Forum Discussion

MVanM's avatar
MVanM
Icon for New Contributor rankNew Contributor
6 years ago

Can I use design security feature to decrypt different bitfiles encrypted with the same key

The manual for the design security feature states that it is possible to program an AES key into the FPGA in order to be able to decrypt encrypted bitfiles. When looking at the manual I see the follo...
ShafiqY_Intel's avatar
ShafiqY_Intel
Icon for Frequent Contributor rankFrequent Contributor
6 years ago

Hi,

Any changes in design (small changes or big changes) cause the bitstream in sof change. This make new sof file (new changes in design) different to previous sof file.

Usually, design security features is used when your design is in the final stage (final design and ready for production).

If any bug/error in future, decrypt the previous design. Generate a new key and program the new design.

I think the design security features is straight forward and not complicated.

I hope this will make you much clear.

Thanks😉

  • MVanM's avatar
    MVanM
    Icon for New Contributor rankNew Contributor
    6 years ago

    Hi

    But if you program a non-volatile key it cannot be changed anymore. So generating a new key is not an option for boards with the key already programmed into the fpga. To be 100% clear. Assume the following steps:

    1. Create .sof file
    2. Create .ekp and encrypted .sof (.rbf) by supplying KEY and .sof file
    3. Program non-volatile key into fuse on fpga using .ekp file
    4. FPGA can now decrypt the encrypted design (.rbf) using the programmed key.
    5. Decide a small change in design is needed
    6. Generate a new .sof file with design changes.
    7. Encrypt the new .sof file with original KEY
    8. FPGA cannot decrypt the new encrypted configuration (.rbf)?

    This would make it completely impossible to do an upgrade in the field.