Forum Discussion

Altera_Forum's avatar
Altera_Forum
Icon for Honored Contributor rankHonored Contributor
14 years ago

Protecting FPGA Configuration?

Hi everyone,

I'm a hobbyist who is considering bringing a product to market and I have a few questions in regards to protecting IP I create.

Due to the market I am targeting, the Cyclone series FPGA's appear to be the best fit, however the don't seem to have any way to directly protect configuration file during transfer from the config device.

One solution I found was that using a 1-wire (or other interface) challenge-response chip. However, this relies on a master key being stored internally on the FPGA, and as far as I'm aware the Cyclone series does not offer internal non-volatile memory.

Do I understand the above problem properly? And what are the ways of storing the key while keeping it protected?

Also, are there any other methods of protected the configuration I should look into?

Thanks!

2 Replies

  • Altera_Forum's avatar
    Altera_Forum
    Icon for Honored Contributor rankHonored Contributor
    14 years ago

    You are correct; the 1-wire SAMs will not protect your IP -- that is unless you use a part that can be programmed with an encrypted stream, in which case the SAM may or may not be needed.

    You best bet is to move up to an Arria II GX - I believe that is the cheapest part that does support encrypted config streams. The Cy III does offer that feature, but only on the LS parts, which I believe are more expensive.

    The Cy V claims to implement security, but the chips are still in the vapor phase and have not materialized yet.
  • Altera_Forum's avatar
    Altera_Forum
    Icon for Honored Contributor rankHonored Contributor
    14 years ago

    It depends on what you want to protect and why. If you just want to prevent people from copying your design or reverse-engineer it, it may not be necessary to encrypt the configuration. AFAIK it isn't possible (or must be very hard) to reconstruct a full HDL design from the EPCS stream. It may be enough to use the challenge-response chip at run time, using a special HDL component that interrogates that chip and enables the rest of the FPGA only if it gets the correct answer. If the key is stored in FPGA registers and not in a memory block it will be very hard to extract from the EPCS stream.