# Programming Management Unit: Open-Source Core for Secure FPGA Bitstream Configuration

#### Allen Boston

*R. Gauchi, Pierre-Emmanuel Gaillardon* Department of Electrical and Computer Engineering – University of Utah



Open-Source Computer Architecture Research 2023 06/18/2023



#### Motivation

• FPGAs are essential to modern high-performance systems



Wired and wireless communications



Audio and video broadcasting



Data center



## **Motivation**

FPGAs are essential to modern high-performance systems



Wired and wireless communications



Audio and video broadcasting



Data center

Prime target for adversaries



[Author's Own]

University of Utah | A. Boston | 2



• Configurable architectures are generic in nature





# Configurable architectures are generic in nature

• FPGAs are programmed with user IP





- Configurable architectures are generic in nature
- FPGAs are programmed with user IP



Essential to essential to safeguard the configuration data

# THE WINERSITY OF USE

# **FPGA** Configuration Protocol

- State-of-the-art FPGAs leverage SRAM-based configuration
  - High speed, low power, scalable





- State-of-the-art FPGAs leverage SRAM-based configuration
  - High speed, low power, scalable
- Flash is a non-volatile alternative





- State-of-the-art FPGAs leverage SRAM-based configuration
  - High speed, low power, scalable
- Flash is a non-volatile alternative
- Parallel and serial data acquisition



# THUR WERSTY OF UNIT

# **FPGA Configuration Protocol**

- State-of-the-art FPGAs leverage SRAM-based configuration
  - High speed, low power, scalable
- Flash is a non-volatile alternative
- Parallel and serial data acquisition
- PMU targets a OpenFPGA serial configuration-chain protocol









# THE WAY OF ENGINE

# **Programming Management Unit**

- Problem:
  - FPGA bitstream configuration is complex
  - Impossible to customize security IP in commercial FPGAs.
  - Open-source landscape lacks security aware FPGA configuration circuitry

# Programming Management Unit

- Problem:
  - FPGA bitstream configuration is complex
  - Impossible to customize security IP in commercial FPGAs.
  - Open-source landscape lacks security aware FPGA configuration circuitry

# • Proposal:

- First open-source IP core specifically dedicated to FPGA configuration
- Customizable framework dedicated to secure data movement from EDA bitstream generation to FPGA core configuration circuitry.



#### University of Utah | A. Boston | 5



 PMU bitstream security measures constrained to "at-rest" and "loading" stages of configuration procedure





 PMU bitstream security measures constrained to "at-rest" and "loading" stages of configuration procedure





 PMU bitstream security measures constrained to "at-rest" and "loading" stages of configuration procedure





 PMU bitstream security measures constrained to "at-rest" and "loading" stages of configuration procedure



Key storage falls outside the scope of work for this project.

OF ENG



OF ENG



#### Vulnerable Communication Channel

F ENG



#### Vulnerable Communication Channel



#### University of Utah | A. Boston | 7

FENG



#### Vulnerable Communication Channel



University of Utah | A. Boston | 7

Hardware



 Leverage the open-source ecosystem by utilizing preexisting IPs



- Leverage the open-source ecosystem by utilizing preexisting IPs
- 10x10 OpenFPGA fabric
  - OpenFPGA Github: <a href="https://github.com/lnis-uofu/OpenFPGA">https://github.com/lnis-uofu/OpenFPGA</a>



- Leverage the open-source ecosystem by utilizing preexisting IPs
- 10x10 OpenFPGA fabric
  - OpenFPGA Github: <u>https://github.com/lnis-uofu/OpenFPGA</u>
- Joint-Action Test Group
  - JTAG Github: <u>https://github.com/freecores/jtag</u>



- Leverage the open-source ecosystem by utilizing preexisting IPs
- 10x10 OpenFPGA fabric
  - OpenFPGA Github: <u>https://github.com/Inis-uofu/OpenFPGA</u>
- Joint-Action Test Group
  - JTAG Github: <u>https://github.com/freecores/jtag</u>
- Advanced Encryption Standard
  - AES Github: <u>https://github.com/secworks/aes</u>



