公开(公告)号：US10978167B1

公开(公告)日：2021-04-13

申请号：US16806546

申请日：2020-03-02

Applicant: Xilinx, Inc.

Inventor： James D. Wesselkamper ,  Edward S. Peterson ,  Jason J. Moore ,  Steven E. McNeil

IPC: G11C17/00 ,  G11C17/16 ,  G11C17/18

Abstract: A disclosed circuit arrangement includes a bank of efuse cells, first and second sense amplifiers coupled to input signals representing constant logic-1 and logic-0 values, respectively, a storage circuit, an efuse control circuit, and an efuse security circuit. The efuse control circuit inputs signals from the bank of efuse cells and signals that are output from the first and second sense amplifiers, and stores data representative of values of the signals in the storage circuit. The efuse security reads the data from the storage circuit and generates an alert signal having a state that indicates a security violation in response to data representative of the value of the signal from the first sense amplifier indicating a logic-0 value or data representative of the value of the signal from the second sense amplifier indicating a logic-1 value.

公开(公告)号：US11379580B1

公开(公告)日：2022-07-05

申请号：US16819864

申请日：2020-03-16

Applicant: Xilinx, Inc.

Inventor： James D. Wesselkamper ,  Edward S. Peterson ,  Jason J. Moore ,  Steven E. McNeil ,  Roger D. Flateau, Jr. ,  Danny Tsung-Heng Wu ,  Boon Y. Ang

IPC: G06F21/55 ,  G06F21/72 ,  H04L9/32 ,  G11C29/00 ,  G11C29/08

Abstract: An array of non-volatile memory cells includes rows and columns. A volatile storage circuit provides addressable units of storage. A control circuit reads first type data and second type data from one or more of the rows and multiple ones of the columns of the array of non-volatile memory cells. The control circuit stores the first type data and second type data read from each row in one or more addressable units of storage of the volatile storage. A security circuit reads first data from the one or more of the addressable units of the volatile storage and selects from the first data, the second type data that includes one or more bits of each of the one or more of the addressable units. The security circuit performs an integrity check on the selected second type data, and generates an alert signal that indicates a security violation in response to failure of the integrity check.

公开(公告)号：US10466275B1

公开(公告)日：2019-11-05

申请号：US16022403

申请日：2018-06-28

Applicant: Xilinx, Inc.

Inventor： Sandeep Vundavalli ,  Sree RKC Saraswatula ,  James D. Wesselkamper ,  Santosh Yachareni ,  Shidong Zhou ,  Anil Kumar Kandala

IPC: G11C29/00 ,  G01R11/24 ,  G01R31/30 ,  G06F21/86 ,  G06F21/76 ,  G01R22/06

Abstract: Apparatus and associated methods relate to a glitch detection circuit monitoring a duration that a selected fractional supply voltage is below a predetermined voltage threshold. The selected fractional supply voltage may be at the predetermined threshold when the supply voltage is between a valid circuit-supply voltage and a power-on circuit-reset (POR). A glitch detect signal may be generated, for example, when the monitored duration is greater than a predetermined duration threshold. A test glitch generator may generate a test glitch, for example, having selectable voltage and duration, which may be selectably applied to the glitch detection circuit to verify operation. Various exemplary glitch detection circuits may advantageously determine externally produced tampering attempts by detecting circuit-supply voltages and durations that meet specific selectable supply voltage and duration criteria, improving security of sensitive field programmable gate array (FPGA) data by taking protective action in response to the detection.

公开(公告)号：US10027492B1

公开(公告)日：2018-07-17

申请号：US15633321

申请日：2017-06-26

Applicant: Xilinx, Inc.

Inventor： James D. Wesselkamper

IPC: H04L9/32 ,  H03K19/003 ,  G11C29/52 ,  G11C29/06 ,  G11C11/41

Abstract: A method of generating a physically unclonable function is described. The method comprises calculating a total variation associated with differences between a plurality of elements of an entropy source in an integrated circuit; calculating a global variation associated the plurality of elements of the entropy source; generating a local variation by removing the global variation associated with the plurality of elements from the total variation; and generating a unique signature based upon the generated local variation. A circuit for generating a physically unclonable function is also described.

公开(公告)号：US11280829B1

公开(公告)日：2022-03-22

申请号：US16721843

申请日：2019-12-19

Applicant: Xilinx, Inc.

Inventor： Ramakrishna G. Poolla ,  Krishna C. Patakamuri ,  James D. Wesselkamper ,  Jason J. Moore ,  Edward S. Peterson ,  Steven E. McNeil

IPC: H04L29/06 ,  G01R31/317 ,  G01R31/3177 ,  G06F21/44 ,  H04L9/32 ,  G06F21/76 ,  H04L9/30

Abstract: Disclosed approaches for controlling debug access to an integrated circuit (IC) device include receiving a debug packet by a debug interface circuit of the IC device. The debug interface circuit authenticates the debug packet in response to the debug packet having a command code that specifies enable debug mode or a command code that specifies disable debug mode. In response to the debug packet passing authentication and the command code specifying enable, the debug interface circuit enables debug mode of the IC device. In response to the debug packet passing authentication and the command code specifying disable, the debug interface circuit disables the debug mode of the IC device. In response to the debug packet failing authentication, the debug interface circuit rejects the debug packet.

