Detailed description of the invention
Fig. 2 is to keep the scene intact according to an embodiment of the invention in programmable gate array FPGA chip
The system block diagram of the device of portion's memorizer.As in figure 2 it is shown, system includes field programmable gate array
Chip, jtag interface 218 and nonvolatile storage 220.Wherein field programmable gate array core
Sheet comprises configuration memorizer 202, Configuration Control Unit 204, clear crytpographic key memorizer 210, accesses control
Device 212 processed, and access code memorizer 214.Described Configuration Control Unit 204 comprises JTAG control
Device 206 processed and deciphering module 208.Described access code memorizer 214 stores by one or many
The access code of individual bit composition.Described access code is as access rights password.
When fpga chip powers on, in the nonvolatile storage 220 of chip exterior storage with configuration core
The encryption data that sheet is relevant is configured to configure memorizer through deciphering module 208 deciphering of chip internal
In 202.
Access controller 212 within fpga chip is used for providing control parameter, described control parameter
Instruction jtag interface 218 accesses the authority of fpga chip internal configuration memorizer 202.FPGA core
When sheet powers on, the initial value of described control parameter is non-zero, and jtag controller 206 knows that this is initial
The configuration memorizer 202 within jtag interface 218 access chip will not be allowed after value.This make from
Chip powers on and starts just to have accomplished the protection to configuration memorizer 202.
Above-mentioned jtag controller 206 knows that the mode controlling initial parameter value can be JTAG control
Device 206 actively reads this initial value, or access controller 212 from access controller 212
Actively report to jtag controller 206.
Be noted that above-mentioned " when fpga chip powers on, the initial value of described control parameter is non-zero,
Jtag controller 206 will not allow joining within jtag interface 218 access chip after knowing this initial value
Put memorizer 202 " a kind of optimal way, it is also possible to allowing initial value is the acquiescence described in 0 correspondence
Forbid, or to allow initial value be that other value set in advance is carried out corresponding described acquiescence and forbidden,
Do not limit at this.
After powering on, if user wants to deposit through the configuration within jtag interface 218 access chip
Reservoir 202, needs to first pass through jtag interface input and the access of storage in access code memorizer 214
Code-phase user cipher together could obtain the power accessing configuration memorizer 202 through jtag interface 218
Limit.After obtaining authority, configuration memorizer 202 can be operated by user.Described operation is
Refer to read and/or write.The user cipher that specifically user is inputted by jtag controller 206
Being supplied to access controller 212, access controller 212 reads visit from access code memorizer 214
Ask that code, access controller judge that described user cipher is the most consistent with described access code, when consistent,
Access controller 212 notifies that Configuration Control Unit 204 allows user to access described configuration memorizer
202。
It is above-mentioned that " user cipher that user inputs is supplied to access controller by jtag controller 206
212 " elder generation and between " access controller 212 is read access code from access code memorizer 214 "
There is not restriction in rear order.
After being noted that fpga chip powers on, the above-mentioned " non-volatile memory of chip exterior
In device 220, the encryption data relevant to configuration chip of storage is through the deciphering module 208 of chip internal
Deciphering is configured to configure in memorizer 202 " with " if user wants to visit through jtag interface 218
Ask the configuration memorizer 202 of chip internal, need to first pass through jtag interface input and store with access code
The user cipher that in device 214, the access code of storage is identical could obtain and access through jtag interface 218
The authority of configuration memorizer 202 " there is not specific order between the two flow process, i.e. and these are two years old
Individual flow process can be to carry out parallel, it is also possible to be one first after one or after one one first, do not limit at this
Fixed.
It addition, to illustrate that the clear crytpographic key that deciphering module uses can enter for different user
Row customizes in advance.It is to say, the field programmable gate array chip being distributed to different user is adopted
Clear crytpographic key can be different.Such as, described different clear crytpographic keys can be carried by user oneself
Supply.Additionally for aforesaid access code, it is also possible to customize in advance for different user.Example
As specified by user, or chip manufacturer directly specify after inform user, it is also possible to by user with
Chip manufacturer decides through consultation jointly, does not limits at this.It is right that above-mentioned measure strengthens to a certain extent
The protection of field programmable gate array chip.
