CN103257937B - A kind of method and apparatus protecting fpga chip internal configuration memorizer - Google Patents

A kind of method and apparatus protecting fpga chip internal configuration memorizer Download PDF

Info

Publication number
CN103257937B
CN103257937B CN201210034216.0A CN201210034216A CN103257937B CN 103257937 B CN103257937 B CN 103257937B CN 201210034216 A CN201210034216 A CN 201210034216A CN 103257937 B CN103257937 B CN 103257937B
Authority
CN
China
Prior art keywords
memorizer
configuration
chip
access
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210034216.0A
Other languages
Chinese (zh)
Other versions
CN103257937A (en
Inventor
李大伟
朱建彰
王强
王潘丰
邹丽娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Capital Microelectronics Beijing Technology Co Ltd
Original Assignee
Capital Microelectronics Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Capital Microelectronics Beijing Technology Co Ltd filed Critical Capital Microelectronics Beijing Technology Co Ltd
Priority to CN201210034216.0A priority Critical patent/CN103257937B/en
Publication of CN103257937A publication Critical patent/CN103257937A/en
Application granted granted Critical
Publication of CN103257937B publication Critical patent/CN103257937B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses and a kind of programmable gate array FPGA chip that keeps the scene intact configures the method for data in memorizer, chip and device, the method comprise the steps that and be decrypted for configuring the encryption data of described chip from outside with clear crytpographic key;Receive the user cipher of outside input;When forcing the instruction of control extension bit to need to be encrypted described access code, being encrypted described access code with described clear crytpographic key, encrypted result is as access rights password, otherwise, directly using access code as access rights password;The user cipher of described input is compared with described access rights password, when comparative result is consistent, opens user's access rights to described configuration memorizer.

