Further on we will consider only the following FPGA families: Microsemi Fusion 38, Microsemi SmartFusion 39, Altera Stratix-II 40, Xilinx Virtex-5 41 and Xilinx Virtex-6 42.
The necessity to protect secret keying material stored within FPGA devices forces FPGA manufacturers to implement different protection techniques. One such tech- nique proposed in TEMPEST specification 43 suggests to create red (containing sensitive plaintext data material, or secret keys in clear) and black (ciphertext, se- cret keys are encrypted) zones that should be implemented in two different chips. If they must be in the same package, there must by an air gap between the two chips to protect data in the red zone.However, if a single chip FPGA is used for security applications, air gaps cannot be creates and tradeoffs must be searched.
The first and the simplest idea is to separate red logic from the black logic in the FPGA. The logic blocks between the red and black zones must not be used, so that the logic is separated by an imaginary gaps formed from these unused blocks. This can be done in all aforementioned FPGAs using FPGA-specific design constraints.Unfortunately, logic separation is necessary but not sufficient. In addition to logic separation, routing resources crossing from one zone to another must be limited to a certain extent and special routing macros must be used for crossing the borders. However, this is not possible in all FPGAs.
Manual routing is not supported in Microsemi FPGAs. Altera Stratix-II supports manual routing to a certain extent. Xilinx Virtex-5 and -6 devices enable designers to select routing quite precisely. Moreover, set of constraints and flows is available to control routing automatically. To facilitate all this effort, Xilinx has proposed so called Isolation Design Flow.2.6.
5 Isolation Design Flow in Xilinx FPGAsThe Isolation Design Flow (a part of the Single Chip Crypto project) allows to control placement of logic, routing, insertion of trusted bus macros, external isolation of I/O bank, etc. The flow is supported by the Xilinx PlanAhead software. Note that a partial reconfiguration license is necessary for the isolation design flow in the PlanAhead tool.
First of all, VHDL design must be divided into security zones. Each zone must be synthesized separately forming separate netlists. All these netlists must be loaded into the PlanAhead tool. Each netlist is placed into a logic partition. The sep- aration to partitions ensures that logic in each partition is synthesized separately. Next, a partition is placed into a physical block which encompasses logic and routing resources, BRAMs, DSPs, and other blocks. To isolate physical blocks and corre- sponding routing resources from each other, special constraints must be applied to each physical block.
As a result, the logic is located inside the corresponding
