Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > FPGAs/PLDs

How to securely update FPGA-based embedded systems

Posted: 14 Dec 2015 ?? ?Print Version ?Bookmark and Share

Keywords:flash memory? algorithms? PCIe? FPGA? SRAM?

The on-chip processor can use the high speed memory sub-system (HSMS) to access the large internal flash memory for code storage, large internal SRAM for data buffering and the dedicated DDR controller provides access to additional external memory if needed. The dedicated system controller provides security functions used during programming and the IAP function used during remote updates. A more detailed view of the key functions available on the SmartFusion2 FPGA is shown in figure 4.

In-Application Programming
The In-Application Programming (IAP) facility available with SmartFusion2 and IGLOO2 provides a means for securely and reliably updating the configuration bitstream remotely. IAP is executed from the dedicated system controller within the FPGA so it doesn't require the use of any FPGA fabric or other user configurable logic. The IAP function is two-step process and uses an external SPI flash memory device. In the first step the external SPI flash device is programmed with the desired bitstream using any of the available interfacesPCIe, USB, JTAG or even Ethernet. All bitstreams used to program SmartFusion2 devices are encrypted to make sure they are protected from tampering, so this bitstream will also be in an encrypted form.

Figure 3: Microsemi SmartFusion2 SoC FPGAs have Mainstream Features along with Robust Security and Remote Update Capabilities.

In the next step the System Controller performs the IAP service via a system service call. The user provides a pointer to the System Controller with the starting address of the bitstream location in the external SPI flash memory. The IAP system service call also has three options for the user: Authenticate, Program or Verify. Authentication is typically performed prior to programming the FPGA configuration memory to verify that the bitstream in the SPI flash is properly constructed for the device being programmed. During authentication the device operates normally.

The external SPI flash that contains the new bitstream can also contain an additional image as well, one that can be used as a known good version for recovery purposes. The user can at any time point to the recovery image and use it to configure the FPGA into a known good state. The recovery image can be saved, 'as is' from day one, or it can also be updated for critical bug fixes as needed.

During the IAP function a Program Recovery option is available. When Programming Recovery is enabled if power fails during programming, the system controller will disable internal charge pumps used to program the FPGA in a controlled manner. On the next subsequent power-up cycle, prior to enabling the FPGA fabric, the system controller will detect that the device programming operation has been interrupted and it will initiate a programming cycle from a bitstream located in the external SPI flash. Users have a choice of updating from the known good image or the remote updated image that was just pushed to the SPI flash memory. When an external bitstream is loaded into the SmartFusion2 FPGA, it employs the built in DPA countermeasure logic. This ensures no electromagnetic probe can decipher the encryption key, thus resulting in a trusted, secure device for the embedded system.

Program recovery, when combined with the secure encrypted bitstream and bitstream authentication, delivers the reliable, safe and secure remote programming update facility required by today's connected embedded systems, even if power is lost during FPGA configuration memory programming.

About the author
Ted Marena is the director of FPGA/SOC marketing at Microsemi. He has over 20 years' experience in FPGAs. Previously Marena has held roles in business development, product & strategic marketing. He was awarded Innovator of the Year in February 2014 when he worked for Lattice Semiconductor. Marena has defined, created and executed unique marketing platform solutions for vertical markets including consumer, wireless small cells, industrial, cameras, displays and automotive applications.

?First Page?Previous Page 1???2???3

Article Comments - How to securely update FPGA-based em...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top