Hardware based IP protection of FPGA designs

On Tuesday, September 27, 2022 at 7:36:39 AM UTC-4, Richard Damon wrote:
> On 9/27/22 4:58 AM, Theo wrote:=20
> > Richard Damon <Ric...@damon-family.org> wrote:=20
> >> The Microsemi FPGA's each have a factory assigned crypto-serial number=
=20
> >> (and individual key) built into the FPGA itself, and a programming fil=
e=20
> >> can be generated that can only program that EXACT FPGA (that factory=
=20
> >> assigned key). You can also generate a programming file encrypted to a=
=20
> >> generic key that any of that model FPGA can take (when you trust the=
=20
> >> programming facility)=20
> >>=20
> >> Their secure programmer takes a programming file encrypted to the=20
> >> programmers key, and with a secure file that the designer has to sign,=
=20
> >> gets the public key for the FPGA and decrypts and reencrypt the=20
> >> programming file for THAT FPGA, while ticking off the usage count kept=
=20
> >> in its own secure storage.=20
> >>=20
> >> This seems fairly secure.=20
> >=20
> > It does, but it doesn't seem to address the OP's threat model. Which is=
=20
> > that they want to give the third party the source code and the ability =
to=20
> > generate their own FPGA bitfiles while still maintaining control (to pr=
event=20
> > overproduction). In that instance the third party can modify the FPGA t=
o=20
> > work around the protection, and you need to do attestation against some=
=20
> > external authority (microcontroller for example) to 'activate' the syst=
em,=20
> > and a way that can't be spoofed by changing the FPGA bitfile.=20
> >=20
> > So if you can run the secure programmer on a microcontroller and extrac=
t the=20
> > serial number without trusting any bitfile, you might be able to use th=
at as=20
> > a key for some component that you do not release to the third party (eg=
=20
> > firmware that runs on a soft-core inside the FPGA).=20
> >=20
> > Or you could require your third party to submit their FPGA bitfile for=
=20
> > signing by an approved key server you control, along with a list of ser=
ial=20
> > numbers of FPGAs you want to allow to run it.=20
> >=20
> > It sounds like they have a useful toolkit, but it would need further=20
> > understanding of the pieces and put them together to meet the requireme=
nts.=20
> >=20
> > Theo
> IF you actually need to give source code, then this system doesn't=20
> provide protection, but my reading of the situation doesn't define that=
=20
> they absolutely need to get source code, but the OP thinks they may want =
it.=20
>=20
> Fundamentally, if you give source code, you have not true secretes in=20
> what you give them. If you can put something ESSENTIAL, that is also not=
=20
> possible to reverse engineer or duplicate into something you can=20
> control, you can maintain control, at least until they figure out how to=
=20
> get around that toll-gate.=20
>=20
> In my opioion, if you are going to sell the code for the major part of=20
> the system, you need to price that part of the transaction to get what=20
> you need out of it, and make the effectively unenforceable unit fees (if=
=20
> any) small enough that they aren't incentivized to break the agreement.

I've made "a bunch" from the unit prices of this design, most of it in the =
last transaction.  I doubt anyone will pay "a bunch" for a board and FPGA d=
esign, even if they don't know how to do it up front. =20

I don't want to negotiate a one time fee for the design.  I've found negoti=
ation to be worse than working.  I want to set up a license, as they have a=
sked, that gives them the right to make the boards if my company is unable =
to supply them.  I think I can tie the design to the use of a couple of cus=
tom chips.  While, in theory, they could figure out what they do and how th=
ey might be replaced, that would be a redesign of the board, requiring a bu=
nch of product testing, etc.  They would only be in the position of making =
the boards if something happens that I can't produce them.  Then they would=
 only consider designing out these devices if they created some problem. =
=20

I'm going to let this rattle about in my mind until it is ripe, but at the =
moment, I'm thinking use the custom chips as a way of tracking their produc=
tion.  A fee will be paid by them according to their stated production.  I =
can verify their production by tracking their use of these parts.  I need t=
o figure out if I can track that through the company making the parts, or i=
f I have to be an intermediary. =20

I haven't heard back from GreenPak as yet.  They don't make it easy to cont=
act anyone.=20

I received an email from  a  company, Simplytronix.  They didn't say anythi=
ng about why they were contacting me, other than just to say they sell comp=
onents.  The really strange part is my email is rejected by their server an=
d when I dial their number, it never rings.  Their web site is so generic, =
they could be selling nearly anything.  I can't figure out how he got the e=
mail address he is using, unless he was contacted by myself or someone I'm =
doing business with.=20

--=20

Rick C.

+- Get 1,000 miles of free Supercharging
+- Tesla referral code - https://ts.la/richard11209