Bitstream Encryption; Aes Overview - Xilinx Virtex-4 Configuration User Manual

Fpga

Hide thumbs Also See for Virtex-4:

User manual (339 pages)

User manual (176 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

page of 114

/ 114
Contents
Table of Contents
Bookmarks

Table of Contents

INIT_B

DONE

Bitstream Encryption

Virtex-4 devices have on-chip AES (Advanced Encryption Standard) decryption logic to

provide a high degree of design security. Without knowledge of the encryption key,

potential pirates cannot analyze an externally intercepted bitstream to understand or clone

the design. Encrypted Virtex-4 designs cannot be copied or reverse-engineered.

The Virtex-4 AES system consists of software-based bitstream encryption and on-chip

bitstream decryption with dedicated memory for storing the encryption key. Using the

Xilinx ISE software, the user generates the encryption key and the encrypted bitstream.

During configuration, the Virtex-4 device performs the reverse operation, decrypting the

incoming bitstream. The Virtex-4 AES encryption logic uses a 256-bit encryption key.

The on-chip AES decryption logic cannot be used for any purpose other than bitstream

decryption; i.e., the AES decryption logic is not available to the user design and cannot be

used to decrypt any data other than the configuration bitstream.

Virtex-4 devices store the encryption key internally in dedicated RAM, backed up by a

small externally connected battery. The encryption key can only be programmed onto the

device through the JTAG interface; once programmed, it is not possible to read the

encryption key out of the device through JTAG or any other means.

ICAP is not supported with an encrypted bitstream in the LX, SX, and FX12 devices.

AES Overview

The Virtex-4 encryption system uses the Advanced Encryption Standard (AES) encryption

algorithm. AES is an official standard supported by the National Institute of Standards and

Technology (NIST) and the U.S. Department of Commerce

(http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf).

The Virtex-4 AES encryption system uses a 256-bit encryption key (the alternate key

lengths of 128- and 192- bits described by NIST are not implemented) to encrypt or decrypt

blocks of 128 bits of data at a time. According to NIST, there are 1.1 x 10

combinations for a 256-bit key.

Symmetric encryption algorithms such as AES use the same key for encryption and

decryption. The security of the data is therefore dependent on the secrecy of the key.

Virtex-4 FPGA Configuration User Guide

UG071 (v1.12) June 2, 2017

POR

GWE

GTS

EOS

CCLK

Initialization

Configuration

Figure 1-11: Configuration Signal Sequencing (Default Startup Settings)

www.xilinx.com

Bitstream Encryption

End of Bitstream

Startup

ug071_11_080305

possible key

Table of Contents

Bitstream Encryption; Aes Overview - Xilinx Virtex-4 Configuration User Manual

Bitstream Encryption

AES Overview

Related Manuals for Xilinx Virtex-4

Related Content for Xilinx Virtex-4

Table of Contents