Prev: EDK 10.1 first impressions
Next: Protecting design from being downloaded on other (similar) FPGA devices
From: maverick on 3 Apr 2008 07:16
Hi,
I need to know how can I prohibit a configuration file from being
downloaded on a similar FPGA device. For example, if I have two
similar FPGA boards and I want only one FPGA board to be successfully
programmed with the configuration file whereas if the same
configuration file is downloaded on the other FPGA board, it should
not get programmed. The target device is Virtex II Pro. I know there
is this encryption feature available there for Virtex II and VIrtex II
Pro devices but I am talking about the environment where the FPGAs
will be programmed on startup through host application through PCI and
there is no human intervention for programming the FPGA (or providing
the encryption key). Here is the whole concept. I have a PC system
where a PCI based 'COTS' FPGA card is installed. On startup, my
application programs the FPGA board with the configuration file.
However, if another similar FPGA board is installed in the same PC
system, the application should (somehow) not programm the FPGA or the
FPGA fails to get programmed successfully. I looked into the Device
IDCODE thing but I came to know that the IDCODEs are the same for all
FPGAs belonging to a particular family for example Spartan 3 sc3s1000
FPGA parts will have the same IDCODE. (had it been unique, I would
have stored the IDCODE in my application and on finding a different
IDCODE, I would have aborted the programming device sequence)

I hope I have mentioned my problem statement clearly........

Any suggestion.........

Farhan
From: Antti on 3 Apr 2008 07:32
On 3 Apr., 13:16, maverick <sheikh.m.far...(a)gmail.com> wrote:
> Hi,
> I need to know how can I prohibit a configuration file from being
> downloaded on a similar FPGA device. For example, if I have two
> similar FPGA boards and I want only one FPGA board to be successfully
> programmed with the configuration file whereas if the same
> configuration file is downloaded on the other FPGA board, it should
> not get programmed. The target device is Virtex II Pro. I know there
> is this encryption feature available there for Virtex II and VIrtex II
> Pro devices but I am talking about the environment where the FPGAs
> will be programmed on startup through host application through PCI and
> there is no human intervention for programming the FPGA (or providing
> the encryption key). Here is the whole concept. I have a PC system
> where a PCI based 'COTS' FPGA card is installed. On startup, my
> application programs the FPGA board with the configuration file.
> However, if another similar FPGA board is installed in the same PC
> system, the application should (somehow) not programm the FPGA or the
> FPGA fails to get programmed successfully. I looked into the Device
> IDCODE thing but I came to know that the IDCODEs are the same for all
> FPGAs belonging to a particular family for example Spartan 3 sc3s1000
> FPGA parts will have the same IDCODE. (had it been unique, I would
> have stored the IDCODE in my application and on finding a different
> IDCODE, I would have aborted the programming device sequence)
>
> I hope I have mentioned my problem statement clearly........
>
> Any suggestion.........
>
> Farhan

V2Pro has no efuse like V5 has, so you cant personalize the FPGAs on
COTS board

so whatever you do for your goal it need something on the boards to be
different (except the FPGA)
the only possibility would be the encryption, if not using it, need
something else

Antti






From: John McCaskill on 3 Apr 2008 15:37
On Apr 3, 5:16 am, maverick <sheikh.m.far...(a)gmail.com> wrote:
> Hi,
> I need to know how can I prohibit a configuration file from being
> downloaded on a similar FPGA device. For example, if I have two
> similar FPGA boards and I want only one FPGA board to be successfully
> programmed with the configuration file whereas if the same
> configuration file is downloaded on the other FPGA board, it should
> not get programmed. The target device is Virtex II Pro. I know there
> is this encryption feature available there for Virtex II and VIrtex II
> Pro devices but I am talking about the environment where the FPGAs
> will be programmed on startup through host application through PCI and
> there is no human intervention for programming the FPGA (or providing
> the encryption key). Here is the whole concept. I have a PC system
> where a PCI based 'COTS' FPGA card is installed. On startup, my
> application programs the FPGA board with the configuration file.
> However, if another similar FPGA board is installed in the same PC
> system, the application should (somehow) not programm the FPGA or the
> FPGA fails to get programmed successfully. I looked into the Device
> IDCODE thing but I came to know that the IDCODEs are the same for all
> FPGAs belonging to a particular family for example Spartan 3 sc3s1000
> FPGA parts will have the same IDCODE. (had it been unique, I would
> have stored the IDCODE in my application and on finding a different
> IDCODE, I would have aborted the programming device sequence)
>
> I hope I have mentioned my problem statement clearly........
>
> Any suggestion.........
>
> Farhan

