A PCIe card includes an FPGA and a memory that is discrete from the FPGA. The memory is accessible by the FPGA and not other devices on the card. The FPGA's core fabric is configured with a security processor that verifies a bitstream loaded through the FGPA into the memory as authentic or not authentic to limit unauthorized access to data from a user circuit that is associated with a not authentic bitstream. The security processor is loaded into the FPGA when a request is made for bitstream verification and is allowed to be overwritten after the security processor processes the bitstream to determine if the bitstream is authentication or not authentic. Allowing the security processor to be overwritten allows for high percentage usage of the core fabric for user circuits and limits the inclusion of a static circuit in the core fabric that is infrequently used.