This application note provides anti-tamper (AT) guidance and practical examples to help the FPGA designer protect the intellectual property (IP) and sensitive data that might exist in an FPGA-enabled system. This protection (in the form of tamper resistance) needs to be effective before, during, and after the FPGA has been configured by a bitstream. Sensitive data can include the configuration data that sets up the functionality of the FPGA logic, critical data and/or parameters that might be included in the bitstream (e.g., initial block RAM contents, initial state of flip-flops, etc.), and external data that is dynamically brought in and out of the FPGA during post-configuration normal operation.
This document summarizes the silicon AT features available in the Virtex®-6 and 7 series devices (including the Artix™, Kintex™, Virtex, and Zynq™ series), explains why they exist, and provides use cases and implementation details for each feature. This document also provides guidance on various methods that can be employed to provide additional tamper resistance.
With this application note, engineers can ensure that they are following AT best practices to provide the highest level of protection of their FPGA designs. These best practices broadly apply whether the reason for requiring tamper resistance is to prevent cloning/overbuilding of a commercial design or to protect valuable military critical technology (CT) from reverse engineering efforts by an adversary.