Professional Documents
Culture Documents
Microsemi Fusion Security Applicationnote Ac253 v1
Microsemi Fusion Security Applicationnote Ac253 v1
Fusion Security
Table Of Contents
March 2016 1
© 2016 Microsemi Corporation
Fusion Security Features
possible with AES encryption capability for the programming file during electronic transfer. Figure 1
shows a view of the AES decryption core inside Fusion devices, which is used to decrypt the encrypted
programming file when programming.
This application note outlines the security features offered in Fusion devices, some applications and
uses, as well as the different software settings for each application.
Bank 0 Bank 1
CCC
SRAM Block
4,608-Bit Dual-Port SRAM
or FIFO Block
OSC
I/Os
CCC/PLL
VersaTile
Bank 4
Bank 2
SRAM Block
4,608-Bit Dual-Port SRAM
ISP AES User Nonvolatile
Charge Pumps or FIFO Block
Decryption FlashROM
Analog Analog Analog Analog Analog Analog Analog Analog Analog Analog
Quad Quad Quad Quad Quad Quad Quad Quad Quad Quad
CCC
Bank 3
Figure 1 • Block Representation of the AES Decryption Core in an AFS600 FPGA Fusion
2
Fusion Security
3
Fusion Security Features
Fusion
MAC
Actel Designer Validation
Software
Decrypted
Programming Bitstream
File Generation
with AES
Encryption AES AES FPGA
FlashROM FBs
Key DecryptionCore Core
Transmit Medium /
Public Network
Encrypted Bistream
Figure 2 • Example Application Scenario Using AES in Fusion Devices Fusion
FlashLock
The 128-bit Flash-based FlashLock feature in Fusion works via a key mechanism. The user locks or
unlocks the device with a user-defined FlashLock Pass Key. When the device is locked, there is no
access to the FPGA without the correct FlashLock Pass Key. By default, functions such as device write,
verify, and erase are disabled. Figure 3 on page 5 shows the application scenarios and the
corresponding security settings selected during the programming file generation step.
4
Fusion Security
Security In Action
Figure 3 shows some applications of the security advantages of Fusion devices.
Cipher Text
Source File
Public
Domain
Application 1
Application 2
Application 3
AES Decryption Core
Fusion
5
Security In Action
Fusion Device
AES Encrypted
Programming File Security Settings* Security Settings
Security Settings
FlashROM/FBs/FPGA
Programs Design Fusion
Contents to Devices Device Contents
6
Fusion Security
Trusted Environment
OEM
Generates Updated Design Contents
Encrypted with AES
AES Encrypted
Programming File
Transmits to
Remote System
Update/Upgrade
Original Design
Contents AES
Fusion Device Encrypted and
FlashLock Pass Key
Protected
7
Fusion FlashROM Security Use Models
8
Fusion Security
In Application 3, described on page 7, typically only sub-flow 2 will be used because only updates to the
design content portion are needed and no security settings need to be changed.
In the event that update of the security settings is necessary, see the “Reprogramming Devices” on
page 14 for details.
User
Designer Software Programming Software
Software
Program User Assigns Desired Security Settings Device Programs
Security to FPGA/FB/FlashROM/All: Previously No Selected
1 – AES Key and FlashLock Pass Key Programmed?
Settings Security Settings
– FlashLock Pass Key Only into Device
Yes Yes
Software Performs
Software Generates Programming File Comparison of Does
with Desired Security Settings: FlashLock Pass Key FlashLock
– Encrypted with AES and Protected between Pass Key
with FlashLock Pass Key Programming File Match?
– Protected with FlashLock Pass Key Only and Device
No
Returns Error
Software Generates
Program Programming File Software
Programming Programs
2 Design Previously No with Desired
Secured Design Contents Design Content
Contents
Device(s)? (FPGA Array, FB, into Device
FlashROM, or All)
Yes
Yes
Returns Error
Yes
Software Generates
Programming File Design Content
with Encrypted Decrypted and
Design Contents Programmed
into Device
9
Generation of the Programming File in a Trusted Environment – Application 1
10
Fusion Security
2. Choose the appropriate security level setting and enter a FlashLock Pass Key. The default is the
Medium security level as shown in Figure 8. Click Next.
3. Choose the desired settings for the FlashROM configurations to be programmed as shown in
Figure 9. Click Finish to generate the STAPL programming file for the design.
11
Generation of Security Header Programming File Only – Application 2
12
Fusion Security
2. Choose the desired security level setting and enter the key(s) as shown in Figure 11.
– The High security level employs FlashLock Pass Key with AES Key protection.
– The Medium security level employs FlashLock Pass Key protection only
Figure 11 • High Security Level to Implement Both FlashLock Pass Key and AES Key Protection Fusion
13
Reprogramming Devices
Reprogramming Devices
Previously programmed Fusion devices can be reprogrammed using the steps in the “Generation of the
Programming File in a Trusted Environment – Application 1” on page 10 and “Generation of Security
Header Programming File Only – Application 2” on page 12. In the case where a FlashLock Pass Key
has been programmed previously, the user must generate the new programming file with a FlashLock
Pass Key that matches the one previously programmed into the device. The software will check the
FlashLock Pass Key in the programming file against the FlashLock Pass Key in the device. The keys
must match before the device can be unlocked to perform further programming with the new
programming file.
