cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alekos2313
Visitor
Visitor
1,377 Views
Registered: ‎10-19-2018

Spartan 6 copy protection options

Jump to solution

Hello all,

I am new to FPGA, and I have worked with Spartan-6 for my project.

I am now trying to figure out what are my options for protecting my design. I went through doc UG380,

and I am a little confused with my options. For configuration the final board will use a simple external SPI flash, not sure if it will be Slave or Master mode. What I need to know is what are the options for protecting the bitstream from copy in small Spartan 6 devices XC6SLX9. I am under the impression that only the large devices in the family support encryption, but maybe this is wrong. Also, from what I know from microcontrollers, the most common way is to programm fusebits, that lock jtag and any form of read/verify commands, and only allow erase and overwrite. But this would not be enough in this FPGA, since the bitstream can be duplicated from the external flash. So I guess I need to use some Spartan6 feature or IP core ? I am pretty confused,

please give me a simple presentation of my options here.

 

Thank you

Alex

0 Kudos
1 Solution

Accepted Solutions
ddn
Moderator
Moderator
1,326 Views
Registered: ‎06-06-2018

Hi @alekos2313,

Yes your device does not have encryption option.

Device DNA  means a unique ID for each FPGA will be generated and is permanently programmed into the FPGA. 

Function of Device DNA : Prevent the design from operating (or operate in a limited manner) if unique identifier is not recognized.

For example : If someone steal your bistream and tries to configure his FPGA, then it will not happen, because unique identifier is not recognized.

Note : in general device DNA will be present for every device, but still bitstream can be read back.

For your case, please set security option to "level 1" and persist to "no". 

Note : for flash we dont have any control. anybody can readback from flash. 

Try referring this XAPP780, which may help you.

Regards,

Deepak D N

--------------------------------------------------------------------------------------------

Please Reply or give kudo or Mark it as an Accepted Solution.

--------------------------------------------------------------------------------------------

Regards,
Deepak D N
---------------------------------------------------------------------------
Please Kudo and Accept as a Solution, If it helps.
---------------------------------------------------------------------------

View solution in original post

0 Kudos
3 Replies
ddn
Moderator
Moderator
1,366 Views
Registered: ‎06-06-2018

Hi @alekos2313,

I found this below information from page 21 of UG380 (v2.10).

S6.JPG  

To protect the bitstream from FPGA has well as from Flash, AES is the best and effective way to protect the bitstream. Since if anybody reads back from flash also bitstream will be encrypted and it will be of no use. 

 

Other options are, if you doing readback through JTAG, keep the Security option to LEVEL1 in bitstream setting.

                              if you doing readback through selectMAP, keep persist option to No. 

Regards,

Deepak D N

-----------------------------------------------------------------------------------------------

Please reply or give kudo or mark it as an Accepted Solution.

-----------------------------------------------------------------------------------------------

Regards,
Deepak D N
---------------------------------------------------------------------------
Please Kudo and Accept as a Solution, If it helps.
---------------------------------------------------------------------------
0 Kudos
alekos2313
Visitor
Visitor
1,354 Views
Registered: ‎10-19-2018

Hello, thank you for a fast and good answer.

So to verify that I got  it, in smaller devices like mine(XC6SLX9) encryption is not supported, but the unique device id  is used to create unique bitstreams that are only working on the device that they were designed for. Is that correct?

If so, then where can I look for application note + examples? I imagine that there are tools

that can help in upgrades too. For example, If I programm 10 devices, each with same bitstream (except for the authentication part) then how would I update them with a new firmware in the future?  will I need to bring all 10 devices in my lab and create a new bitstream for each? or is the authentication part somehow separated and maintained for future use and upgrades?

 

Thank you,

Alex

0 Kudos
ddn
Moderator
Moderator
1,327 Views
Registered: ‎06-06-2018

Hi @alekos2313,

Yes your device does not have encryption option.

Device DNA  means a unique ID for each FPGA will be generated and is permanently programmed into the FPGA. 

Function of Device DNA : Prevent the design from operating (or operate in a limited manner) if unique identifier is not recognized.

For example : If someone steal your bistream and tries to configure his FPGA, then it will not happen, because unique identifier is not recognized.

Note : in general device DNA will be present for every device, but still bitstream can be read back.

For your case, please set security option to "level 1" and persist to "no". 

Note : for flash we dont have any control. anybody can readback from flash. 

Try referring this XAPP780, which may help you.

Regards,

Deepak D N

--------------------------------------------------------------------------------------------

Please Reply or give kudo or Mark it as an Accepted Solution.

--------------------------------------------------------------------------------------------

Regards,
Deepak D N
---------------------------------------------------------------------------
Please Kudo and Accept as a Solution, If it helps.
---------------------------------------------------------------------------

View solution in original post

0 Kudos