To be illustrated, described access controller 212 can be independently of Configuration Control Unit
The parts of 204, it is also possible to be contained within Configuration Control Unit 204 mutually only with jtag controller 206
Vertical parts, it is also possible to be contained within the parts in jtag controller 206.The most in the chips
Independent described access controller 212 can not be comprised, and simply by described access controller
The repertoire of 212 is all included into described jtag controller or Configuration Control Unit.
Further, described clear crytpographic key memorizer 310 can also be contained in described Configuration Control Unit
In.
It is a preferred side that described clear crytpographic key is stored in chip internal clear crytpographic key memorizer
Formula, it can also be stored directly in deciphering module, or be solidificated in other parts of chip internal it
In, do not limit at this.
It is an optimal way that described access code is stored in chip internal access code memorizer, and it is also
Can be stored directly in access controller, or be solidificated among other parts of chip internal,
This does not limits.
In the present embodiment, only when the user cipher of user's input is consistent with described access code,
Just allow user that configuration memorizer is operated, widen the application of relaying configuration memory approach
Scope.
Finally, it is noted that in the present embodiment, jtag controller and deciphering module can conducts
Parts independent in Configuration Control Unit, it is also possible to not as individual components, but by described JTAG
The function of controller and deciphering module is included into described Configuration Control Unit.
Fig. 3 is the programmable gate array FPGA that keeps the scene intact in accordance with a preferred embodiment of the present invention
The system block diagram of the device of chip internal memorizer.As it is shown on figure 3, system includes field-programmable
Gate array chip, jtag interface 318 and nonvolatile storage 320.Wherein field programmable gate
Array chip comprise configuration memorizer 302, Configuration Control Unit 304, clear crytpographic key memorizer 310,
Access controller 312, access code memorizer 314, and force control extension parameter memory module 316.
Described Configuration Control Unit 304 comprises jtag controller 306 and deciphering module 308.Described visit
Ask that code memory 314 stores the access code being made up of one or more bits.Described pressure is encrypted
Controlling to store pressure control extension parameter in parameter memory module 316, this parameter is by one or many
Individual bit forms.
When fpga chip powers on, in the nonvolatile storage 320 of chip exterior storage with configuration core
The encryption data that sheet is relevant is configured to configure memorizer through deciphering module 308 deciphering of chip internal
In 302.
Access controller 312 within fpga chip is used for providing control parameter, described control parameter
Instruction jtag interface 318 accesses the authority of fpga chip internal configuration memorizer 302.FPGA core
When sheet powers on, the initial value of described control parameter is non-zero, and jtag controller 306 knows that this is initial
The configuration memorizer 302 within jtag interface 318 access chip will not be allowed after value.This make from
Chip powers on and starts just to have accomplished the protection to configuration memorizer 302.
Above-mentioned jtag controller 306 knows that the mode controlling initial parameter value can be JTAG control
Device 306 actively reads this initial value, or access controller 312 from access controller 312
Actively report to jtag controller 306.
Be noted that above-mentioned " when fpga chip powers on, the initial value of described control parameter is non-zero,
Jtag controller 306 will not allow joining within jtag interface 318 access chip after knowing this initial value
Put memorizer 302 " a kind of optimal way, it is also possible to allowing initial value is the acquiescence described in 0 correspondence
Forbid, or to allow initial value be that other value set in advance is carried out corresponding described acquiescence and forbidden,
Do not limit at this.
When fpga chip powers on, in described pressure control extension parameter memory module 316, storage is strong
Control extension initial parameter value processed is 1, and Configuration Control Unit 304 knows this pressure control extension parameter
Know after initial value that the user cipher that user inputs is pre-to first pass through encryption, it is necessary to use deciphering mould
Described user cipher is decrypted by the clear crytpographic key in block 310.