Figure 7 on page 10 shows the option Programming previously secured device(s), which the user
should check before proceeding. Upon going to the next step, the user will be notified that the same
FlashLock Pass Key needs to be entered, as shown in Figure 12
14
Fusion Security
Note: The settings in this figure are used to show the generation of an AES-encrypted programming file for both the
FPGA array and FlashROM contents. One or both locations may be selected for encryption.
Figure 13 • FlashLock Pass Key and AES Key Protected Programming Files Settings Fusion
15
Generated Programming File Header Definition
Choose the High security level to employ both FlashLock Pass Key and AES Key protection as shown in
Figure 14. Enter both keys and click Next.
Figure 14 • Security Level Set High for FlashLock Pass Key and AES Key Protection Fusion
Programming with this file is intended for an unsecured environment. The AES key encrypts the
programming file with the same AES key already used in the device and utilizes it to program the device.
FlashLock Pass Key with no AES key NOTE "SECURITY" "KEYED ";
FlashLock Pass Key with AES key NOTE "SECURITY" "KEYED ENCRYPT ";
16
Fusion Security
Conclusion
The new and enhanced security features offered in Microsemi Fusion devices provide
state-of-the-art security to designs programmed into these Flash-based devices. Microsemi Fusion
devices employ the encryption standard used by NIST and the U.S. government – AES using the 128-bit
Rijndael algorithm.
The combination of an on-chip AES decryption engine and Microsemi FlashLock technology provides the
highest level of security against invasive attacks and design theft, implementing the most robust and secure
ISP solution. These security features protect IP within the FPGA and protect the system from cloning,
wholesale “black box” copying of a design, invasive attacks, and explicit IP or data theft.
Glossary
Term Explanation
Security Header Programming File Programming file used to program the AES key and/or FlashLock
Pass Key into the FlashROM and/or FPGA array core of the device.
Programming file used to program the AES key and/or FlashLock
Pass Key into the FlashROM, FB, and/or FPGA core of the device.
AES (Encryption) Key 128-bit key defined by the user when the AES encryption option is
set in the Microsemi designer software when generating the
programming file.
FlashLock Pass Key 128-bit key defined by the user when the FlashLock option is set in
the Microsemi designer software when generating the programming
file.
The user must enter the FlashLock Pass Key to the programming
software before programming (and actual decryption if the AES
option is configured) is done.
FlashLock Security features that protect the device content from attacks. This is
achieved by the following:
• Flash technology that does not require an external bitstream to
program the device
• FlashLock Pass Key that secures device content and prevents
access to the device as necessary
• AES key that allows secure device reprogrammability
References
National Institute of Standards and Technology. “ADVANCED ENCRYPTION STANDARD (AES)
Questions and Answers.” 28 January 2002.
<http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html> (10 January 2005).
Related Documents
AC236:Fusion FlashROM
17
Related Documents
List of Changes
The following table shows important changes made in this document for each revision.
18
Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor
and system solutions for communications, defense & security, aerospace and industrial
markets. Products include high-performance and radiation-hardened analog mixed-signal
integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and
synchronization devices and precise time solutions, setting the world’s standard for time; voice
processing devices; RF solutions; discrete components; Enterprise Storage and
Communication solutions, security technologies and scalable anti-tamper products; Ethernet
Solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and
services. Microsemi is headquartered in Aliso Viejo, Calif., and has approximately 4,800
employees globally. Learn more at www.microsemi.com.
Microsemi Corporate Headquarters
One Enterprise, Aliso Viejo, Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or
CA 92656 USA the suitability of its products and services for any particular purpose, nor does Microsemi assume any
liability whatsoever arising out of the application or use of any product or circuit. The products sold
Within the USA: +1 (800) 713-4113 hereunder and any other products sold by Microsemi have been subject to limited testing and should not
Outside the USA: +1 (949) 380-6100 be used in conjunction with mission-critical equipment or applications. Any performance specifications are
Sales: +1 (949) 380-6136
believed to be reliable but are not verified, and Buyer must conduct and complete all performance and
Fax: +1 (949) 215-4996
other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely
on any data and performance specifications or parameters provided by Microsemi. It is the Buyer's
E-mail: sales.support@microsemi.com
responsibility to independently determine suitability of any products and to test and verify the same. The
© 2016 Microsemi Corporation. All information provided by Microsemi hereunder is provided "as is, where is" and with all faults, and the entire
rights reserved. Microsemi and the risk associated with such information is entirely with the Buyer. Microsemi does not grant, explicitly or
Microsemi logo are trademarks of implicitly, to any party any patent rights, licenses, or any other IP rights, whether with regard to such
Microsemi Corporation. All other information itself or anything described by such information. Information provided in this document is
trademarks and service marks are the proprietary to Microsemi, and Microsemi reserves the right to make any changes to the information in this
property of their respective owners. document or to any products and services at any time without notice.
51900130-1/3.16