinx programming cable), which means, you will need to leave JTAG port open on the board. Well in most cases, an open JTAG port means FPGA is open. Though Xilinx provides settings to disable readback from JTAG port, still many customers would not like to leave JTAG open in the production board.

Please take a look at xapp1267, Xilinx provides some combinations to secure FPGA bit. Check if you are interested in any of them and we can then discuss. 

 

------------------------------------------------------------------------------------------------------------
Don't forget to reply, kudo, and accept as solution.
---------------------------------------------------------------------------------------------------------
Voyager
Voyager
343 Views
Registered: ‎08-16-2018

回复: How do I protect my IP with a third party?

Jump to solution

Interesting points. Unfortunately, some customers will be complete tech noobs so letting them playing with JTAG seems to be over the top...

It looks like for a complete protection it is mandatory to get hold of the hardware which is one of the things we prefer to avoid.

I recently worked with dual boot, maybe is possible to have a master configuration that just communicates with a host computer (this is to work with a PC anyways), asks for the key and then enables the encrypted configuration and disables the JTAG port (?)

Need to dive deeper on that, these are new waters for me... thanks for your pointers.

0 Kudos