1.2.3.3 Security

As the nonvolatile, flash-based SmartFusion cSoC family requires no boot PROM, there is no vulnerable external bitstream. SmartFusion cSoCs incorporate FlashLock^®, which provides a unique combination of reprogrammability and design security without external overhead, advantages that only a device with nonvolatile flash programming can offer.

SmartFusion cSoCs utilize a 128-bit flash-based key lock and a separate AES key to provide security for programmed IP and configuration data. The FlashROM data in Fusion devices can also be encrypted prior to loading. Additionally, the flash memory blocks can be programmed during runtime using the AES-128 block cipher encryption standard (FIPS Publication 192).

SmartFusion cSoCs with AES-based security are designed to provide protection for remote field updates over public networks, such as the Internet, and help to ensure that valuable IP remains out of the hands of system overbuilders, system cloners, and IP thieves. As an additional security measure, the FPGA configuration data of a programmed Fusion device cannot be read back, although secure design verification is possible. During design, the user controls and defines both internal and external access to the flash memory blocks.

Security, built into the FPGA fabric, is an inherent component of the SmartFusion cSoC family. The flash cells are located beneath seven metal layers, and many device design and layout techniques have been used to make invasive attacks extremely difficult. SmartFusion cSoCs, with FlashLock and AES security, are unique in being highly resistant to both invasive and noninvasive attacks. Your valuable IP is protected with industry standard security measures, making remote ISP feasible. A SmartFusion cSoC provides the highest security available for programmable logic designs.