公开(公告)号：US11216591B1

公开(公告)日：2022-01-04

申请号：US16439350

申请日：2019-06-12

Applicant: Xilinx, Inc.

Inventor： Felix Burton ,  Krishna C. Patakamuri ,  James D. Wesselkamper

IPC: G06F21/00 ,  G06F21/64 ,  H04L9/32

Abstract: Apparatus and associated methods relate to authenticating a back-to-front-built configuration image. In an illustrative example, a circuit may include memory configured to store a signature S, a second hash H2, and a first data chunk C1. Signature S may be signed on a first hash H1. H1 may be the hash for H2 and C1. If signature S passes verification, a hash engine may perform hash functions on C1 and H2 to generate a hash H1′. H1′ may be compared with H1 to indicate whether C1 has been tampered with or not. By using the incremental authentication, a signature that appears at the beginning of the image may be extended to the entire image while only using a small internal buffer. Advantageously, internal buffer may only need to store two hashes Hi, Hi+1, and a data chunk Ci, or, a signature S, a hash Hi, and a data chunk Ci.

公开(公告)号：US10044514B1

公开(公告)日：2018-08-07

申请号：US14866712

申请日：2015-09-25

Applicant: Xilinx, Inc.

Inventor： Edward S. Peterson ,  James D. Wesselkamper

IPC: G06F11/30 ,  H04L9/32 ,  H04L9/14

Abstract: The disclosure describes approaches for protecting a circuit design for a programmable integrated circuit (IC). A black key is generated from an input red key by a registration circuit implemented on the programmable IC, and the black key is stored in a memory circuit external to the programmable IC. The programmable IC is configured to implement a pre-configuration circuit, which inputs the black key from the memory circuit and generates the red key from the black key. A ciphertext circuit design is decrypted into a plaintext circuit design by the programmable IC using the red key, and the red key is erased from the programmable IC. The programmable IC is reconfigured with the plaintext circuit design.

公开(公告)号：US09230112B1

公开(公告)日：2016-01-05

申请号：US13775151

申请日：2013-02-23

Applicant: Xilinx, Inc.

Inventor： Edward S. Peterson ,  Roger D. Flateau, Jr. ,  James D. Wesselkamper ,  Steven E. McNeil ,  Jason J. Moore ,  Lester S. Sanders ,  Lawrence C. Hung ,  Yatharth K. Kochar

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  G06F9/44 ,  G06F21/76

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4416 ,  G06F21/76

Abstract: A system generally relating to an SoC, which may be a field programmable SoC (“FPSoC”), is disclosed. In this SoC, dedicated hardware includes a processing unit, a first internal memory, a second internal memory, an authentication engine, and a decryption engine. A storage device is coupled to the SoC. The storage device has access to a boot image. The first internal memory has boot code stored therein. The boot code is for a secure boot of the SoC. The boot code is configured to cause the processing unit to control the secure boot.

Abstract translation: 通常涉及可能是现场可编程SoC（“FPSoC”）的SoC的系统被公开。 在该SoC中，专用硬件包括处理单元，第一内部存储器，第二内部存储器，认证引擎和解密引擎。 存储设备耦合到SoC。 存储设备可以访问引导映像。 第一内部存储器具有存储在其中的引导代码。 引导代码用于安全引导SoC。 引导代码被配置为使处理单元控制安全启动。

公开(公告)号：US12093394B2

公开(公告)日：2024-09-17

申请号：US18111808

申请日：2023-02-20

Applicant: XILINX, INC.

Inventor： Aman Gupta ,  James D. Wesselkamper ,  James Anderson ,  Nader Sharifi ,  Ahmad R. Ansari ,  Sagheer Ahmad ,  Brian C. Gaide

IPC: G06F21/57 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

CPC classification number: G06F21/575 ,  H04L9/0618 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  G06F2221/034

Abstract: Some examples described herein provide for securely booting a heterogeneous integration circuitry apparatus. In an example, an apparatus (e.g., heterogeneous integration circuitry) includes a first portion and a second portion of one or more entropy sources on a first component and a second component, respectively. The apparatus also includes a key generation circuit communicatively coupled with the first portion and the second portion to generate a key encrypted key based on a first set of bits output by the first portion and a second set of bits output by the second portion. The apparatus also includes a key security circuit to generate, based on the key encrypted key and an encrypted public key stored at the apparatus, a plaintext public key to be used by a boot loader during a secure booting operation for the apparatus.

公开(公告)号：US11582021B1

公开(公告)日：2023-02-14

申请号：US16690097

申请日：2019-11-20

Applicant: Xilinx, Inc.

Inventor： James D. Wesselkamper ,  Nathan A. Menhorn ,  Jason J. Moore

IPC: H04L9/06 ,  G11C11/56 ,  G11C17/14 ,  G11C17/16 ,  H04L9/00

Abstract: Disclosed approaches for validating initialization vectors determining by a configuration control circuit whether or not an input initialization vector is within a range of valid initialization vectors. In response to determining that the initialization vector is within the range of valid initialization vectors, the configuration control circuit decrypts the ciphertext into plaintext using the input initialization vector and configures a memory circuit with the plaintext. In response to determining that the first initialization vector is outside the range of valid initialization vectors, the configuration control circuit signals that the first initialization vector is invalid.