IP Protection of code block in Xilinx FPGA?

I have an FPGA design where the VHDL source code is a deliverable item to the customer. One of the blocks in the FPGA must be protected so that the customer can't see the source and modify it. The device is a Virtex2-Pro.

I could obfuscate the VHDL identifiers, then generate a netlist, but that doesn't seem to be very strong protection. I also have a picoblaze processor in the design, so I'm not sure how well I can obfuscate the block RAM contents. I could swizzle the address/data bits (as the TOCOM

5507VIP cable box did) when hooking up the block rom to picoblaze, then write a script to convert the picoblaze object code to swizzled ROM init files.

I heard a rumor (from a Xilinx FAE) that ISE 7 would have some facility for protecting blocks of code in situations such as this, but I haven't been able to find any info on the Xilinx website about this.

Peter Alfke, I know you have the answer :)

TIA

Urb

_______________________________________________________________________________ Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -

formatting link
The Worlds Uncensored News Source

Reply to
Paul Urbanus
Loading thread data ...

Either source code is a deliverable or it isn't. Unreadable source code is useless so why bother creating it.

-- Mike Treseler

Reply to
Mike Treseler

The idea isn't to deliver source code. Instead, the idea is to deliver a netlist file which is generated by compiling the source code. The block in question is implemented using proprietary info

M NDA (with a chip manufacturer) states that this proprietary info must be protected. Therefore, any code which utilizes this proprietary info can't be redistributed in source form. So if I delivered a synthesisized netlist I must make sure that the net names are obfuscated, at a minimum. This can be achieved at either the source or netlist level.

You can debate the sensibility of protecting the proprietary, but I'm contractually obligated to do so, and this policy will not be changed.

Given this, can anyone answer my original question and suggest how best to protect a specific functional block in a larger Xilinx design.

Urb

_______________________________________________________________________________ Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -

formatting link
The Worlds Uncensored News Source

Reply to
Paul Urbanus

I'd fudge the netlist with a script that renames all the nets and component instances. Would that be enough?

I seem to recall that at one point Nios was source code with all the nets named as long random combinations of 1lI0O, which was kind of weird to look at!

Cheers, Martin

--
martin.j.thompson@trw.com
TRW Conekt, Solihull, UK
 Click to see the full signature
Reply to
Martin Thompson

Hi,

Only deliver the component declaration with the VHDL code and provide the .ngo/.ngd encrypted netlist with it as well. In this case, the NGDBUILD phase during synthesis will put your IP in place while protecting your source code. Similarly, you might have to provide an encrypted file to allow for simulation (depends on the customer's simulation tool). The main disadvantage is that you're responsible for selecting the device and and supported speed.

So to wrap up: split the task into 2 "projects" A) The protected IP: 1) code, test and so on 2) constrain (if you want to deliver a netlist) 3) generate the encrypted files B) The main code 1) set up libraries and so on to invoke the encrypted blocks 2) use the component of the protected IP (don't include the source code) 3) code, test and so on 4) deliverables = encrypted files + readable project code

Most fun will be in looking in how to do the encryption for the various tools.

Kind regards, Alvin.

Reply to
Alvin Andries

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.