Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > FPGAs/PLDs

How to securely update FPGA-based embedded systems

Posted: 14 Dec 2015 ?? ?Print Version ?Bookmark and Share

Keywords:flash memory? algorithms? PCIe? FPGA? SRAM?

With SRAM-based FPGAs typically a NOR SPI flash is used because it consumes the fewest pins, has multiple suppliers with the same pin out, and is available in densities up to 1 Gb. Current NOR SPI flash devices have a 32bit address option allowing for growth to 4GB device without any changes in the command and control protocols. What happens when this SPI flash is in a program or erase mode (charge pumps are active) and power disappears? Where does the charge dissipate? Is there circuitry to detect power failure in these flash memories and shunt the charge safely to ground? Typically what occurs is the page being written to will experience data corruption.

Figure 2: Diagram of Three FPGA Configuration Options: SRAM-based with External Configuration Flash, Flash on-the-side and Embedded Flash.

With flash on-the-side FPGAs, a wide on-chip data bus is used to load the SRAM-based configuration memory on power-up. Usually configuration is faster than for an SRAM-based FPGA where external flash memory is used to configure the device. However similar questions with respect to power loss during a program or erase cycle need to be asked. Where does the charge go? Does the flash memory become corrupted? Is only the page being written to corrupted? Or is the entire flash memory at risk? Can the FPGA detect a corrupted on-chip memory or does the corrupted data get loaded into the configuration memory during the power-up process?

Not only is the corruption of the flash an issue, how the remote data is secured is also of critical importance. When an embedded product is accessible by an end user, it has the potential of being tampered with. To prevent unwanted attacks, both software and hardware security must be employed. It is not adequate to only have a remote configuration data file encrypted. Although this software encrypted security helps, the hardware (FPGA) that is going to unencrypt the data must have built in security protection too. An encrypted data file can easily have its key extracted when the user can access the embedded device. This is done by using an inexpensive electromagnetic probe and implementing differential power analysis (DPA). There are numerous examples of FPGA security keys which have been extracted by using this technique. If the FPGA does not have DPA countermeasures built in, then any remote update could become a security vulnerability. When an embedded product is accessible by a user, not having DPA countermeasures is the same as having no security.

With flash-embedded FPGAs, the configuration memory is stored on-chip and is closely integrated within the FPGA fabric. For example, on Microsemi SmartFusion2 and IGLOO2 flash FPGAs, programming can take place via an external communications port such as USB, PCIe or JTAG and the entire programming process is managed by an on-chip dedicated programming interface. Additionally, an advanced programming facility, called In-Application Programming (IAP) is available on SmartFusion2 and IGLOO2 FPGAs which provides the desired reliable, safe and secure programming facility even in the face of a power loss during programming. Let's now look at how the IAP facility can be used to help implement the robust remote update capability required by todays embedded systems.

Reliable, safe and secure remote update
A flash-embedded FPGA can provide the key functions required to more easily support secure and robust remote updates. For example, SmartFusion2 has all the mainstream FPGA features needed to implement the key bridging functions as well as the required security and IAP functions. As shown in figure 3, the low speed interfaces can connect using I2C and GPIO. The high speed host interface, PCIe, is implemented as a dedicated port that doesn't require FPGA fabric.

Figure 3: SmartFusion2 In Application Programming (IAP) Supports Secure, Safe and Reliable Remote Updates in a Chassis Control Plane Bridge.

?First Page?Previous Page 1???2???3?Next Page?Last Page

Article Comments - How to securely update FPGA-based em...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top