Application Note AC185

June 2016 1

Implementation of Security in Microsemi ProASIC

and ProASIC

PLUS

Flash-Based FPGAs

Table of Contents

Introduction

As more of the traditional ASIC market is being serviced by field programmable gate arrays (FPGAs), the

need for security on programmable logic devices increases dramatically. A few years ago, FPGAs were

viewed as primarily glue logic with devices often being used to interface between ASSPs or custom

ASICs. Today, as FPGAs grow in density and handle faster clock speeds, they are becoming effective

ASIC alternatives. Today, many systems have most, if not all, of the sensitive IP contained in an FPGA. A

typical system might incorporate a processor/DSP, some memory, a few ASSPs, and one or more

FPGAs. If the contents of the FPGA can be read the user can duplicate or enhance the function of the

entire system because all other components are off-the-shelf. The vulnerability of FPGAs to copying puts

the intellectual property of the system at risk. The system is only as safe as the FPGA or ASIC in the

design. Given the continued rapid adoption of FPGAs, security is a growing problem. Microsemi

ProASIC

and ProASIC

PLUS®

devices contain circuitry to make the Flashbased devices secure after

configuration. Care must be taken in the design to make the locking circuitry very difficult to defeat

through electronic or direct physical attack.

Types of Security

Microsemi offers two types of security:

• FlashLock

The FlashLock feature in ProASIC and ProASIC

PLUS

works through a key mechanism, where the

user locks or unlocks the device with a user-defined key. When the device is locked, functions such

as device read, write, verify, and erase are disabled. Without the correct key, no one can copy or

reverse engineer the design in the FPGA. First, the device must be unlocked using the correct key in

order to gain access to the FPGA.

• Permanent FlashLock

The purpose of the permanent lock feature is to provide the highest level of security to the

ProASIC

PLUS

family of devices. The permanent FlashLock feature creates a permanent barrier

preventing any access to the contents of the device. This barrier is created by breaking the key after

the device is secured. After permanently locking the device, access to the device is not possible even

with the proper key. The device is effectively rendered as one-time programmable and therefore is

very secure.

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Types of Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Security Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Are the Keys Secure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Setting Security Keys and Permanent Lock in Microsemi Designer Software . . . . . . . . . . . . . . 3

Resultant Bitstream if the Security Key is Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Resultant Bitstream if the Permanent Lock is Used . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Programming Security and Permanent Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

List of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Implementation of Security in Microsemi ProASIC and ProASIC

PLUS

Flash-Based FPGAs

2 Revision 2

Security Key

Within each ProASIC or ProASIC

PLUS

device, there is a multi-bit user key. The number of bits depends

on the size of the ProASIC or ProASIC

PLUS

device. Ta bl e 1 and Ta bl e 2 show the key size of different

ProASIC and ProASIC

PLUS

devices. After secured, Read permission and Write permission can only be

enabled by providing the correct user key to first unlock the device.

The key size varies depending on the size of the device being used in the design. The length of the key

makes it virtually impossible to attack the key using direct Brute Force techniques.

Are the Keys Secure

To unlock, the correct key must be loaded through the JTAG programming port. The maximum clock

frequency of the JTAG port is 20 MHz. An exhaustive search would take at least

2ks/20 x106 seconds, where ks = key size

Table 3 and Table 4 on page 3 lists how many years are needed to uncover the key for Microsemi Flash

devices.

Even using parallel test setups, exhaustive testing of keys would take prohibitively long. Note that care

must be taken to use nontrivial keys during key selection.

Table 1 • Key Size of ProASIC Devices

Device Key Size (Bits) Key Size (Hex)

A500K050 55 13

A500K130 93 23

A500K180 118 29

A500K270 143 35

Table 2 • Key Size of ProASIC

PLUS

Devices

Device Key Size (Bits) Key Size (Hex)

APA075 79 19

APA150 79 19

APA300 79 19

APA450 119 29

APA600 167 41

APA750 191 47

APA1000 263 65

Table 3 • Years Needed to Uncover the Key ProASIC Devices

Device Years to Uncover the Key

A500K050 57

A500K130 1.57 × 10

A500K180 5.27 × 10

A500K270 1.77 × 10