Device-Level Anti-Tamper Features

Both the device families include a number of built-in tamper detection and response capabilities that can be used to enhance the security of the device. These countermeasures are intended to address various types of attacks that include non-invasive, semi-invasive, and invasive attacks. The devices can detect a number of conditions that may indicate an attempt to tamper.

When a tamper condition is detected, a notification is sent to the fabric via one of many dedicated lines. On receiving a tamper event, the fabric design may either choose to ignore the event or take defensive action using built-in tamper responses. Tamper events can only be cleared by assertion of the associated fabric clear signal or a device reset.

In addition to tamper detection and tamper response, all built-in design security protocols have protection against DPA and related side-channel monitoring attacks. All cryptographic algorithms implemented in a device are DPA-resistant. Both the device families have integrity check mechanisms that can optionally be used to check the reliability and security of a device upon power-up or on-demand.

Figure 1. Tamper Detection and Response Interfaces to the FPGA Fabric
Note: User Cryptoprocessor is part of MSS in PolarFire SoC FPGAs and there is no MSS in PolarFire FPGAs. User Cryptoprocessor is a standalone block in PolarFire FPGAs.