Attack of the clones: If you were relying on older Xilinx FPGAs to keep your product's hardware code encrypted and secret, here's some bad news

Attack of the clones: If you were relying on older Xilinx FPGAs to keep your product's hardware code encrypted and secret, here's some bad news

2020-04-22 11:25

A newly disclosed vulnerability in older Xilinx FPGAs can be exploited to simplify the process of extracting and decrypting the encrypted bitstreams used to configure the chips.

There's a solution: you can encrypt your bitstream with AES-CBC and an encryption key, and burn that secret key into the FPGAs you bought as they are placed into your product at your factory.

You then store the encrypted bitstream in flash memory, the FPGA in the device reads it, decrypts the stream using the secret key you gave it, and configures itself.

If your rival tries to use the encrypted bitstream in compatible FPGAs they bought from the same supplier, it won't work because those FPGAs won't have the secret key.

The trio homed in on a register called WBSTAR within the FPGA: this register defines the memory address where the FPGA should start reading in its bitstream after a warm boot, and is set by the bitstream previously loaded from memory.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/22/fpga_xilinx_side_channel/

#attack #encrypted #xilinx