Description

A kind of method and apparatus protecting fpga chip internal configuration memorizer
Technical field
The present invention relates to memory area, inside one protection programmable chip The method and apparatus of memorizer.
Background technology
Programmable chip has the strongest motility.Along with the development of technology, its security performance also shows Obtain more and more important, and especially FPGA (Field Programmable Gate Array, on-the-spot Programmable gate array) chip is more and more higher to confidentiality requirement.FPGA typically uses SRAM (Static RAM, static RAM) technique, internal configuration registers, memorizer be not the most non-easily Lose, need to connect one piece of nonvolatile storage in outside, from above-mentioned non-volatile memory when chip powers on Device reads configuration data so that chip operation.
Above-mentioned nonvolatile storage owing in chip exterior, its content is easier to be copied illegally, To this, fpga chip the most all uses AES (Advanced Encryption Standard, height Level encryption standard) etc. AES in the nonvolatile storage above-mentioned fpga chip outside store Data are encrypted.
But, after fpga chip powers on, the data in its outside above-mentioned nonvolatile storage are passed through The deciphering module solution secret meeting of chip internal is configured to each configuration register/memorizer of chip internal In, the content inside the most above-mentioned configuration register/memorizer is in plain text, and be in plain text be easy to by Bootlegging.
Generally by JTAG (Joint Test Action Group, joint test behavior tissue) Interface is to facilitate fpga chip test and debugging.Jtag interface can have access to chip internal Almost all of configuration register/memorizer, it is therefore necessary to the access rights of this interface are controlled To prevent unauthorized access, ensure again can be by described in this interface accessing when normal need simultaneously Configuration register/memorizer.
Fig. 1 is the scene graph that in prior art, jtag interface accesses field programmable gate array chip. In FIG, store in nonvolatile storage is the bit stream of configuration fpga chip.Bit stream one As be made up of frame, each frame data may be used for certain depositor within fpga chip of configuration or Memorizer.Fpga chip is controlled by one or more bits of an internal access controller Jtag interface accesses the authority of fpga chip HOW TO VISIT THE INTERIOR.When fpga chip powers on, This access controller initial value is full 0, and acquiescence jtag interface can be with the depositor within access chip / memorizer.Subsequently, the nonvolatile storage of chip exterior configures institute by its frame comprised State access controller.If Configuration Values is non-zero, then jtag interface will be unable to access inside FPGA Register/memory, and, this access controller be once configured to non-zero after, it is impossible to again Being rewritten into 0, unless fpga chip power-off, or the global reset signal of chip is triggered.
But when third party can be by the configuration access in above-mentioned nonvolatile storage by any special measures The frame deletion of controller or change 0 value into, after fpga chip powers on, third party passes through JTAG Interface is just able to access that the data in chip internal register/memorizer.
At the beginning of visible FPGA powers on, the authority of jtag interface access chip HOW TO VISIT THE INTERIOR Acquiescence is opened, and this is unfavorable for protection to HOW TO VISIT THE INTERIOR from the beginning;It addition, After above-mentioned authority is limited, this authority is difficult to be opened again, and this is not easy to validated user and passes through JTAG Interface accessing chip;Easily deleted owing to controlling the data of the nonvolatile external memory of access rights Remove or distort, therefore preventing the depositor/storage within jtag interface unauthorized access fpga chip The dynamics of device is not enough.
Summary of the invention
The invention provides a kind of programmable gate array FPGA that keeps the scene intact that can solve problem above Chip configures the method for data, chip and device in memorizer.
According to an aspect of the invention, it is provided the scene of data in a kind of relaying configuration memorizer Programmable gate array FPGA chip, described chip includes:
Configuration memorizer, for storing the configuration data of described chip;
Access code memorizer, is used for storing access code;
Configuration Control Unit, for receiving the user cipher of outside input;
Access controller, for read access code from access code memorizer, and by close for described user Code compares with described access code, when comparative result is consistent, notifies described Configuration Control Unit User is allowed to access described configuration memorizer.
According to a further aspect in the invention, showing of data in a kind of relaying configuration memorizer is additionally provided Field programmable gate array fpga chip, described chip includes:
Configuration memorizer, for storing the configuration data of described chip;
Clear crytpographic key memorizer, is used for storing clear crytpographic key;
Access code memorizer, is used for storing access code;
Configuration Control Unit, for receiving the user cipher of outside input;
Force control extension parameter storage, be used for whether storing the described user cipher of instruction through pre- The parameter first encrypted;
Access controller, for read access code from described access code memorizer, when described parameter Indicating described user cipher is in time encrypting in advance, with described clear crytpographic key to described user cipher It is decrypted, and the user cipher after deciphering is compared with described access code, work as comparative result For time consistent, notify that described Configuration Control Unit allows user to access described configuration memorizer.
In accordance with a further aspect of the present invention, the dress of data in a kind of relaying configuration memorizer is additionally provided Putting, described device includes foregoing on-site programmable gate array FPGA chip, described scene Comprising described configuration memorizer in programmable gate array FPGA chip, described device also includes:
Jtag interface, for inputting user cipher to described chip;And/or
Nonvolatile storage, for providing the configuration data of the encryption of described chip.
Accompanying drawing explanation
Below with reference to accompanying drawings specific embodiments of the present invention are described in detail, attached In figure:
