FPGA Security Locks

The factory and user security segments holds various lock-bits. These lock-bits acts as access control bits to the security segment to which they are applied. The factory lock bits are set and locked in the factory security segments before shipping the parts. The user lock bits are set and locked in the user security segments. Some factory lock bits prohibit the same function as a user lock bit. In this case, if either one is set, the function is disabled.

The user lock bits can be temporarily unlocked using the appropriate passcode assigned to that bit. Some lock bits can only be modified by erasing or overwriting the security segment to which they belong using an encrypted and authenticated bitstream. If lock bits are unlocked using a passcode, it is just temporary until the next device reset, JTAG reset, or power-down. Any permanent change to the user security segments must come from a bitstream and take place after the reset, or at the next power-up cycle.

Although a lock bit may be referred to in the singular in this document, that is just a reference to its logical existence. All lock bits are stored with physical redundancy. The most important lock bits, from an anti-tamper perspective, also use parity bits to detect any loss of integrity. These bits are monitored continuously during run-time, and generate a tamper detection flag immediately if a tamper event is detected. This process is independent of whether there is any programming or security-related operation going on in the FPGA. All the lock bits are monitored at the time they are consumed, by re-computing and comparing a digest value before using the stored data.

The Configure Security Wizard in the Libero SoC software is used to apply these lock bits.