Since you mention that you are loading the bitfile over the PCI bus, I
am assuming that the FPGA is on the PCI card, as opposed to a daugher
card. Is this correct?

If so, you could use the PCI configuration space to tell the cards
appart. If you also know what board the bitfile is for, then the drive
could check to make sure that the board and bitfile versions match,
and refuse to load the bit file if it does not.

Regards,

John McCaskill
www.FasterTechnology.com
From: MM on 3 Apr 2008 18:41
"John McCaskill" <jhmccaskill(a)gmail.com> wrote in message
news:c4d146c4-2719-4817-b11c-750da7e80640(a)s50g2000hsb.googlegroups.com...

>Since you mention that you are loading the bitfile over the PCI bus, I
>am assuming that the FPGA is on the PCI card, as opposed to a daugher
>card. Is this correct?
>
>If so, you could use the PCI configuration space to tell the cards
>appart. If you also know what board the bitfile is for, then the drive
>could check to make sure that the board and bitfile versions match,
>and refuse to load the bit file if it does not.

I was just about to suggest the same solution. PCI spec requires every type
of board to have unique Vendor, and device IDs, as well as there are
SubSystem IDs. Now, this is all great unless the OP is implementing the PCI
bridge in the same FPGA... Ooops...


/Mikhail


From: maverick on 4 Apr 2008 06:05
On Apr 4, 3:41 am, "MM" <mb...(a)yahoo.com> wrote:
> "John McCaskill" <jhmccask...(a)gmail.com> wrote in message
>
> news:c4d146c4-2719-4817-b11c-750da7e80640(a)s50g2000hsb.googlegroups.com...
>
> >Since you mention that you are loading the bitfile over the PCI bus, I
> >am assuming that the FPGA is on the PCI card, as opposed to a daugher
> >card. Is this correct?
>
> >If so, you could use the PCI configuration space to tell the cards
> >appart. If you also know what board the bitfile is for, then the drive
> >could check to make sure that the board and bitfile versions match,
> >and refuse to load the bit file if it does not.
>
> I was just about to suggest the same solution. PCI spec requires every type
> of board to have unique Vendor, and device IDs, as well as there are
> SubSystem IDs. Now, this is all great unless the OP is implementing the PCI
> bridge in the same FPGA... Ooops...
>
> /Mikhail

Thanks everyone for your replies. I think I need to add some more info
here. Infact, I am not trying to secure my FPGA design or bitstream
here. I am trying to prohibit generation of multiple copies of the
same system. For example, assume that I have developed a system which
comprises of a PC and a PCI based FPGA board which is mounted on the
PCI slot of the same PC. The PCI based FPGA board is commercially
availble from a vendor. The host application that runs on the PC
programs the FPGA on application startup. If I deliver this system to
a customer, it is quite possible that the Hard Disk image of the
actual system is created, the same PCI based FPGA board is purchased
from the same vendor and exactly the same PC is purchased. When all
these things are hooked up in the PC...........bingo..........we have
another system ready. In this scenario, I dont see the device ID or
vendor ID stuff is of any use because these IDs would be the same for
the same FPGA board. I dont have any non-volatile memory on the FPGA
board where I can write my own sequnce which can be read out and
verified by the application at startup.

Any thoughts.............

Farhan
 |  Next  |  Last
Pages: 1 2 3
Prev: EDK 10.1 first impressions
Next: Protecting design from being downloaded on other (similar) FPGA devices