Fig. 1 is the scene graph that in prior art, jtag interface accesses field programmable gate array chip;
Fig. 2 is the programmable gate array FPGA chip that keeps the scene intact according to an embodiment of the invention The system block diagram of the device of internal storage;
Fig. 3 is the programmable gate array FPGA that keeps the scene intact in accordance with a preferred embodiment of the present invention The system block diagram of the device of chip internal memorizer;
Fig. 4 is the programmable gate array FPGA chip that keeps the scene intact according to an embodiment of the invention The method flow diagram of internal storage;
Fig. 5 is the programmable gate array FPGA that keeps the scene intact in accordance with a preferred embodiment of the present invention The method flow diagram of chip internal memorizer;
Fig. 6 is the programmable gate array that keeps the scene intact according to another preferred embodiment of the present invention The method flow diagram of fpga chip internal storage.
Detailed description of the invention
Fig. 2 is to keep the scene intact according to an embodiment of the invention in programmable gate array FPGA chip The system block diagram of the device of portion's memorizer.As in figure 2 it is shown, system includes field programmable gate array Chip, jtag interface 218 and nonvolatile storage 220.Wherein field programmable gate array core Sheet comprises configuration memorizer 202, Configuration Control Unit 204, clear crytpographic key memorizer 210, accesses control Device 212 processed, and access code memorizer 214.Described Configuration Control Unit 204 comprises JTAG control Device 206 processed and deciphering module 208.Described access code memorizer 214 stores by one or many The access code of individual bit composition.Described access code is as access rights password.
When fpga chip powers on, in the nonvolatile storage 220 of chip exterior storage with configuration core The encryption data that sheet is relevant is configured to configure memorizer through deciphering module 208 deciphering of chip internal In 202.
Access controller 212 within fpga chip is used for providing control parameter, described control parameter Instruction jtag interface 218 accesses the authority of fpga chip internal configuration memorizer 202.FPGA core When sheet powers on, the initial value of described control parameter is non-zero, and jtag controller 206 knows that this is initial The configuration memorizer 202 within jtag interface 218 access chip will not be allowed after value.This make from Chip powers on and starts just to have accomplished the protection to configuration memorizer 202.
Above-mentioned jtag controller 206 knows that the mode controlling initial parameter value can be JTAG control Device 206 actively reads this initial value, or access controller 212 from access controller 212 Actively report to jtag controller 206.
Be noted that above-mentioned " when fpga chip powers on, the initial value of described control parameter is non-zero, Jtag controller 206 will not allow joining within jtag interface 218 access chip after knowing this initial value Put memorizer 202 " a kind of optimal way, it is also possible to allowing initial value is the acquiescence described in 0 correspondence Forbid, or to allow initial value be that other value set in advance is carried out corresponding described acquiescence and forbidden, Do not limit at this.
After powering on, if user wants to deposit through the configuration within jtag interface 218 access chip Reservoir 202, needs to first pass through jtag interface input and the access of storage in access code memorizer 214 Code-phase user cipher together could obtain the power accessing configuration memorizer 202 through jtag interface 218 Limit.After obtaining authority, configuration memorizer 202 can be operated by user.Described operation is Refer to read and/or write.The user cipher that specifically user is inputted by jtag controller 206 Being supplied to access controller 212, access controller 212 reads visit from access code memorizer 214 Ask that code, access controller judge that described user cipher is the most consistent with described access code, when consistent, Access controller 212 notifies that Configuration Control Unit 204 allows user to access described configuration memorizer 202。
It is above-mentioned that " user cipher that user inputs is supplied to access controller by jtag controller 206 212 " elder generation and between " access controller 212 is read access code from access code memorizer 214 " There is not restriction in rear order.
After being noted that fpga chip powers on, the above-mentioned " non-volatile memory of chip exterior In device 220, the encryption data relevant to configuration chip of storage is through the deciphering module 208 of chip internal Deciphering is configured to configure in memorizer 202 " with " if user wants to visit through jtag interface 218 Ask the configuration memorizer 202 of chip internal, need to first pass through jtag interface input and store with access code The user cipher that in device 214, the access code of storage is identical could obtain and access through jtag interface 218 The authority of configuration memorizer 202 " there is not specific order between the two flow process, i.e. and these are two years old Individual flow process can be to carry out parallel, it is also possible to be one first after one or after one one first, do not limit at this Fixed.
It addition, to illustrate that the clear crytpographic key that deciphering module uses can enter for different user Row customizes in advance.It is to say, the field programmable gate array chip being distributed to different user is adopted Clear crytpographic key can be different.Such as, described different clear crytpographic keys can be carried by user oneself Supply.Additionally for aforesaid access code, it is also possible to customize in advance for different user.Example As specified by user, or chip manufacturer directly specify after inform user, it is also possible to by user with Chip manufacturer decides through consultation jointly, does not limits at this.It is right that above-mentioned measure strengthens to a certain extent The protection of field programmable gate array chip.
To be illustrated, described access controller 212 can be independently of Configuration Control Unit The parts of 204, it is also possible to be contained within Configuration Control Unit 204 mutually only with jtag controller 206 Vertical parts, it is also possible to be contained within the parts in jtag controller 206.The most in the chips Independent described access controller 212 can not be comprised, and simply by described access controller The repertoire of 212 is all included into described jtag controller or Configuration Control Unit.