Be noted that above-mentioned " when fpga chip powers on, described pressure control extension parameter store
In module 316, the pressure control extension initial parameter value of storage is 1, and Configuration Control Unit 304 knows that this is strong
Know after control extension initial parameter value processed that the user cipher that user inputs is pre-to first pass through encryption,
Must use the clear crytpographic key in deciphering module 310 that described user cipher is decrypted " a kind of
Optimal way, it is also possible to allow initial value be 0 or to be that other value set in advance is next corresponding described
Pressure encryption, do not limit at this.
Judge that when the user cipher after deciphering is consistent with above-mentioned access right, jtag interface 318 just can obtain
The authority of configuration memorizer 302 must be accessed.After obtaining authority, user can be to configuration memorizer
302 operate.Described operation refers to read and/or write.
The user cipher that user inputs is supplied to access control by specifically jtag controller 306
Device 312 processed, access controller 312 is respectively from clear crytpographic key memorizer 310, access code memorizer
Obtain clear crytpographic key, access code in 314, and use described clear crytpographic key that described user cipher is entered
Row deciphering, access controller judges that the user cipher after deciphering is the most consistent with described access code, when
Time consistent, access controller 312 notifies that Configuration Control Unit 304 allows user to access described configuration
Memorizer 302.
It addition, for above-mentioned " user cipher after access controller judgement deciphering and described access code
The most consistent, when comparative result is consistent, the authority accessing configuration memorizer could be obtained ", one is replaced
It is that access code memorizer 314 is stored by the clear crytpographic key being decrypted in module 310 for mode
The password formed after the access code encryption being made up of one or more bits is close as access rights
Code, only when the user cipher of user's input is consistent with this access rights password, could obtain visit
Ask the authority of configuration memorizer.
In this alternative, when fpga chip powers on, described pressure control extension parameter storage mould
In block 316, the pressure control extension initial parameter value of storage is 1, and Configuration Control Unit 304 knows this
Know that access rights password must be to be decrypted in module 310 after forcing control extension initial parameter value
The clear crytpographic key access code being made up of one or more bits that access code memorizer 314 is stored
The password formed after encryption.
Be noted that above-mentioned " when fpga chip powers on, described pressure control extension parameter store
In module 316, the pressure control extension initial parameter value of storage is 1, and Configuration Control Unit 304 knows that this is strong
Know that access rights password must be decrypted in module 310 after control extension initial parameter value processed
The access code being made up of one or more bits that access code memorizer 314 is stored by clear crytpographic key adds
The password formed after close " a kind of optimal way, it is also possible to allow initial value be 0 or to be one
Other values set in advance carry out corresponding described pressure encryption, do not limit at this.
After being noted that fpga chip powers on, the above-mentioned " non-volatile memory of chip exterior
In device 320, the encryption data relevant to configuration chip of storage is through the deciphering module 308 of chip internal
Deciphering is configured to configure in memorizer 302 " and " judge the user cipher after deciphering and above-mentioned access
When weighing consistent, jtag interface 318 could obtain the authority accessing configuration memorizer 302 " the two
Specific order is there is not, i.e. the two flow process can be to carry out parallel between flow process, it is also possible to
Be one first after one or after one one first, do not limit at this.
It addition, to illustrate that the clear crytpographic key that deciphering module uses can enter for different user
Row customizes in advance.It is to say, the field programmable gate array chip being distributed to different user is adopted
Clear crytpographic key can be different.Described different clear crytpographic keys can be provided by user oneself, also
User can be informed, it is also possible to by user with chip manufacturer altogether after directly being specified by chip manufacturer
With deciding through consultation.Above-mentioned measure strengthens the protection to field programmable gate array chip to a certain extent.
To be illustrated, described access controller 312 can be independently of Configuration Control Unit
The parts of 304, it is also possible to be contained within Configuration Control Unit 304 mutually only with jtag controller 306
Vertical parts, it is also possible to be contained within the parts in jtag controller 306.The most in the chips
Independent described access controller 312 can not be comprised, and simply by described access controller
The repertoire of 312 is all included into described jtag controller 306.