- Leverage the open-source ecosystem by utilizing preexisting IPs
- 10x10 OpenFPGA fabric
  - OpenFPGA Github: <u>https://github.com/lnis-uofu/OpenFPGA</u>
- Joint-Action Test Group
  - JTAG Github: <u>https://github.com/freecores/jtag</u>
- Advanced Encryption Standard
  - AES Github: <a href="https://github.com/secworks/aes">https://github.com/secworks/aes</a>
- Secure Hash Algorithm
  - SHA Github: <u>https://github.com/secworks/sha256</u>



Bitstream confidentiality

© UofU - LNIS 2022 A



- Bitstream confidentiality
  - Advanced Encryption Standard (AES)





- Bitstream confidentiality
  - Advanced Encryption Standard (AES)



Authentication and Data Integrity



- Bitstream confidentiality
  - Advanced Encryption Standard (AES)



- Authentication and Data Integrity
  - Secure Hash Algorithm (SHA)



FENG



University of Utah | A. Boston | 10



 Designed to be readily adaptable

University of Utah | A. Boston | 10



- Designed to be readily adaptable
- Communication Protocol
  - SPI, I2C, USB

University of Utah | A. Boston | 10



- Designed to be readily adaptable
- Communication Protocol
  SPI, I2C, USB
- Cryptography
  - RSA, ECC, HMAC, DES

University of Utah | A. Boston | 10



- Designed to be readily adaptable
- Communication Protocol
  SPI, I2C, USB

# Cryptography

- RSA, ECC, HMAC, DES
- Configuration Protocol
  - SRAM, Flash, Active Serial



- Designed to be readily adaptable
- Communication Protocol
  SPI, I2C, USB
- Cryptography
  - RSA, ECC, HMAC, DES
  - Configuration Protocol
    - SRAM, Flash, Active Serial

# Key Storage

 OTP Memory, PUF, Secure Element

University of Utah | A. Boston | 10

#### **PMU** Core Operation

OF ENG



#### **PMU** Core Operation

OF ENG



University of Utah | A. Boston | 11

#### **PMU** Core Operation

OF ENG



OF ENGIA

Ľ

|          | 5-bits     |                           | K-bits                        |                           | 32-bits    | 12-bits    |
|----------|------------|---------------------------|-------------------------------|---------------------------|------------|------------|
| JTAG TDI | tdi footer | SHA(AES n + 1 +<br>AES n) | AES(bitstream<br>block n + 1) | AES(bitstream<br>block n) | PMU Header | tdi header |
|          |            |                           |                               |                           |            |            |
| JTAG TMS | tms footer |                           | '0' * K + '0'                 | * 32                      |            | tms header |
|          | (MSB)      |                           |                               |                           |            | (LSB)      |

|          | 5-bits     |                           | K-bits                        |                           | 32-bits    | 12-bits    |
|----------|------------|---------------------------|-------------------------------|---------------------------|------------|------------|
| JTAG TDI | tdi footer | SHA(AES n + 1 +<br>AES n) | AES(bitstream<br>block n + 1) | AES(bitstream<br>block n) | PMU Header | tdi header |
|          |            |                           |                               |                           |            |            |
| JTAG TMS | tms footer |                           | '0' * K + '0'                 | * 32                      |            | tms header |
|          | (MSB)      |                           |                               |                           |            | (LSB)      |

### Consider 1000-bit bitstream

• SHA evaluation every 500-bits

![](_page_39_Figure_4.jpeg)

University of Utah | A. Boston | 12

OF ENGIN

Ľ

|                                                                                        | 5-bits     |                           | K-bits                        |                           | 32-bits    | 12-bits    |  |
|----------------------------------------------------------------------------------------|------------|---------------------------|-------------------------------|---------------------------|------------|------------|--|
| JTAG TDI                                                                               | tdi footer | SHA(AES n + 1 +<br>AES n) | AES(bitstream<br>block n + 1) | AES(bitstream<br>block n) | PMU Header | tdi header |  |
|                                                                                        |            |                           |                               |                           |            |            |  |
| JTAG TMS                                                                               | tms footer |                           | '0' * K + '0'                 | * 32                      |            | tms header |  |
|                                                                                        | (MSB)      |                           |                               |                           |            | (LSB)      |  |
| <ul> <li>Consider 1000-bit bitstream</li> <li>SHA evaluation every 500-bits</li> </ul> |            |                           |                               |                           |            |            |  |
| 36% Encoding Overhead Olistream                                                        |            |                           |                               |                           |            |            |  |
| 33                                                                                     | 3%         |                           | JTAG                          |                           |            |            |  |
|                                                                                        | PMU Header |                           |                               |                           |            |            |  |
| 2%                                                                                     | %          | 64%                       | 😑 SHA                         |                           |            |            |  |
|                                                                                        |            |                           |                               |                           |            |            |  |