Further, described clear crytpographic key memorizer 310 can also be contained in described Configuration Control Unit In.
It is a preferred side that described clear crytpographic key is stored in chip internal clear crytpographic key memorizer Formula, it can also be stored directly in deciphering module, or be solidificated in other parts of chip internal it In, do not limit at this.
It is an optimal way that described access code is stored in chip internal access code memorizer, and it is also Can be stored directly in access controller, or be solidificated among other parts of chip internal, This does not limits.
In the present embodiment, only when the user cipher of user's input is consistent with described access code, Just allow user that configuration memorizer is operated, widen the application of relaying configuration memory approach Scope.
Finally, it is noted that in the present embodiment, jtag controller and deciphering module can conducts Parts independent in Configuration Control Unit, it is also possible to not as individual components, but by described JTAG The function of controller and deciphering module is included into described Configuration Control Unit.
Fig. 3 is the programmable gate array FPGA that keeps the scene intact in accordance with a preferred embodiment of the present invention The system block diagram of the device of chip internal memorizer.As it is shown on figure 3, system includes field-programmable Gate array chip, jtag interface 318 and nonvolatile storage 320.Wherein field programmable gate Array chip comprise configuration memorizer 302, Configuration Control Unit 304, clear crytpographic key memorizer 310, Access controller 312, access code memorizer 314, and force control extension parameter memory module 316. Described Configuration Control Unit 304 comprises jtag controller 306 and deciphering module 308.Described visit Ask that code memory 314 stores the access code being made up of one or more bits.Described pressure is encrypted Controlling to store pressure control extension parameter in parameter memory module 316, this parameter is by one or many Individual bit forms.
When fpga chip powers on, in the nonvolatile storage 320 of chip exterior storage with configuration core The encryption data that sheet is relevant is configured to configure memorizer through deciphering module 308 deciphering of chip internal In 302.
Access controller 312 within fpga chip is used for providing control parameter, described control parameter Instruction jtag interface 318 accesses the authority of fpga chip internal configuration memorizer 302.FPGA core When sheet powers on, the initial value of described control parameter is non-zero, and jtag controller 306 knows that this is initial The configuration memorizer 302 within jtag interface 318 access chip will not be allowed after value.This make from Chip powers on and starts just to have accomplished the protection to configuration memorizer 302.
Above-mentioned jtag controller 306 knows that the mode controlling initial parameter value can be JTAG control Device 306 actively reads this initial value, or access controller 312 from access controller 312 Actively report to jtag controller 306.
Be noted that above-mentioned " when fpga chip powers on, the initial value of described control parameter is non-zero, Jtag controller 306 will not allow joining within jtag interface 318 access chip after knowing this initial value Put memorizer 302 " a kind of optimal way, it is also possible to allowing initial value is the acquiescence described in 0 correspondence Forbid, or to allow initial value be that other value set in advance is carried out corresponding described acquiescence and forbidden, Do not limit at this.
When fpga chip powers on, in described pressure control extension parameter memory module 316, storage is strong Control extension initial parameter value processed is 1, and Configuration Control Unit 304 knows this pressure control extension parameter Know after initial value that the user cipher that user inputs is pre-to first pass through encryption, it is necessary to use deciphering mould Described user cipher is decrypted by the clear crytpographic key in block 310.
Be noted that above-mentioned " when fpga chip powers on, described pressure control extension parameter store In module 316, the pressure control extension initial parameter value of storage is 1, and Configuration Control Unit 304 knows that this is strong Know after control extension initial parameter value processed that the user cipher that user inputs is pre-to first pass through encryption, Must use the clear crytpographic key in deciphering module 310 that described user cipher is decrypted " a kind of Optimal way, it is also possible to allow initial value be 0 or to be that other value set in advance is next corresponding described Pressure encryption, do not limit at this.
Judge that when the user cipher after deciphering is consistent with above-mentioned access right, jtag interface 318 just can obtain The authority of configuration memorizer 302 must be accessed.After obtaining authority, user can be to configuration memorizer 302 operate.Described operation refers to read and/or write.
The user cipher that user inputs is supplied to access control by specifically jtag controller 306 Device 312 processed, access controller 312 is respectively from clear crytpographic key memorizer 310, access code memorizer Obtain clear crytpographic key, access code in 314, and use described clear crytpographic key that described user cipher is entered Row deciphering, access controller judges that the user cipher after deciphering is the most consistent with described access code, when Time consistent, access controller 312 notifies that Configuration Control Unit 304 allows user to access described configuration Memorizer 302.
It addition, for above-mentioned " user cipher after access controller judgement deciphering and described access code The most consistent, when comparative result is consistent, the authority accessing configuration memorizer could be obtained ", one is replaced It is that access code memorizer 314 is stored by the clear crytpographic key being decrypted in module 310 for mode The password formed after the access code encryption being made up of one or more bits is close as access rights Code, only when the user cipher of user's input is consistent with this access rights password, could obtain visit Ask the authority of configuration memorizer.
