Ti60 Security Feature

The Ti60 FPGA security feature1 includes:

  • Intellectual property protection using bitstream encryption with the AES-GCM-256 algorithm
  • Anti-tampering support using asymmetric bitstream authentication with the RSA-4096 algorithm
Important: You cannot enable the Ti60 FPGA security features when using compressed bitstreams.

You can enable encryption, authentication, or both. You enable the security features at the project level.

Figure 1. Security Flow

Attention: Refer to the "Securing Titanium Bitstreams" section of the "Configuring an FPGA" chapter in the Efinity Software User Guide for instructions on how to enable these features.

Bitstream Encryption

Symmetric bitstream encryption uses a 256-bit key and the AES-GCM-256 algorithm. You create the key and then use it to encrypt the bitstream. You also need to store the key into the FPGA's fuses. During configuration, the Ti60 built-in AES-GCM-256 engine decrypts the encrypted configuration bitstream using the stored key. Without the correct key, the bitstream decryption process cannot recover the original bitstream.

Bitstream Authentication

For bitstream authentication, you use a public/private key pair and the RSA-4096 algorithm. You create a public/private key pair and sign the bitstream with the private key. Then, you save a hashed version of the public key into fuses in the FPGA. During configuration, the FPGA validates the signature on the bitstream using the public key.

If the signature is valid, the FPGA knows that the bitstream came from a trusted source and has not been altered by a third party. The FPGA continues configuring normally and goes into user mode. If the signature is invalid, the FPGA stops configuration and does not go into user mode.

The private key remains on your computer and is not shared with anyone. The FPGA only has the public key: the bitstream contains the public key data and a signature, while the fuses contain a hashed public key. You can only sign the bitstream with the private key. An attacker cannot re-sign a tampered bitstream without the private key.

Disabling JTAG Access

Ti60 FPGA's support JTAG blocking, which disables JTAG access to the FPGA by blowing a fuse. Once the fuse is blown, you cannot perform any JTAG operation except for reading the FPGA IDCODE, reading DEVICE_STATUS, using SAMPLE/PRELOAD, and enabling BYPASS mode. To fully secure the FPGA, you must blow the JTAG fuse.

Important: Once you disable JTAG by blowing the fuse, however, you cannot use JTAG ever again in that FPGA (except for IDCODE, DEVICE_STATUS, SAMPLE/PRELOAD, and BYPASS). So blowing this fuse should be the very last step in your manufacturing process.

Fuse Programming Requirements

Important: These requirements apply to:
  • All V64, F100, and F256 packages
  • F100S3F2 and F225 packages with the letter S in the lot number
Ti60 FPGAs in F100S3F2 and F225 packages that do not have the letter S in the lot number do not have these requirements.
Important: The VQPS supply current requires a minimum of 100 mA.
To program the security fuses in FPGA, follow these requirements:
  • During fuse programming, avoid device configuration and other JTAG operations that are not related to fuse programming.
  • Ramp up the VQPS pin only after all other power supplies have ramped to their nominal voltages. The VQPS ramp rate follows the requirements shown in Table 3.
  • After powering up the VQPS pin, wait for a minimum of 10 ms before issuing JTAG instructions for fuse programming.
  • After completing fuse programming through JTAG, wait for a minimum of 10 ms before powering down the VQPS pin.
  • If required, other power supplies can be powered down only after the VQPS pin has been powered down below 25% of its nominal voltage level.
Figure 2. Fuse Programming Waveform
This waveform assumes you are using an SVF file generated with the Efinity Bitstream Security Key Generator.
Important: The SPI bus must be inactive during fuse programming.
The EXT_CONFIG_CLK pin must be inactive during fuse programming.
Notice: Refer to the "Securing Bitstreams" section in the Efinity Programmer User Guide.
Refer to AN 057: Controlling VQPS with the Efinity SVF Player for more details about fuse programming.
1 The security feature is not supported for W64 packages. See PCN-2405-002 for details.