Virtex-4 FPGA Configuration User Guide www.xilinx.com 25
UG071 (v1.12) June 2, 2017
Bitstream Encryption
A mismatch between the key in the encrypted bitstream and the key stored in the device
causes configuration to fail with the INIT pin remaining High and the DONE pin
remaining Low. A mismatch between the key and bitstream can result in a high current on
V
CCINT
.
Note:
1. Do not use or monitor BUSY when loading an encrypted bitstream.
2. SelectMAP-32 mode is not supported with encrypted bitstreams.
Bitstream Encryption and Internal Configuration Access Port (ICAP)
The Internal Configuration Access Port (ICAP) primitive provides the user logic with
access to the Virtex-4 configuration interface. The ICAP interface is similar to the
SelectMAP interface, although the restrictions on readback and reconfiguration for the
SelectMAP interface do not apply to the ICAP interface after configuration. Users can
perform readback and reconfiguration through the ICAP interface even if bitstream
encryption is used. Unless the designer wires the ICAP interface to user I/O, this does not
offer attackers a method for defeating the Virtex-4 AES encryption scheme. ICAP is not
supported with an encrypted bitstream in the LX, SX, and FX12 devices.
Users concerned about the security of their design should not:
• Wire the ICAP interface to user I/O
-or-
• Not instantiate the ICAP primitive.
Like the other configuration interfaces, the ICAP interface does not provide access to the
key register.
V
BATT
The encryption key memory cells are volatile and must receive continuous power to retain
their contents. During normal operation, these memory cells are powered by the auxiliary
voltage input (V
CCAUX
), although a separate V
BATT
power input is provided for retaining
the key after V
CCAUX
is removed. Because V
BATT
draws very little current (on the order of
nano amperes), a small watch battery is suitable for this supply. (To estimate the battery
life, refer to V
BATT
DC Characteristics in the Virtex-4 FPGA Data Sheet and the battery
specifications.) At less than a 100 nA load, the endurance of the battery should be limited
only by its shelf life.
V
BATT
does not draw any current and can be removed while V
CCAUX
is applied. V
BATT
cannot be used for any purpose other than retaining the encryption keys when V
CCAUX
is
removed.
To Next Page
Loading...
Need help?
General