In this alternative, when fpga chip powers on, described pressure control extension parameter storage mould In block 316, the pressure control extension initial parameter value of storage is 1, and Configuration Control Unit 304 knows this Know that access rights password must be to be decrypted in module 310 after forcing control extension initial parameter value The clear crytpographic key access code being made up of one or more bits that access code memorizer 314 is stored The password formed after encryption.
Be noted that above-mentioned " when fpga chip powers on, described pressure control extension parameter store In module 316, the pressure control extension initial parameter value of storage is 1, and Configuration Control Unit 304 knows that this is strong Know that access rights password must be decrypted in module 310 after control extension initial parameter value processed The access code being made up of one or more bits that access code memorizer 314 is stored by clear crytpographic key adds The password formed after close " a kind of optimal way, it is also possible to allow initial value be 0 or to be one Other values set in advance carry out corresponding described pressure encryption, do not limit at this.
After being noted that fpga chip powers on, the above-mentioned " non-volatile memory of chip exterior In device 320, the encryption data relevant to configuration chip of storage is through the deciphering module 308 of chip internal Deciphering is configured to configure in memorizer 302 " and " judge the user cipher after deciphering and above-mentioned access When weighing consistent, jtag interface 318 could obtain the authority accessing configuration memorizer 302 " the two Specific order is there is not, i.e. the two flow process can be to carry out parallel between flow process, it is also possible to Be one first after one or after one one first, do not limit at this.
It addition, to illustrate that the clear crytpographic key that deciphering module uses can enter for different user Row customizes in advance.It is to say, the field programmable gate array chip being distributed to different user is adopted Clear crytpographic key can be different.Described different clear crytpographic keys can be provided by user oneself, also User can be informed, it is also possible to by user with chip manufacturer altogether after directly being specified by chip manufacturer With deciding through consultation.Above-mentioned measure strengthens the protection to field programmable gate array chip to a certain extent.
To be illustrated, described access controller 312 can be independently of Configuration Control Unit The parts of 304, it is also possible to be contained within Configuration Control Unit 304 mutually only with jtag controller 306 Vertical parts, it is also possible to be contained within the parts in jtag controller 306.The most in the chips Independent described access controller 312 can not be comprised, and simply by described access controller The repertoire of 312 is all included into described jtag controller 306.
Further, described clear crytpographic key memorizer 310 and pressure control extension parameter storage 316 Can also be contained in described Configuration Control Unit.
It is a preferred side that described clear crytpographic key is stored in chip internal clear crytpographic key memorizer Formula, it can also be stored directly in deciphering module, or be solidificated in other parts of chip internal it In, do not limit at this.
It is an optimal way that described access code is stored in chip internal access code memorizer, its Can also be stored directly in access controller, or be solidificated among other parts of chip internal, Do not limit at this.
Described pressure control extension parameter is stored in chip internal and forces control extension parameter storage In be an optimal way, it can also be stored directly in Configuration Control Unit, or be solidificated in core Among sheet other parts internal, do not limit at this.
In the preferred embodiment, after access code being decrypted password encryption close as access rights Code, only when the user cipher of user's input is consistent with described access rights password, just allows to use Configuration memorizer is operated by family.Thus widen the range of application of relaying configuration memory approach.
Finally, it is noted that in this preferred embodiment, jtag controller and deciphering module are permissible As parts independent in Configuration Control Unit, it is also possible to not as individual components, but by described The function of jtag controller and deciphering module is included into described Configuration Control Unit.
Fig. 4 is the programmable gate array FPGA chip that keeps the scene intact according to an embodiment of the invention The method flow diagram of internal storage.The method comprises the following steps: S402, on fpga chip Electricity, access controller 212 initial value is non-zero, in acquiescence forbids jtag interface 218 access chip Configuration memorizer 202;S404, receives user and inputs user cipher by jtag interface 218, S406, compares user cipher with access code in access controller 212;S408, if The two is identical, opens the jtag interface 218 access rights to configuring memorizer 202 in chip.
Being noted that in step 402, " access controller 212 initial value is non-zero, and acquiescence is forbidden Configuration memorizer 202 in jtag interface 218 access chip " a kind of optimal way, it is also possible to Allowing initial value is that the acquiescence described in 0 correspondence is forbidden, or allow initial value be one set in advance other Value is carried out corresponding described acquiescence and is forbidden, does not limits at this.
In the present embodiment, access code is stored in advance in access code memorizer.Only work as user When the user cipher of input is consistent with the access code prestored, just allow user to configuration memorizer Operate.Described operation refers to read and/or write.Which thereby enhance the motility of user operation, Widen the range of application of relaying configuration memory approach.
Fig. 5 is the programmable gate array FPGA core that keeps the scene intact in accordance with a preferred embodiment of the present invention The method flow diagram of sheet internal storage.The method comprises the following steps: S502, on fpga chip Electricity, access controller 312 initial value is non-zero, in acquiescence forbids jtag interface 318 access chip Configuration memorizer 302;S504, receives user and inputs user cipher by jtag interface 318;S506, Judge to force control extension parameter whether effective, if it is, enter S508, with clear crytpographic key to Family password is decrypted, and the user cipher after deciphering is as comparison other;If it does not, enter S510, Directly using the user cipher of input as comparison other;It follows that enter S512, will be as more right The user cipher of elephant compares with access code in access controller 312, S514, if the two phase With, open the jtag interface 318 access rights to configuring memorizer 302 in chip.
