Versions Compared

Version Old Version 1 New Version 2
Changes made by

pnguon

pnguon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Anchor
__RefHeading___Toc35526_1873428968
__RefHeading___Toc35526_1873428968
Anchor
__RefHeading___Toc2349_398937247
__RefHeading___Toc2349_398937247

...

Application Note

NG-ULTRA

bitstream loading security

Ver 1.0.0

Jan 2022

Anchor
_Toc45006642
_Toc45006642
Anchor
_Toc43114709
_Toc43114709
Anchor
_Toc95124977
_Toc95124977
Table of Content

Table of Contents


Anchor
_Toc65850488
_Toc65850488
Anchor
_Toc94023494
_Toc94023494
Anchor
_Toc94886418
_Toc94886418
Anchor
_Toc95124978
_Toc95124978
Release Notes

Anchor
_Toc65850490
_Toc65850490
Anchor
_Toc94023496
_Toc94023496
Anchor
_Toc94886419
_Toc94886419
Anchor
_Toc95124979
_Toc95124979
Document History

Revision

Date

Editor

Modification

1.0.0

04/02/2022

PN

Initial Document

Anchor
_Toc65850492
_Toc65850492
Anchor
_Toc94023498
_Toc94023498
Anchor
_Toc94886420
_Toc94886420
Anchor
_Toc95124980
_Toc95124980
Related documentation

Reference

Description

Version

RD1

NG-ULTRA_BringUp_UserGuideV1.3

V1.3

RD2

NG_ULTRA_BitstreamLoadingSecurity_v1.0.0 package

V1.0.0

RD3

NxBase2_v2.5.1-UL1

V2.5.1

Anchor
_Toc65850493
_Toc65850493
Anchor
_Toc94023499
_Toc94023499
Anchor
_Toc94886421
_Toc94886421
Anchor
_Toc95124981
_Toc95124981
Acronyms

Acronyms

Description

ASW

Application Software

BL0

Boot Loader stage 0

BL1

Boot Loader stage 1

BSM

Bitstream Manager

CMIC

Configuration Memory Integrity Check

CTR

Counter mode for block encryption

DMA

Direct Memory Access

DSP

Digital Signal Processor

eROM

embedded ROM

OTP

One Time Programmable (memory)

ROM

Read Only Memory

SoC

System on Chip

SPI

Serial Peripheral Interface

SPW

SpaceWire

TCM

Tightly Coupled Memory

TMR

Triplar Modular Redundancy


Anchor
_Toc95124982
_Toc95124982
Summary

This application note, the reference designs and the associated scripts are intended to show NG-ULTRA FPGA bitstream loading security

Anchor
_Toc45006644
_Toc45006644
Anchor
_Toc43114711
_Toc43114711
Anchor
_Toc473223074
_Toc473223074
process.

Anchor
_Toc95124983
_Toc95124983
Introduction

The NG-ULTRA component is composed of a large embedded FPGA and a digital processor subsystem based on ARM Cortex R52 cores. The bitstream manager (BSM) manages the FPGA fabric configuration.

Image RemovedImage Added

Fig 1 – NG-ULTRA bloc diagram

...

NG-ULTRA FPGA bitstream security is managed through the implementation of encryption mechanisms applied to the data to be protected. Security function that encodes a digital data using a secret encryption key, making the encoded data unintelligible unless it is decoded using a decryption key.

Anchor
_Toc45006645
_Toc45006645
Anchor
_Toc43114712
_Toc43114712
Anchor
_Toc473223075
_Toc473223075


Anchor
_Toc95124984
_Toc95124984
Test environment

Anchor
_Toc95124985
_Toc95124985
Tools

Hardware:

NG-ULTRA Bring-up board

...

  • Nxmap

  • Nxbase2

  • Security loader test package tools reference designs, scripts and binary files

Anchor
_Toc95124986
_Toc95124986
Install plugins NXBASE2 full options

Please install the plugins full options to enable the loading of BTS file with NxBase2.

...

  • nxbase2_cli/plugins

  • nxbase2_cli/nxbase2/plugins

Anchor
_Toc95124987
_Toc95124987
Bring-up board set up

Bypass mode

Mode useful to test and debug, to bypass all security process.

...

Name

Jumper

Value

Comment

MODE1

MODE0

J43

J42

0

0

Mode Normal 0

FPGA: JTAG

SOC: SPW, SPI Flash, UART

MODE1

MODE0

J43

J42

0

1

Mode Normal 1

FPGA: SL_PAR_16, JTAG

SOC: SPW, SPI Flash, UART

MODE1

MODE0

J43

J42

1

0

Mode FPGA only

FPGA: SL_PAR_16, JTAG

MODE1

MODE0

J43

J42

1

1

Mode Test

Tab 3 – Configuration mode selection

...

Note: At power ON, all voltage LEDs have to be lighted.

Anchor
_Toc56534199
_Toc56534199


Bring-up board user GPIOs

...

Note: User GPIOs are activated low


Anchor
_Toc95124988
_Toc95124988
Bitstream download process

To configure the fabric, the BSM uses rows of drivers. Each driver row manages a subset of logical rows. Each driver row is managed by a Loader module. This Loader module includes all FSM to access to configuration memory.

...

A bitstream is a collection of Frames. Each frame as a header and a body. Frame header is a 32b word protected by EDAC. A bitstream includes 2 CRC, Frame CRC that checks the integrity of each fabric configuration frame and Bitstream CRC that checks the integrity of the whole bitstream.

Image RemovedImage Added

Fig 2 – BSM bloc diagram

...

Test_001 is an example of loading a non-encrypted bitstream with security mode enabled and disabled.

Anchor
_Toc95124989
_Toc95124989
Loader OTP memory

The loader OTP stores security related data such as keys, seeds for key generation, identifier, anti-rollback counter, secure mode configuration.

...

Test_004 dump the OTP memory.


Anchor
_Toc95124990
_Toc95124990
Lifecycles

The lifecycle value is stored in the OTP memory. It determines the bitstream configuration interface and the type of BSM accesses authorized and the type of bitstream (crypted or encrypted).

...

Note: The direct access is proceeded by direct engine with BTS file and the frame access is proceeded by frame engine with BBS or NXB file.

Anchor
_Ref73367981
_Ref73367981
Anchor
_Toc73947451
_Toc73947451
Anchor
_Toc95124991
_Toc95124991
Anti-Rollback

A cyphered bitstream contains the rollback counter. Deciphering engine compares it to the anti-rollback counter stored into the OTP memory. The check algorithm depends of the life-cycle.

...

Test_005 program the security data, lifecycle data, encryption keys and anti-rollback counter.


Anchor
_Toc95124992
_Toc95124992
Bitstream encryption

Depending on the lifecycle, the encryption must be used to properly load a bitstream.

...