08-23-2018 05:40 AM - edited 08-23-2018 05:45 AM
I wish to provide a design that can be re-sythesised for different target devices, but rather not have the design reverse engineered, can I provide only the .NCD file to the syntesis and implementation tool ?
Is the PROM file then 100% safe against reverse engineering when one provides the .NCD?
I thank our the community for any help
08-23-2018 07:10 AM
Nothing short of using encryption is secure. IEEE P1735 is the standard, but recently it has been shown to vulnerabilities. Still your best bet as it is supported in the most recent CAD tools. I would check if any of the vulnerabilities are a concern for you:
Suggest you contact your Xilinx distributor and ask if Xilinx implantation is vulnerable, as the worst hack depends on how it is implemented in the CAD tool (Vivado).
08-23-2018 07:11 AM
If you are using Vivado, the IP can be packaged with encrypted HDL files. That is how the licensed Xilinx IP are shipped.
Check out UG1118 (Chapter 6) and UG1119:
08-23-2018 01:38 PM - edited 08-23-2018 01:45 PM
Well done I am going to use that IP packager its a great think it exists thanks for bringing it to my attention
Thank both of you for the insights i'm now relieved we are able to do that
08-23-2018 07:36 PM
'There is no security in obscurity.'
Reverse engineering a NCD file is pretty trivial -- like I said, encryption is the only way to secure your IP.
08-24-2018 01:47 PM - edited 08-24-2018 02:27 PM
Thansk for your reply Alesea
Is the solution that Tedbooth mentionned in the post right after yours that packaging the IP is sufficient
I suppose the vulnerabilities you mentionned dont apply there? I was just thinking to ask your opinion because you brough valuable insights
Thanks Tedbooth for the link I open in Vivado tools/settings/IP/Packaging then it created a package in "ip_repo" but I cannot find it and when I create a new project then and want to import the packaged design it does not find it either
08-24-2018 03:01 PM
It appears one of the vulnerabilities is related to non-encrypted content of the IP (feature of the standard) which you may avoid using, but the other vulnerability is the CAD tool choice of the AES CBC IV, which is something you need to ask Xilinx about.
Personally, I would just use it as recommended. I would also ask Xilinx what their view is on the vulnerability of their implementation is (you need to call your distributor to ask).
08-24-2018 03:05 PM
Packaging an IP can take a bit of effort to figure out. Take a look at UG1119 (link above). It is an IP Packaging tutorial. It likely does not cover encryption, but it will introduce you to IP packaging. Once you are up to speed on that, then you can investigate the encryption step.
08-30-2018 12:16 PM
I am going to try the Packaging - I am going to follow the instructions given by the UG1119 thanks tedbooth
I intend to come back here to give feedback in a few days (I am finishing this week the block that want to package)
09-08-2018 05:43 AM - edited 04-11-2019 05:15 AM
My client paid 6500$ XCKU115-1FLVA1517I-ND and he is in another state
I promised for free to create an implementation on that target for free with an example of my work (this spares me from giving the design risking a premature disclosure of the work) I need to pay $2995 additionally for a licence to implement on my machine so I rather send the files and he can do it and its also his device with his licence
I wonder if I can padkage in a way the user can then add it to its design as black box then synthesise it on any of his targets?
All I ant is to send him then the design files and the confidential files packaged and then he can implement it with his licence for his KU115 he bought