FPGA designs are vulnerable to design theft because configuration bitstreams can be easily captured and copied. FPGAs are more vulnerable to cloning of the entire design rather than to intellectual property (IP) theft, since extracting IP from the bitstream is nearly impossible. To protect the configuration bitstream, some FPGAs are now capable of encrypting the bitstream. However, there is a high cost for encrypting the configuration bitstream due to the additional step of programming the encryption key in the FPGA during manufacturing. For high-volume applications, using a security companion chip is much more cost effective.
This reference design provides a solution to help protect FPGA designs from being cloned. Using the “identification, friend or foe” (IFF) design security approach, this solution disables the design within the FPGA until the hash algorithm computation matches in both the FPGA and a secure memory device, so the design remains secure even if the configuration data bitstream is captured.
- Hash Algorithm (SHA-1) encryption core