24 www.xilinx.com Virtex-4 FPGA Configuration User Guide
UG071 (v1.12) June 2, 2017
Chapter 1: Configuration Overview
Creating an Encrypted Bitstream
The Xilinx Bitstream Generator (BitGen, provided with the Xilinx ISE software) can
generate encrypted as well as non-encrypted bitstreams. For AES bitstream encryption, the
user specifies a 256-bit key as an input to BitGen. BitGen in turn generates an encrypted
bitstream file (.bit) and an encryption key file (.nky).
For specific BitGen commands and syntax, refer to the Development System Reference Guide.
Loading the Encryption Key
The encryption key can only be programmed onto a Virtex-4 device through the JTAG
interface. The iMPACT tool, provided with the Xilinx ISE software, can accept the .nky file
as an input and program the device with the key through JTAG, using a supported Xilinx
programming cable.
To program the key, the device enters a special key-access mode using the ISC_PROGRAM
instruction, as detailed in the JTAG 1532 specification. In this mode, all FPGA memory,
including the encryption key and configuration memory, is cleared. Once the key is
programmed and the key-access mode is exited, it cannot be read out of the device by any
means, and it cannot be reprogrammed without clearing the entire device. The key-access
mode is transparent to most users.
Loading Encrypted Bitstreams
Once the device has been programmed with the correct encryption key, the device can be
configured with an encrypted bitstream. After configuration with an encrypted bitstream,
it is not possible to read the configuration memory through JTAG or SelectMAP readback,
regardless of the BitGen security setting.
After loading the encryption key, a non-encrypted bitstream can be used to configure the
device; in this case the key is ignored. After configuring with a non-encrypted bitstream,
readback is possible (if allowed by the BitGen security setting). The encryption key still
cannot be read out of the device, preventing the use of Trojan Horse bitstreams to defeat the
Virtex-4 encryption scheme.
However, once an encrypted bitstream has been used to configure a device, the device
cannot be reconfigured with a non-encrypted bitstream unless a full-chip reset is
performed first by pulling the PROGRAM_B pin Low, cycling power, or issuing a
JPROGRAM instruction. Additional encrypted reconfigurations can be performed.
The method of configuration is not affected by encryption. The configuration bitstream can
be delivered in any mode (Serial, SelectMAP, or JTAG) from any configuration solution
(PROM, System ACE™ tool, etc.). Configuration timing and signaling are unaffected by
encryption.
The encrypted bitstream must configure the entire device, because partial reconfiguration
through the external configuration interfaces is not permitted for encrypted bitstreams.
After configuration, the device cannot be reconfigured without toggling the PROG pin,
cycling power, or issuing the JTAG JSTART or JPROG instruction. Readback is available
through the ICAP primitive (see “Bitstream Encryption and Internal Configuration Access
Port (ICAP)”). None of these events resets the key if V
BATT
or V
CCAUX
is maintained.
To Next Page
Loading...
Need help?
General
