Безопасность дизайна

Описание
Технические характеристики

Safeguarding System

Xilinx works closely with government agencies such as NIST in order to provide a complete security solution. The solution provides silicon features, IP, and design flows to meet TRUST specifications and provide solutions for anti-tampering and information assurance.

Information Assurance

Formally known as the Single Chip Cryptography (SCC) flow, Xilinx Isolation Design Flow (IDF) provides fault containments at the FPGA module level, enabling single-chip fault tolerance by various techniques including modular redundancy, watchdog alarms, segregation by safety level, and isolation of test logic for safe removal. More information is available at the “Isolation Design Flow” webpage.

In additional, Xilinx algorithm implementations have achieved Algorithm Validation Program (CAVP) certification.

 Additionally, the algorithm implementations that are used to securely configure Xilinx 7 Series FPGA and Zynq SoC devices have been independently validated as being correct by an NIST-accredited security testing laboratory.  These validations have been entered on the NIST Cryptographic Algorithm Validation 

TRUST

The foundation of security is to ensure that only the true and intended devices, software, firmware, and IP used in the systems do only what they are designed to do and nothing more. Xilinx actively evaluates and monitors open standards such as NIST Standard 800-161 and 5200.44 to meet and exceed these documented specifications.


Anti-Tamper (AT)

Xilinx has been at the forefront of providing FPGA AT solutions for many years. The Virtex-II device was the first FPGA with bitstream encryption, extended by additional AT solutions in Spartan-6, Virtex®-5, Virtex-6, 7 series  and UltraScale™ FPGAs, including bitstream authentication in Virtex-6, Virtex-7 and UltraScale devices. Xilinx also offers a soft IP core, Security Monitor, providing certain tamper protections after configuration.

By taking advantage of various Xilinx FPGA AT features, a systems engineer can choose how much AT to include with the FPGA design. AT can be in the form of enabling individual silicon AT features or a combination of these AT features to cover three main AT categories:

1.       Prevention – For example, bitstream encryption and authentication

2.       Detection – For example, voltage and temperature monitoring

3.       Response – For example, bitstream BBRAM decryption key erasure penalty.

 

The table below shows the supported built-in device capabilities for the different Xilinx device families. Passive security features are built into the FPGA and do not require the user to do anything extra in their FPGA logic design. Active security features require the user design to add them to their FPGA logic design.

BUILT-IN SILICON FEATURES Virtex-5 Spartan-6 Virtex-6 7 series Zynq UltraScale
Passive
AES 256 (BBRAM) X X X X X X
AES 256 (eFUSE)   X X X X X
Secure Config/Boot (PL/PS) X X X X X X
Hardened Readback Disable X X X X X X
Decrypt then Authenticate     X X X X
DPA Countermeasures           X
DPA Resistant           X
Active
SEU Checking X X X X X X
JTAG Disable/Monitor (BSCAN) X X X X X X
Internal Keyclear X X X X X X
Internal Config Mem Clear X   X X X X
Unique Identifier (Device DNA)   X X X X X
On-chip Temp/Volt Monitoring X   X X X X
PROG_B Intercept     X X X X
Unique Identifier (User eFUSE)     X X X X
Key Agility           X
Tamper Logging           X

Also available is the Xilinx Security Monitor (SecMon) IP, an agency-evaluated and exportable security solution.  It consolidates many of the above active security features into a single security module.  For example, it can be used to monitor and respond to attacks such as JTAG, power and temperature and can enforce secure partial reconfiguration (PR) operations.  For additional details please see the Security Monitor IP Product Brief.