Being noted that in step 502, " access controller 312 initial value is non-zero, and acquiescence is forbidden Configuration memorizer 302 in jtag interface 318 access chip " a kind of optimal way, it is also possible to Allowing initial value is that the acquiescence described in 0 correspondence is forbidden, or allow initial value be one set in advance other Value is carried out corresponding described acquiescence and is forbidden, does not limits at this.
It addition, be noted that above-mentioned pressure control extension parameter the most effectively refers to described pressure Whether the value of control extension parameter indicates the user cipher of described input to encrypt through in advance.Institute The pressure control extension parameter stated is made up of one or more bits, and can allow the value of described parameter is 1 Time correspondence described in effective, it is also possible to allowing described parameter value is 0 or other values set in advance are right Should be described effective, do not limit at this.
In the preferred embodiment, only when the user cipher through deciphering is consistent with access code, Just allow user that configuration memorizer is operated.Described operation refers to read and/or write.Thus Improve the motility of user operation, widen the range of application of relaying configuration memory approach.
Fig. 6 is the programmable gate array FPGA that keeps the scene intact according to another preferred embodiment of the present invention The method flow diagram of chip internal memorizer.The method comprises the following steps: S602, fpga chip Powering on, access controller 312 initial value is non-zero, in acquiescence forbids jtag interface 318 access chip Configuration memorizer 302;S604, it is judged that force control extension parameter the most effective, if it is, enter Entering S606, be encrypted access code with clear crytpographic key, encrypted result is as access rights password; If it does not, enter S608, directly using access code as access rights password, it follows that enter S610, Receive user and input user cipher, S612 by jtag interface 318, user cipher is being accessed control Device 312 compares with access rights password row, S614, if the two is identical, open jtag interface 318 To the access rights configuring memorizer 302 in chip.
Being noted that in step 602, " access controller 312 initial value is non-zero, and acquiescence is forbidden Configuration memorizer 302 in jtag interface 318 access chip " a kind of optimal way, it is also possible to Allowing initial value is that the acquiescence described in 0 correspondence is forbidden, or allow initial value be one set in advance other Value is carried out corresponding described acquiescence and is forbidden, does not limits at this.
It addition, be noted that above-mentioned pressure control extension parameter the most effectively refers to described pressure Whether the value of control extension parameter indicates after access code is decrypted password encryption as access rights Password.Described pressure control extension parameter is made up of one or more bits, can allow described ginseng The value of number effective described in correspondence when being 1, it is also possible to allow described parameter value be 0 or other in advance Set value correspondence described in effective, do not limit at this.
In the preferred embodiment, after access code being decrypted password encryption close as access rights Code is stored in advance in access controller.Only close with access rights when the user cipher of user's input When code is consistent, just allow user that configuration memorizer is operated.Described operation refers to read and/or write Operation.Which thereby enhance the motility of user operation, widen answering of relaying configuration memory approach Use scope.
In above-mentioned all embodiments, Configuration Control Unit is all a core component, to this end, conduct One example, is given below the embodiment of a kind of Configuration Control Unit.In general, programmable chip Configuration data in units of frame frame, frame data include frame head, frame data and postamble, One group of depositor within each frame data correspondence programmable chip, or storage stack.Configuration Controller reads configuration data from nonvolatile external memory and is analyzed, or analysis comes from The configuration data of the external interface active reportings such as JTAG, judge this frame data pair by analyzing frame head Should that group register/memory, then the data of frame data part are sent to described depositor/deposit Reservoir.Specifically, can be sent to configure memorizer by corresponding chip configuration data.
According to the embodiment of above-mentioned Configuration Control Unit, can construct frame data, wherein frame head refers to Controlling one group of depositor therein to accessing, frame data part is to want the data of input.In reality During use, frame data of above-mentioned structure can be as the user cipher of user's input.So JTAG This structure frame can be sent in the corresponding registers in access controller by jtag interface, after The continuous comparison that can be used for access code.
For using the mode forcing encryption, when Configuration Control Unit resolves frame data, can be first by frame Data are sent in deciphering module, then the data after deciphering are sent in the access controller specified Register/memory in, the follow-up comparison that can be used for access code.
Further, as an example, the embodiment of a kind of access controller is given below.Access Controller comprises one group of depositor for receiving the user cipher after Configuration Control Unit resolves/deciphers. Access controller when powering on from access code memorizer read access code.Access controller will be from visit Ask that the user cipher that the access code read in code memory and Configuration Control Unit are sent here compares, enter And produce access control right signal.
It is clear that on the premise of without departing from true spirit and scope of the present invention, be described herein The present invention can have many changes.Therefore, all the most aobvious and easy The change seen, is intended to be included within the scope of the claims contained.Required by the present invention The scope of protection is only defined by described claims.

