Manualshelf

User guide

ManualsBrandsAutostart ManualsAutomotivePD-2.7
81828384858687888990
90 www.xilinx.com Spartan-6 FPGA Configuration User Guide
UG380 (v2.7) October 29, 2014
Chapter 5: Configuration Details
Loading the Encryption Key
The encryption key can only be loaded onto a
Spartan-6
device through the JTAG interface.
The iMPACT tool, provided with ISE software, can accept the NKY file as an input and
program the device with the key through JTAG, using a Xilinx USB-II programming cable
.
To program the key, the device enters a special key-access mode using the
ISC_PROGRAM_KEY instruction. In this instruction, all FPGA memory, including the
encryption key and configuration memory, is cleared. After the key is programmed and
the key-access mode is exited and the Key Security bits are programmed, the key cannot be
read out of the device by any means, and it cannot be reprogrammed without clearing the
entire device. After programming the key into the eFUSE, the key cannot be
reprogrammed later.
Loading Encrypted Bitstreams
Once the device has been programmed with the correct encryption key, the device can be
configured with an encrypted bitstream. After configuration with an encrypted bitstream,
it is not possible to read the configuration memory through JTAG or SelectMAP readback,
regardless of the BitGen security setting.
While the device holds an encryption key, a non-encrypted bitstream can be used to
configure the device; in this case the key is ignored. After configuring with a non-
encrypted bitstream, readback is possible (if allowed by the BitGen security setting). The
encryption key still cannot be read out of the device, preventing the use of Trojan Horse
bitstreams to defeat the Spartan-6 FPGA encryption scheme.
The method of configuration is not affected by encryption. The configuration bitstream can
be delivered in any x1 or x8 data width configuration mode (Serial, SPI x1, JTAG, BPI,
SelectMAP). The SPI x2, SPI x4, BPI x16, and SelectMAP x16 bus widths are not supported
for encrypted bitstreams. Configuration timing and signaling are also unaffected by
encryption.
After configuration, the device cannot be reconfigured without toggling the PROGRAM_B
pin, cycling power, or issuing the JPROGRAM instruction. Fallback reconfiguration and
IPROG reconfiguration (see Fallback MultiBoot, page 132) are disabled after encryption is
turned on. Readback is available through the ICAP primitive (see Bitstream Encryption
and Internal Configuration Access Port (ICAP)). None of these events resets the key if
V
BATT
or V
CCAUX
is maintained.
A mismatch between the key used to generate the encrypted bitstream and the key stored
in the device causes configuration to fail with the INIT_B pin going Low and the DONE
pin remaining Low.