公开(公告)号：US11379580B1

公开(公告)日：2022-07-05

申请号：US16819864

申请日：2020-03-16

Applicant: Xilinx, Inc.

Inventor： James D. Wesselkamper ,  Edward S. Peterson ,  Jason J. Moore ,  Steven E. McNeil ,  Roger D. Flateau, Jr. ,  Danny Tsung-Heng Wu ,  Boon Y. Ang

IPC: G06F21/55 ,  G06F21/72 ,  H04L9/32 ,  G11C29/00 ,  G11C29/08

Abstract: An array of non-volatile memory cells includes rows and columns. A volatile storage circuit provides addressable units of storage. A control circuit reads first type data and second type data from one or more of the rows and multiple ones of the columns of the array of non-volatile memory cells. The control circuit stores the first type data and second type data read from each row in one or more addressable units of storage of the volatile storage. A security circuit reads first data from the one or more of the addressable units of the volatile storage and selects from the first data, the second type data that includes one or more bits of each of the one or more of the addressable units. The security circuit performs an integrity check on the selected second type data, and generates an alert signal that indicates a security violation in response to failure of the integrity check.

公开(公告)号：US11280829B1

公开(公告)日：2022-03-22

申请号：US16721843

申请日：2019-12-19

Applicant: Xilinx, Inc.

Inventor： Ramakrishna G. Poolla ,  Krishna C. Patakamuri ,  James D. Wesselkamper ,  Jason J. Moore ,  Edward S. Peterson ,  Steven E. McNeil

IPC: H04L29/06 ,  G01R31/317 ,  G01R31/3177 ,  G06F21/44 ,  H04L9/32 ,  G06F21/76 ,  H04L9/30

Abstract: Disclosed approaches for controlling debug access to an integrated circuit (IC) device include receiving a debug packet by a debug interface circuit of the IC device. The debug interface circuit authenticates the debug packet in response to the debug packet having a command code that specifies enable debug mode or a command code that specifies disable debug mode. In response to the debug packet passing authentication and the command code specifying enable, the debug interface circuit enables debug mode of the IC device. In response to the debug packet passing authentication and the command code specifying disable, the debug interface circuit disables the debug mode of the IC device. In response to the debug packet failing authentication, the debug interface circuit rejects the debug packet.

公开(公告)号：US10776522B1

公开(公告)日：2020-09-15

申请号：US15900380

申请日：2018-02-20

Applicant: Xilinx, Inc.

Inventor： Steven E. McNeil ,  Jason J. Moore ,  Theodore A. Ennis

IPC: H04L9/30 ,  H04L9/08 ,  G06F21/72 ,  H04L9/32

Abstract: Protecting circuit designs can include, in response to receiving a first encrypted public key, generating, using a hash circuit within the integrated circuit, a first hash of the first encrypted public key. The first hash can be compared with a second hash that was previously stored within a non-volatile memory of the integrated circuit. In response to determining that the first hash matches the second hash, the first encrypted public key is decrypted resulting in a first decrypted public key. A determination is made whether received configuration data for the device is authentic using the first decrypted public key.

公开(公告)号：US10107855B1

公开(公告)日：2018-10-23

申请号：US14536474

申请日：2014-11-07

Applicant: Xilinx, Inc.

Inventor： John D. Corbett ,  Steven E. McNeil

IPC: G01R31/28

Abstract: Apparatuses, systems, and methods for detecting changes to an IC are disclosed. In an example implementation, an apparatus includes an electromagnetic (EM) sensor. A high-resolution analog-to-digital converter (ADC) is configured to quantize a segment of the EM signal of an IC measured by the EM sensor. The quantized segment of the EM signal is unique to process-voltage-temperature (PVT) characteristics exhibited by the IC. The apparatus also includes a processing circuit configured to prompt the high-resolution ADC, via a control signal, to produce the quantized segment of the EM signal. The processing circuit determines a first signature from the quantized segment and retrieves a baseline signature corresponding to the IC from a data storage circuit. In response to the first signature being different from the baseline signature, the processing circuit indicates that a change to the IC is detected.

公开(公告)号：US09270469B2

公开(公告)日：2016-02-23

申请号：US14185780

申请日：2014-02-20

Applicant: Xilinx, Inc.

Inventor： Jason J. Moore ,  Steven E. McNeil ,  Stephen M. Trimberger

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/572 ,  G06F21/575 ,  G06F21/71 ,  G06F21/76 ,  H04L9/0825 ,  H04L9/0891 ,  H04L9/3236

Abstract: One approach for authenticating data includes storing a plurality of combinations of representations of public keys and session key IDs in a non-volatile memory. A payload and accompanying public key, session key ID, and signature of the payload are input. The signature is a function of the payload and a private key of a key pair that includes the accompanying public key and the private key. Authenticity of the payload is determined based on the accompanying public key and session key ID and the combinations stored in the non-volatile memory, and from the signature and the payload. In response to determining that the payload is authentic, the payload is processed, and in response to determining that the payload is not authentic, processing of the payload is disabled.

