cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mselke
Observer
Observer
437 Views
Registered: ‎09-02-2020

IP Cores Soup

Hi all,

we are developing a FPGA in an medical device. And now we have some questions concerning IP cores and Soups (Software of unknown provenance). Should IP cores specially those provided by Xilinx be treated as a Soup. And if yes is it possible to search for known vulnerabilites in an  database like https://nvd.nist.gov/products/cpe/search. I only find classic software stuff in this database. But the regulatories tell us that we have to search for CVE because of cybersecurity. 

 

Regards

Manuel

0 Kudos
5 Replies
dpaul24
Scholar
Scholar
415 Views
Registered: ‎08-07-2014

@mselke ,

I do not think something like that exists. There are also IP cores which contains bugs (problem reproducible only if formal verification is carried out).

This Disclaimer from Xilinx maybe interesting to you (it is there is all Xilinx IP cores).

-- CRITICAL APPLICATIONS
-- Xilinx products are not designed or intended to be fail-
-- safe, or for use in any application requiring fail-safe
-- performance, such as life-support or safety devices or
-- systems, Class III medical devices, nuclear facilities,
-- applications related to the deployment of airbags, or any
-- other applications that could lead to death, personal
-- injury, or severe property or environmental damage
-- (individually and collectively, "Critical
-- Applications"). Customer assumes the sole risk and
-- liability of any use of Xilinx products in Critical
-- Applications, subject only to applicable laws and
-- regulations governing limitations on product liability.

I really think you should talk to your local FAE to find out any vulnerabilities for the Xilinx IP core you intend to use. These things are not discussed here freely.

------------FPGA enthusiast------------
Consider giving "Kudos" if you like my answer. Please mark my post "Accept as solution" if my answer has solved your problem
Asking for solutions to problems via PM will be ignored.

drjohnsmith
Teacher
Teacher
408 Views
Registered: ‎07-09-2009

Does FPGA code count as software as far as the regulators are concerned ?

 

<== If this was helpful, please feel free to give Kudos, and close if it answers your question ==>
mselke
Observer
Observer
401 Views
Registered: ‎09-02-2020

First of all, thank you for your fast response.

Does FPGA code count as software as far as the regulators are concerned ?

       Thats really the question. My point of view is, that FPGA code is no software, since we are describing hardware in the end. And if you ask as Auditor concerning this topic they often don't really know what an FPGA is about. Therefore we are a bit confused how to handle ip cores. Neverthless we have to test all ip cores related to their funtionality. 

0 Kudos
dpaul24
Scholar
Scholar
369 Views
Registered: ‎08-07-2014

@mselke ,

Is it just for the Audit?

As an engineer if a piece of IP core is used in an FPGA for a device which is to be used for mission critical applications I would be more concerned about its functionality, stability and likelyhood of failure under varied circumstances. And to have these info, they need to be extensively tested in silicon at the concerned area of application.

------------FPGA enthusiast------------
Consider giving "Kudos" if you like my answer. Please mark my post "Accept as solution" if my answer has solved your problem
Asking for solutions to problems via PM will be ignored.

0 Kudos
mselke
Observer
Observer
361 Views
Registered: ‎09-02-2020

As engineer I totally agree with you. The application has to be safe and stable and therefore is has to be tested intense. But nevertheless we have to fullfill the regulatories, otherwise the product can never be put into the field.

0 Kudos