Using High Security Features in Virtex-II Series FPGAs

This application note shows how a designer can very simply implement a battery with the Virtex™-II series FPGAs for high bitstream security. It shows a number of Xilinx recommended designs. Introduction All Virtex-II family members (Virtex-II, Virtex-II Pro™, and Virtex-II Pro X FPGAs) have an on- chip decryptor that can be enabled to make the configuration bitstream (and thus the whole logic design) secure. Xilinx implements a standard triple DES (TDES) scheme for securing a bitstream. TDES is considered very safe in industry, military, and government applications. This scheme is used daily by banks to transfer trillions of dollars around the world. The user can encrypt the bitstream in the Xilinx software, and the Virtex-II chip then performs the reverse operation, decrypting the incoming bitstream and internally recreating the intended configuration. This method provides a very high degree of design security. The Virtex-II device families store the internal decryption keys in a few hundred bits of dedicated RAM, backed up by a small, externally connected battery. This battery backed-up key is the most secure solution since the keys are erased if the FPGA is tampered with. The key benefits of the Xilinx SecureChip security solution are summarized below: • Battery-backed volatile keys provide the highest degree of security • Simple, well-understood, and low-cost solution with widely available standard components