Reply by Alvin Andries●September 16, 20052005-09-16
"Paul Urbanus" <urbpublic@hotmail.com> wrote in message
news:4328ca81$1_6@news.uncensored-news.com...
> I have an FPGA design where the VHDL source code is a deliverable item
> to the customer. One of the blocks in the FPGA must be protected so that
> the customer can't see the source and modify it. The device is a
> Virtex2-Pro.
>
> I could obfuscate the VHDL identifiers, then generate a netlist, but
> that doesn't seem to be very strong protection. I also have a picoblaze
> processor in the design, so I'm not sure how well I can obfuscate the
> block RAM contents. I could swizzle the address/data bits (as the TOCOM
> 5507VIP cable box did) when hooking up the block rom to picoblaze, then
> write a script to convert the picoblaze object code to swizzled ROM init
> files.
>
> I heard a rumor (from a Xilinx FAE) that ISE 7 would have some facility
> for protecting blocks of code in situations such as this, but I haven't
> been able to find any info on the Xilinx website about this.
>
> Peter Alfke, I know you have the answer :)
>
> TIA
>
> Urb
>
Hi,
Only deliver the component declaration with the VHDL code and provide the
.ngo/.ngd encrypted netlist with it as well. In this case, the NGDBUILD
phase during synthesis will put your IP in place while protecting your
source code. Similarly, you might have to provide an encrypted file to allow
for simulation (depends on the customer's simulation tool). The main
disadvantage is that you're responsible for selecting the device and and
supported speed.
So to wrap up:
split the task into 2 "projects"
A) The protected IP:
1) code, test and so on
2) constrain (if you want to deliver a netlist)
3) generate the encrypted files
B) The main code
1) set up libraries and so on to invoke the encrypted blocks
2) use the component of the protected IP (don't include the source code)
3) code, test and so on
4) deliverables = encrypted files + readable project code
Most fun will be in looking in how to do the encryption for the various
tools.
Kind regards,
Alvin.
Reply by ●September 16, 20052005-09-16
Paul Urbanus <urbpublic@hotmail.com> writes:
> Mike Treseler wrote:
> > Paul Urbanus wrote:
> >
> >> I have an FPGA design where the VHDL source code is a deliverable
> >> item to the customer. One of the blocks in the FPGA must be
> >> protected so that the customer can't see the source and modify it.
> > Either source code is a deliverable or it isn't.
> > Unreadable source code is useless so why
> > bother creating it.
> > -- Mike Treseler
>
> The idea isn't to deliver source code. Instead, the idea is to deliver
> a netlist file which is generated by compiling the source code. The
> block in question is implemented using proprietary info
>
> M NDA (with a chip manufacturer) states that this proprietary info
> must be protected. Therefore, any code which utilizes this proprietary
> info can't be redistributed in source form. So if I delivered a
> synthesisized netlist I must make sure that the net names are
> obfuscated, at a minimum. This can be achieved at either the source or
> netlist level.
>
I'd fudge the netlist with a script that renames all the nets and
component instances. Would that be enough?
I seem to recall that at one point Nios was source code with all the
nets named as long random combinations of 1lI0O, which was kind of weird to
look at!
Cheers,
Martin
--
martin.j.thompson@trw.com
TRW Conekt, Solihull, UK
http://www.trw.com/conekt
Reply by Paul Urbanus●September 15, 20052005-09-15
Mike Treseler wrote:
> Paul Urbanus wrote:
>
>> I have an FPGA design where the VHDL source code is a deliverable item
>> to the customer. One of the blocks in the FPGA must be protected so
>> that the customer can't see the source and modify it.
>
>
> Either source code is a deliverable or it isn't.
> Unreadable source code is useless so why
> bother creating it.
>
> -- Mike Treseler
The idea isn't to deliver source code. Instead, the idea is to deliver a
netlist file which is generated by compiling the source code. The block
in question is implemented using proprietary info
M NDA (with a chip manufacturer) states that this proprietary info must
be protected. Therefore, any code which utilizes this proprietary info
can't be redistributed in source form. So if I delivered a synthesisized
netlist I must make sure that the net names are obfuscated, at a
minimum. This can be achieved at either the source or netlist level.
You can debate the sensibility of protecting the proprietary, but I'm
contractually obligated to do so, and this policy will not be changed.
Given this, can anyone answer my original question and suggest how best
to protect a specific functional block in a larger Xilinx design.
Urb
_______________________________________________________________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source <><><><><><><><>
Reply by Mike Treseler●September 15, 20052005-09-15
Paul Urbanus wrote:
> I have an FPGA design where the VHDL source code is a deliverable item
> to the customer. One of the blocks in the FPGA must be protected so that
> the customer can't see the source and modify it.
Either source code is a deliverable or it isn't.
Unreadable source code is useless so why
bother creating it.
-- Mike Treseler
Reply by Paul Urbanus●September 14, 20052005-09-14
I have an FPGA design where the VHDL source code is a deliverable item
to the customer. One of the blocks in the FPGA must be protected so that
the customer can't see the source and modify it. The device is a
Virtex2-Pro.
I could obfuscate the VHDL identifiers, then generate a netlist, but
that doesn't seem to be very strong protection. I also have a picoblaze
processor in the design, so I'm not sure how well I can obfuscate the
block RAM contents. I could swizzle the address/data bits (as the TOCOM
5507VIP cable box did) when hooking up the block rom to picoblaze, then
write a script to convert the picoblaze object code to swizzled ROM init
files.
I heard a rumor (from a Xilinx FAE) that ISE 7 would have some facility
for protecting blocks of code in situations such as this, but I haven't
been able to find any info on the Xilinx website about this.
Peter Alfke, I know you have the answer :)
TIA
Urb
_______________________________________________________________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source <><><><><><><><>