Further, described clear crytpographic key memorizer 310 and pressure control extension parameter storage 316
Can also be contained in described Configuration Control Unit.
It is a preferred side that described clear crytpographic key is stored in chip internal clear crytpographic key memorizer
Formula, it can also be stored directly in deciphering module, or be solidificated in other parts of chip internal it
In, do not limit at this.
It is an optimal way that described access code is stored in chip internal access code memorizer, its
Can also be stored directly in access controller, or be solidificated among other parts of chip internal,
Do not limit at this.
Described pressure control extension parameter is stored in chip internal and forces control extension parameter storage
In be an optimal way, it can also be stored directly in Configuration Control Unit, or be solidificated in core
Among sheet other parts internal, do not limit at this.
In the preferred embodiment, after access code being decrypted password encryption close as access rights
Code, only when the user cipher of user's input is consistent with described access rights password, just allows to use
Configuration memorizer is operated by family.Thus widen the range of application of relaying configuration memory approach.
Finally, it is noted that in this preferred embodiment, jtag controller and deciphering module are permissible
As parts independent in Configuration Control Unit, it is also possible to not as individual components, but by described
The function of jtag controller and deciphering module is included into described Configuration Control Unit.
Fig. 4 is the programmable gate array FPGA chip that keeps the scene intact according to an embodiment of the invention
The method flow diagram of internal storage.The method comprises the following steps: S402, on fpga chip
Electricity, access controller 212 initial value is non-zero, in acquiescence forbids jtag interface 218 access chip
Configuration memorizer 202;S404, receives user and inputs user cipher by jtag interface 218,
S406, compares user cipher with access code in access controller 212;S408, if
The two is identical, opens the jtag interface 218 access rights to configuring memorizer 202 in chip.
Being noted that in step 402, " access controller 212 initial value is non-zero, and acquiescence is forbidden
Configuration memorizer 202 in jtag interface 218 access chip " a kind of optimal way, it is also possible to
Allowing initial value is that the acquiescence described in 0 correspondence is forbidden, or allow initial value be one set in advance other
Value is carried out corresponding described acquiescence and is forbidden, does not limits at this.
In the present embodiment, access code is stored in advance in access code memorizer.Only work as user
When the user cipher of input is consistent with the access code prestored, just allow user to configuration memorizer
Operate.Described operation refers to read and/or write.Which thereby enhance the motility of user operation,
Widen the range of application of relaying configuration memory approach.
Fig. 5 is the programmable gate array FPGA core that keeps the scene intact in accordance with a preferred embodiment of the present invention
The method flow diagram of sheet internal storage.The method comprises the following steps: S502, on fpga chip
Electricity, access controller 312 initial value is non-zero, in acquiescence forbids jtag interface 318 access chip
Configuration memorizer 302;S504, receives user and inputs user cipher by jtag interface 318;S506,
Judge to force control extension parameter whether effective, if it is, enter S508, with clear crytpographic key to
Family password is decrypted, and the user cipher after deciphering is as comparison other;If it does not, enter S510,
Directly using the user cipher of input as comparison other;It follows that enter S512, will be as more right
The user cipher of elephant compares with access code in access controller 312, S514, if the two phase
With, open the jtag interface 318 access rights to configuring memorizer 302 in chip.
Being noted that in step 502, " access controller 312 initial value is non-zero, and acquiescence is forbidden
Configuration memorizer 302 in jtag interface 318 access chip " a kind of optimal way, it is also possible to
Allowing initial value is that the acquiescence described in 0 correspondence is forbidden, or allow initial value be one set in advance other
Value is carried out corresponding described acquiescence and is forbidden, does not limits at this.
It addition, be noted that above-mentioned pressure control extension parameter the most effectively refers to described pressure
Whether the value of control extension parameter indicates the user cipher of described input to encrypt through in advance.Institute
The pressure control extension parameter stated is made up of one or more bits, and can allow the value of described parameter is 1
Time correspondence described in effective, it is also possible to allowing described parameter value is 0 or other values set in advance are right
Should be described effective, do not limit at this.