Abstract translation: 用于认证数据的一种方法包括将公共密钥和会话密钥ID的表示的多个组合存储在非易失性存储器中。 输入有效载荷和伴随的公钥，会话密钥ID和有效载荷的签名。 签名是有效载荷和密钥对的私钥的功能，包括伴随的公钥和私钥。 基于附带的公钥和会话密钥ID以及存储在非易失性存储器中的组合，以及从签名和有效载荷来确定有效载荷的真实性。 响应于确定有效载荷是真实的，处理有效载荷，并且响应于确定有效载荷不可靠，禁用有效载荷的处理。

公开(公告)号：US09230112B1

公开(公告)日：2016-01-05

申请号：US13775151

申请日：2013-02-23

Applicant: Xilinx, Inc.

Inventor： Edward S. Peterson ,  Roger D. Flateau, Jr. ,  James D. Wesselkamper ,  Steven E. McNeil ,  Jason J. Moore ,  Lester S. Sanders ,  Lawrence C. Hung ,  Yatharth K. Kochar

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  G06F9/44 ,  G06F21/76

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4416 ,  G06F21/76

Abstract: A system generally relating to an SoC, which may be a field programmable SoC (“FPSoC”), is disclosed. In this SoC, dedicated hardware includes a processing unit, a first internal memory, a second internal memory, an authentication engine, and a decryption engine. A storage device is coupled to the SoC. The storage device has access to a boot image. The first internal memory has boot code stored therein. The boot code is for a secure boot of the SoC. The boot code is configured to cause the processing unit to control the secure boot.

Abstract translation: 通常涉及可能是现场可编程SoC（“FPSoC”）的SoC的系统被公开。 在该SoC中，专用硬件包括处理单元，第一内部存储器，第二内部存储器，认证引擎和解密引擎。 存储设备耦合到SoC。 存储设备可以访问引导映像。 第一内部存储器具有存储在其中的引导代码。 引导代码用于安全引导SoC。 引导代码被配置为使处理单元控制安全启动。

公开(公告)号：US20150236856A1

公开(公告)日：2015-08-20

申请号：US14185780

申请日：2014-02-20

Applicant: Xilinx, Inc.

Inventor： Jason J. Moore ,  Steven E. McNeil ,  Stephen M. Trimberger

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/572 ,  G06F21/575 ,  G06F21/71 ,  G06F21/76 ,  H04L9/0825 ,  H04L9/0891 ,  H04L9/3236

Abstract: One approach for authenticating data includes storing a plurality of combinations of representations of public keys and session key IDs in a non-volatile memory. A payload and accompanying public key, session key ID, and signature of the payload are input. The signature is a function of the payload and a private key of a key pair that includes the accompanying public key and the private key. Authenticity of the payload is determined based on the accompanying public key and session key ID and the combinations stored in the non-volatile memory, and from the signature and the payload. In response to determining that the payload is authentic, the payload is processed, and in response to determining that the payload is not authentic, processing of the payload is disabled.

Abstract translation: 用于认证数据的一种方法包括将公共密钥和会话密钥ID的表示的多个组合存储在非易失性存储器中。 输入有效载荷和伴随的公钥，会话密钥ID和有效载荷的签名。 签名是有效载荷和密钥对的私钥的功能，包括伴随的公钥和私钥。 基于附带的公钥和会话密钥ID以及存储在非易失性存储器中的组合，以及从签名和有效载荷来确定有效载荷的真实性。 响应于确定有效载荷是真实的，处理有效载荷，并且响应于确定有效载荷不可靠，禁用有效载荷的处理。

公开(公告)号：US10978167B1

公开(公告)日：2021-04-13

申请号：US16806546

申请日：2020-03-02

Applicant: Xilinx, Inc.

Inventor： James D. Wesselkamper ,  Edward S. Peterson ,  Jason J. Moore ,  Steven E. McNeil

IPC: G11C17/00 ,  G11C17/16 ,  G11C17/18

Abstract: A disclosed circuit arrangement includes a bank of efuse cells, first and second sense amplifiers coupled to input signals representing constant logic-1 and logic-0 values, respectively, a storage circuit, an efuse control circuit, and an efuse security circuit. The efuse control circuit inputs signals from the bank of efuse cells and signals that are output from the first and second sense amplifiers, and stores data representative of values of the signals in the storage circuit. The efuse security reads the data from the storage circuit and generates an alert signal having a state that indicates a security violation in response to data representative of the value of the signal from the first sense amplifier indicating a logic-0 value or data representative of the value of the signal from the second sense amplifier indicating a logic-1 value.

公开(公告)号：US09165143B1

公开(公告)日：2015-10-20

申请号：US13833177

申请日：2013-03-15

Applicant: Xilinx, Inc.

Inventor： Lester S. Sanders ,  Yatharth K. Kochar ,  Steven E. McNeil ,  Jason J. Moore ,  Roger D. Flateau, Jr. ,  Lawrence C. Hung

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F21/572 ,  G06F21/76

Abstract: A method relating generally to loading a boot image is disclosed. In such a method, a header of a boot image file is read by boot code executed by a system-on-chip. It is determined whether the header read has an authentication certificate. If the header has the authentication certificate, authenticity of the header is verified with the first authentication certificate. It is determined whether the header is encrypted. If the header is encrypted, the header is decrypted.

Abstract translation: 公开了一般涉及加载引导图像的方法。 在这种方法中，通过由片上系统执行的引导代码来读取引导映像文件的标题。 确定头读取是否具有认证证书。 如果标头具有认证证书，则使用第一认证证书验证报头的真实性。 确定头部是否被加密。 如果标题被加密，则头部被解密。