UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Voyager
Voyager
295 Views
Registered: ‎08-16-2018

non encrypted configuration and encrypted upgrade possible?

Jump to solution

I would like to ship a product with the configuration encrypted but the flash will be written by a third party company and I don't want to deliver the key to them.

I'm thinking about delivering a bitstream with a non-encrypted 'loader' plus the encrypted application. The key will only be delivered to the customer. 

The 'loader' application will take the key from the customer and apply it to the FPGA so the upgrade can be decrypted and run.

I may still need further protection for customers not to clone it with the same key, but the question now is whether the above is feasible.

0 Kudos
1 Solution

Accepted Solutions
Moderator
Moderator
267 Views
Registered: ‎06-05-2013

Re: non encrypted configuration and encrypted upgrade possible?

Jump to solution
You can use obfuscated key without sharing the original keys with the customers/contractors.
UltraScale FPGAs enable you to load your AES key into the device in an obfuscated format. This enables you to give the obfuscated key to a contract manufacturer without having to expose your true AES-256 key to the contract manufacturer.
Refer to page#7 https://www.xilinx.com/support/documentation/application_notes/xapp1267-encryp-efuse-program.pdf
-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
2 Replies
Moderator
Moderator
268 Views
Registered: ‎06-05-2013

Re: non encrypted configuration and encrypted upgrade possible?

Jump to solution
You can use obfuscated key without sharing the original keys with the customers/contractors.
UltraScale FPGAs enable you to load your AES key into the device in an obfuscated format. This enables you to give the obfuscated key to a contract manufacturer without having to expose your true AES-256 key to the contract manufacturer.
Refer to page#7 https://www.xilinx.com/support/documentation/application_notes/xapp1267-encryp-efuse-program.pdf
-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
Voyager
Voyager
249 Views
Registered: ‎08-16-2018

Re: non encrypted configuration and encrypted upgrade possible?

Jump to solution

Seems a perfect solution. 

0 Kudos