In the preferred embodiment, only when the user cipher through deciphering is consistent with access code,
Just allow user that configuration memorizer is operated.Described operation refers to read and/or write.Thus
Improve the motility of user operation, widen the range of application of relaying configuration memory approach.
Fig. 6 is the programmable gate array FPGA that keeps the scene intact according to another preferred embodiment of the present invention
The method flow diagram of chip internal memorizer.The method comprises the following steps: S602, fpga chip
Powering on, access controller 312 initial value is non-zero, in acquiescence forbids jtag interface 318 access chip
Configuration memorizer 302;S604, it is judged that force control extension parameter the most effective, if it is, enter
Entering S606, be encrypted access code with clear crytpographic key, encrypted result is as access rights password;
If it does not, enter S608, directly using access code as access rights password, it follows that enter S610,
Receive user and input user cipher, S612 by jtag interface 318, user cipher is being accessed control
Device 312 compares with access rights password row, S614, if the two is identical, open jtag interface 318
To the access rights configuring memorizer 302 in chip.
Being noted that in step 602, " access controller 312 initial value is non-zero, and acquiescence is forbidden
Configuration memorizer 302 in jtag interface 318 access chip " a kind of optimal way, it is also possible to
Allowing initial value is that the acquiescence described in 0 correspondence is forbidden, or allow initial value be one set in advance other
Value is carried out corresponding described acquiescence and is forbidden, does not limits at this.
It addition, be noted that above-mentioned pressure control extension parameter the most effectively refers to described pressure
Whether the value of control extension parameter indicates after access code is decrypted password encryption as access rights
Password.Described pressure control extension parameter is made up of one or more bits, can allow described ginseng
The value of number effective described in correspondence when being 1, it is also possible to allow described parameter value be 0 or other in advance
Set value correspondence described in effective, do not limit at this.
In the preferred embodiment, after access code being decrypted password encryption close as access rights
Code is stored in advance in access controller.Only close with access rights when the user cipher of user's input
When code is consistent, just allow user that configuration memorizer is operated.Described operation refers to read and/or write
Operation.Which thereby enhance the motility of user operation, widen answering of relaying configuration memory approach
Use scope.
In above-mentioned all embodiments, Configuration Control Unit is all a core component, to this end, conduct
One example, is given below the embodiment of a kind of Configuration Control Unit.In general, programmable chip
Configuration data in units of frame frame, frame data include frame head, frame data and postamble,
One group of depositor within each frame data correspondence programmable chip, or storage stack.Configuration
Controller reads configuration data from nonvolatile external memory and is analyzed, or analysis comes from
The configuration data of the external interface active reportings such as JTAG, judge this frame data pair by analyzing frame head
Should that group register/memory, then the data of frame data part are sent to described depositor/deposit
Reservoir.Specifically, can be sent to configure memorizer by corresponding chip configuration data.
According to the embodiment of above-mentioned Configuration Control Unit, can construct frame data, wherein frame head refers to
Controlling one group of depositor therein to accessing, frame data part is to want the data of input.In reality
During use, frame data of above-mentioned structure can be as the user cipher of user's input.So JTAG
This structure frame can be sent in the corresponding registers in access controller by jtag interface, after
The continuous comparison that can be used for access code.
For using the mode forcing encryption, when Configuration Control Unit resolves frame data, can be first by frame
Data are sent in deciphering module, then the data after deciphering are sent in the access controller specified
Register/memory in, the follow-up comparison that can be used for access code.
Further, as an example, the embodiment of a kind of access controller is given below.Access
Controller comprises one group of depositor for receiving the user cipher after Configuration Control Unit resolves/deciphers.
Access controller when powering on from access code memorizer read access code.Access controller will be from visit
Ask that the user cipher that the access code read in code memory and Configuration Control Unit are sent here compares, enter
And produce access control right signal.
It is clear that on the premise of without departing from true spirit and scope of the present invention, be described herein
The present invention can have many changes.Therefore, all the most aobvious and easy
The change seen, is intended to be included within the scope of the claims contained.Required by the present invention
The scope of protection is only defined by described claims.