University of Utah | A. Boston | 12

OF ENGI

Ľ

|                                                                                                                                                                      | 5-bits     |                           | K-bits                                                                    |                           | 32-bits    | 12-bits    |  |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|---------------------------|---------------------------------------------------------------------------|---------------------------|------------|------------|--|
| JTAG TDI                                                                                                                                                             | tdi footer | SHA(AES n + 1 +<br>AES n) | AES(bitstream<br>block n + 1)                                             | AES(bitstream<br>block n) | PMU Header | tdi header |  |
|                                                                                                                                                                      |            |                           |                                                                           |                           |            |            |  |
| JTAG TMS                                                                                                                                                             | tms footer |                           | '0' * K + '0'                                                             | * 32                      |            | tms header |  |
|                                                                                                                                                                      | (MSB)      |                           |                                                                           |                           |            | (LSB)      |  |
| <ul> <li>Consider 1000-bit bitstream</li> <li>SHA evaluation every 500-bits</li> <li>SHA evaluation every 250-bits</li> <li>SHA evaluation every 250-bits</li> </ul> |            |                           |                                                                           |                           |            |            |  |
| 36% En<br>33                                                                                                                                                         | coding     | Overhead<br>64%           | <ul> <li>Bitstream</li> <li>JTAG</li> <li>PMU Hea</li> <li>SHA</li> </ul> | der 49                    | %          | 48%        |  |

University of Utah | A. Boston | 12

2%

OF ENG

Ľ

|                                                                                                                                                                      | 5-bits     |                           | K-bits                                  |                           | 32-bits           | 12-bits             |  |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|---------------------------|-----------------------------------------|---------------------------|-------------------|---------------------|--|
| JTAG TDI                                                                                                                                                             | tdi footer | SHA(AES n + 1 +<br>AES n) | AES(bitstream<br>block n + 1)           | AES(bitstream<br>block n) | PMU Header        | tdi header          |  |
|                                                                                                                                                                      |            |                           |                                         |                           |                   |                     |  |
| JTAG TMS                                                                                                                                                             | tms footer |                           | '0' * K + '0' * 32                      |                           |                   |                     |  |
|                                                                                                                                                                      | (MSB)      |                           |                                         |                           |                   | (LSB)               |  |
| <ul> <li>Consider 1000-bit bitstream</li> <li>SHA evaluation every 500-bits</li> <li>SHA evaluation every 250-bits</li> <li>SHA evaluation every 250-bits</li> </ul> |            |                           |                                         |                           |                   |                     |  |
| 36% Encoding Overhead • Bitstream 51% Encoding Overhead                                                                                                              |            |                           |                                         |                           |                   |                     |  |
| 33                                                                                                                                                                   | 3%         |                           | <ul><li>JTAG</li><li>PMU Heat</li></ul> | der 49                    | %                 | 48%                 |  |
| 2%                                                                                                                                                                   | 1%         | 64%                       | e sha                                   |                           | 1%<br>2%          |                     |  |
|                                                                                                                                                                      |            |                           |                                         |                           | University of Uta | ah   A. Boston   12 |  |

![](_page_43_Picture_0.jpeg)

# Silicon Integration to Caravel SoC

![](_page_43_Figure_2.jpeg)

University of Utah | A. Boston | 13

![](_page_44_Figure_0.jpeg)

University of Utah | A. Boston | 13

# Silicon Integration to Caravel SoC

![](_page_45_Figure_1.jpeg)

# Silicon Integration to Caravel SoC

![](_page_46_Figure_1.jpeg)

![](_page_47_Picture_0.jpeg)

# Summary

First open-source core specifically dedicated to FPGA configuration

Flexible HW/SW template framework

Enables secure and accurate FPGA configuration

Demonstrated system integration utilizing open-source ecosystem

PMU Github:

https://github.com/Inis-uofu/FPGA\_Secured\_Bitstream

![](_page_47_Picture_8.jpeg)

# Thank you for your attention

![](_page_48_Picture_1.jpeg)

Laboratory for NanoIntegrated Systems Department of Electrical and Computer Engineering MEB building – University of Utah – Salt Lake City – UT – USA