Claims (8)

1. an on-site programmable gate array FPGA chip for data in relaying configuration memorizer, its Being characterised by, described chip includes:
Configuration memorizer, for storing the configuration data of described chip;
Access code memorizer, is used for storing access code;
Configuration Control Unit, for receiving the user cipher of outside input;
Access controller, for read access code from access code memorizer, and by close for described user Code compares with described access code, when comparative result is consistent, notifies described Configuration Control Unit User is allowed to access described configuration memorizer;
Described Configuration Control Unit includes: joint test behavior tissue jtag controller, described JTAG Controller receives the user cipher of outside input by outside jtag interface, and according to described visit Ask that the described outside jtag interface of control parameter instruction that controller provides accesses described configuration memorizer Access rights;When the control parameter that described access controller provides is default value, described Jtag controller forbids that described jtag interface accesses described configuration memorizer;Described default value is The initial value of described control parameter.
Chip the most according to claim 1, it is characterised in that described access controller comprises In described Configuration Control Unit or jtag controller.
3. according to the chip one of claim 1-2 Suo Shu, it is characterised in that described configuration controls Device includes:
Deciphering module, for solving the configuration data of the encryption from nonvolatile external memory Close and solution ciphertext data is supplied to described configuration memorizer.
4. an on-site programmable gate array FPGA chip for data in relaying configuration memorizer, its Being characterised by, described chip includes:
Configuration memorizer, for storing the configuration data of described chip;
Clear crytpographic key memorizer, is used for storing clear crytpographic key;
Access code memorizer, is used for storing access code;
Configuration Control Unit is for receiving the user cipher of outside input;
Force control extension parameter storage, be used for whether storing the described user cipher of instruction through pre- The parameter first encrypted;
Access controller, for read access code from described access code memorizer, when described parameter Indicating described user cipher is in time encrypting in advance, with described clear crytpographic key to described user cipher It is decrypted, and the user cipher after deciphering is compared with described access code, work as comparative result For time consistent, notify that described Configuration Control Unit allows user to access described configuration memorizer;
Described Configuration Control Unit includes: joint test behavior tissue jtag controller, described JTAG Controller receives the user cipher of outside input by outside jtag interface, and according to described visit Ask that the described outside jtag interface of control parameter instruction that controller provides accesses described configuration memorizer Access rights;When the control parameter that described access controller provides is default value, described Jtag controller forbids that described jtag interface accesses described configuration memorizer;Described default value is The initial value of described control parameter.
Chip the most according to claim 4, it is characterised in that described access controller comprises In described Configuration Control Unit or jtag controller.
6. according to the chip one of claim 4-5 Suo Shu, it is characterised in that described configuration controls Device includes:
Deciphering module, for solving the configuration data of the encryption from nonvolatile external memory Close and the configuration data of deciphering are supplied to described configuration memorizer.
7. a device for data in relaying configuration memorizer, described device includes such as claim The described on-site programmable gate array FPGA chip of one of 1-6, described field programmable gate array Fpga chip comprises described configuration memorizer, it is characterised in that described device also includes:
Jtag interface, for inputting user cipher to described chip.
8. device as claimed in claim 7, it is characterised in that described device also includes:
Nonvolatile storage, for providing the configuration data of the encryption of described chip.
CN201210034216.0A 2012-02-15 2012-02-15 A kind of method and apparatus protecting fpga chip internal configuration memorizer Active CN103257937B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210034216.0A CN103257937B (en) 2012-02-15 2012-02-15 A kind of method and apparatus protecting fpga chip internal configuration memorizer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210034216.0A CN103257937B (en) 2012-02-15 2012-02-15 A kind of method and apparatus protecting fpga chip internal configuration memorizer

