Honored ContributorI' am looking for a possibility to encrypt our design. I' am using Cyclone II in configuration mode PS. A Microcontroller uploads the Firmware as a .rbf file.
Does anybody know how to encrypt a .rbf file? Is it difficult reverse the .rbf bitstream and to figure out the VHDL code. Thanks for you help!
Honored ContributorYou can not encrypt the bitstreams for a cyclone II. You have to go to some of the Stratix series and Arria II GX series to get the encryption. In general i believe a bitstream file is worthless if you are trying to get the code out of it, but useful if someone were looking to copy your hardware and then run your software(fpga file) on it. Technically you could retreive a functional diagram of the whole IC from the bitstream, if you knew the format of the bitstream that is, which i believe is propriatary, but it would be hard to do anyhting with that. That being said, there are other things you can do to make the knowlege of a bitstream file worthless if someone were to copy your hardware and steal your bitstream.
Some links that may be helpful: http://www.altera.com/support/refdesigns/sys-sol/indust_mil/ref-des-secur.html?gsa_pos=1&wt.oss_r=1&wt.oss=design%20security http://www.altera.com/products/devices/stratix-fpgas/stratix-ii/stratix-ii/features/security/st2-security.htmlHonored ContributorThanks for the answer. Do you know anything about "Design Security Using the IFF Concept". I found a white paper which describes how to protect the FPGA design just with a simple IC from Dallas Semiconductors and and IP core called SHA-1 IFF Engine. Do you know where to get the code for the SHA-1 IFF Engine. Please find attached the Altera white paper. Thanks!
Honored ContributorFirst, you have to sign an NDA with Dallas to get the full datasheet for the IC. You can view an abridged version online, which should be enough to get you started. It is a pretty simple 1-wire interface, which i believe this from opencores will work :
http://opencores.org/projects.cgi/web/opb_onewire/overview And a few SHA cores from opencores: http://opencores.org/projects.cgi/web/sha_core/overview http://opencores.org/projects.cgi/web/sha1/overview Merge the interface and the encryption core together and add some control around them and you have your protection. You can also implement what is in the Maxim part in a MaxII or the like if you already have one on the board, just make sure you have enough logic elements in the maxII to do the encryption. I think altera provides a reference design to do it that way, but i have not requested to view it yet.Honored ContributorHello.
Can you tell me what country you are located in? What your intent is with this encryption? Your citizenship? If you wish to reply just to me you can use the system to do that, if you prefer.Honored ContributorI don't see how that is pertinent. We are discussing reference designs from Altera's website. Can you shed some light on the relevance of either of our countries of origin?
Honored ContributorThanks for the help.
I' am located in UK and my citizenship is German. We want to send one of our products (digital camera) to a competitor….we have to because one of our customers wants that they integrate our camera in their product. Because we upload the firmware to the FPGA per .rbf, we want to encrypt the firmware because it’s quite likely that they copy the design.Honored ContributorAnswering kbs972;
There are restrictions on release of cetain types of encryption information here in the U.S.A. that are controlled by ITAR. Some reference designs show generic methods for achieving the desired effect. Some companies my not be allow to export that information, but may be able to provide it within the country you are located, based on how they apply for, and release that information to you. Sasushi1; Dallas Semiconductor was aquired by Maxim Semi, and may still offer the product listed above. Check with them - the one wire interface is pretty good, and only takes 1 I/O pin (as the name implies). As kbs972 very corretly points out, you will not be able to protect (encrypt) the .rbt file as the Cyclone device has no means of decrypting it. Good luck with your efforts.