Publications (2)

Publication Number Publication Date
CN103257937A CN103257937A (en) 2013-08-21
CN103257937B true CN103257937B (en) 2016-09-14

Family

ID=48961867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210034216.0A Active CN103257937B (en) 2012-02-15 2012-02-15 A kind of method and apparatus protecting fpga chip internal configuration memorizer

Country Status (1)

Country Link
CN (1) CN103257937B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106933752A (en) * 2017-03-09 2017-07-07 西安电子科技大学 The encryption device and method of a kind of SRAM type FPGA

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105182221B (en) * 2015-10-09 2017-12-22 天津国芯科技有限公司 A kind of JTAG MUXs and its connection method in system-on-a-chip
CN108228525B (en) * 2016-12-13 2021-09-24 北京迪文科技有限公司 Device and method for safely realizing SOC (system on chip) of multi-core 8051 processor
FR3072195B1 (en) * 2017-10-11 2019-10-18 Stmicroelectronics (Rousset) Sas METHOD FOR MANAGING RETURN OF PRODUCT FOR ANALYSIS AND CORRESPONDING PRODUCT
CN111680000B (en) * 2020-05-07 2023-08-18 中国科学院微电子研究所 Configuration system and method of field programmable gate array
CN113536351B (en) * 2021-07-27 2023-01-20 中国电子科技集团公司第五十八研究所 Encryption method with permanent encryption based on FLASH type FPGA
CN113641541A (en) * 2021-07-27 2021-11-12 西安芯海微电子科技有限公司 Chip testing method, device, chip and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330399A (en) * 2007-06-19 2008-12-24 上海风格信息技术有限公司 Method for upgrading built-in equipment
CN101958789A (en) * 2010-09-17 2011-01-26 北京航空航天大学 High-speed data encryption/decryption module in communication link
CN102096783A (en) * 2011-02-09 2011-06-15 浪潮电子信息产业股份有限公司 FPGA (Field Programmable Gate Array)-based algorithm encryption card specially for tax control
US8099449B1 (en) * 2007-10-04 2012-01-17 Xilinx, Inc. Method of and circuit for generating a random number using a multiplier oscillation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330399A (en) * 2007-06-19 2008-12-24 上海风格信息技术有限公司 Method for upgrading built-in equipment
US8099449B1 (en) * 2007-10-04 2012-01-17 Xilinx, Inc. Method of and circuit for generating a random number using a multiplier oscillation
CN101958789A (en) * 2010-09-17 2011-01-26 北京航空航天大学 High-speed data encryption/decryption module in communication link
CN102096783A (en) * 2011-02-09 2011-06-15 浪潮电子信息产业股份有限公司 FPGA (Field Programmable Gate Array)-based algorithm encryption card specially for tax control

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106933752A (en) * 2017-03-09 2017-07-07 西安电子科技大学 The encryption device and method of a kind of SRAM type FPGA
CN106933752B (en) * 2017-03-09 2019-10-08 西安电子科技大学 A kind of encryption device and method of SRAM type FPGA

Also Published As

Publication number Publication date
CN103257937A (en) 2013-08-21

Similar Documents

Publication Publication Date Title
CN103257937B (en) A kind of method and apparatus protecting fpga chip internal configuration memorizer
US7334173B2 (en) Method and system for protecting processors from unauthorized debug access
CN104156642B (en) A kind of security password input system and method based on safe touch screen control chip
US10616344B2 (en) System-on-chip data security appliance encryption device and methods of operating the same
CN101971186B (en) Information leak prevention device, and method and program thereof
US8543838B1 (en) Cryptographic module with secure processor
TWI450232B (en) Programmable encryption device, and encryption method
EP2702526B1 (en) Method and apparatus for securing programming data of a programmable device
US9906372B2 (en) Authentication devices, key generator devices, methods for controlling an authentication device, and methods for controlling a key generator
CN104025500A (en) Secure key storage using physically unclonable functions
US8051345B2 (en) Method and apparatus for securing digital information on an integrated circuit during test operating modes
US9305185B1 (en) Method and apparatus for securing programming data of a programmable device
JP2007304847A (en) Memory device
CN105515763B (en) System and method for improving confidentiality via logic gate encryption
CN105656945B (en) A kind of industrial control host secure storage verification method and system
CN102306255B (en) Document protection method and system
KR100972540B1 (en) Secure memory card with life cycle phases
US10291402B2 (en) Method for cryptographically processing data
CN101296349A (en) Video file enciphering/deciphering system and method
CN106933752A (en) The encryption device and method of a kind of SRAM type FPGA
KR102592286B1 (en) Secure programming of secret data
US8397079B2 (en) Method and apparatus for securing digital information on an integrated circuit read only memory during test operating modes
US20120243678A1 (en) Data protection using distributed security key
US20080104396A1 (en) Authentication Method
CN106326781A (en) Method and device for protecting chip testing mode

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
PP01 Preservation of patent right
PP01 Preservation of patent right

Effective date of registration: 20180601

Granted publication date: 20160914

PD01 Discharge of preservation of patent
PD01 Discharge of preservation of patent

Date of cancellation: 20210601

Granted publication date: 20160914