FIRMWARE SECURITY INTERFACE FOR FIELD PROGRAMMABLE GATE ARRAYS

US 20170213053A1
Filed: 01/25/2016
Published: 07/27/2017
Est. Priority Date: 01/25/2016
Status: Active Grant

First Claim

Patent Images

1. A system for securing a field-programmable gate array, the system comprising:

a first machine-readable memory storing a first operating system that implements a secure environment for a field-programmable gate array (FPGA);

a second machine-readable memory storing a second operating system that implements a non-secure environment for the FPGA;

at least one hardware processor of the FPGA communicatively coupled to the first machine-readable memory and the second machine-readable memory, the at least one hardware processor configurable to;

transition to the secure environment by executing the first operating system;

reset a watchdog timer communicatively coupled to the at least one hardware processor by loading a register associated with the watchdog timer with a predetermined value; and

transition to the non-secure environment by executing the second operating system; and

programmable logic of the FPGA communicatively coupled to the at least one hardware processor, the programmable logic configurable to;

instruct the at least one hardware processor to transition to the secure environment;

retrieve an event value from a status register associated with the watchdog timer; and

determine whether the first operating system was executed by the at least one hardware processor by comparing the retrieved event value with a second predetermined value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides for implementing a firmware security interface within a field-programmable gate array (FPGA) for communicating between secure and non-secure environments executable within the FPGA. A security monitor is implemented within the programmable logic of the FPGA as a soft core processor and the firmware security interface modifies one or more functions of the security monitor. The modifications to the security monitor include establishing a timer “heartbeat” within the FPGA to ensure that the FPGA invokes a secure environment and raising an alarm should the FPGA fail to invoke such environment.

Citations

20 Claims

1. A system for securing a field-programmable gate array, the system comprising:
- a first machine-readable memory storing a first operating system that implements a secure environment for a field-programmable gate array (FPGA);
  
  a second machine-readable memory storing a second operating system that implements a non-secure environment for the FPGA;
  
  at least one hardware processor of the FPGA communicatively coupled to the first machine-readable memory and the second machine-readable memory, the at least one hardware processor configurable to;
  
  transition to the secure environment by executing the first operating system;
  
  reset a watchdog timer communicatively coupled to the at least one hardware processor by loading a register associated with the watchdog timer with a predetermined value; and
  
  transition to the non-secure environment by executing the second operating system; and
  
  programmable logic of the FPGA communicatively coupled to the at least one hardware processor, the programmable logic configurable to;
  
  instruct the at least one hardware processor to transition to the secure environment;
  
  retrieve an event value from a status register associated with the watchdog timer; and
  
  determine whether the first operating system was executed by the at least one hardware processor by comparing the retrieved event value with a second predetermined value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the watchdog timer comprises a private watchdog timer assigned to the at least one hardware processor.
  - 3. The system of claim 1, wherein the predetermined value comprises a time interval measured in milliseconds.
  - 4. The system of claim 1, wherein the programmable logic is further configurable to implement a reset timer, the reset timer signaling when the programmable logic is to instruct the at least one hardware processor to transition to the secure environment.
  - 5. The system of claim 4, wherein the programmable logic is further configurable to implement the reset timer by using the predetermined value loaded into the register associated with the watchdog timer.
  - 6. The system of claim 1, wherein the programmable logic is further configurable to implement an event timer, the event timer signaling when the programmable logic is to retrieve the event value from the status register associated with the watchdog timer.
  - 7. The system of claim 6, wherein the programmable logic is further configurable to implement the event timer using a time interval greater than the predetermined value loaded into the register associated with the watchdog timer.
  - 8. The system of claim 1, wherein the programmable logic is further configurable to repetitively instruct the at least one hardware processor to transition to the secure environment and retrieve the event value from the status register so long as the programmable logic determines that the watchdog timer did not reach a zero value.
  - 9. The system of claim 8, wherein the retrieved event value comprises a first value indicating that the watchdog timer did not reach a zero value or a second value indicating that the watchdog timer reached a zero value.
  - 10. The system of claim 1, wherein the programmable logic is further configurable to initiate a lockdown procedure for the FPGA where the comparison of the retrieved event value with the second predetermined value indicates that the watchdog timer was not reset by the at least one hardware processor.

11. A method for securing a field-programmable gate array, the method comprising:
- instructing, by a programmable logic of a field-programmable gate array (FPGA), at least one hardware processor of the FPGA to transition to a secure environment, the secure environment implemented by a first operating system executable by the at least one hardware processor;
  
  instructing, by the programmable logic, the at least one hardware processor to reset a watchdog timer communicatively coupled to the at least one hardware processor with a predetermined value;
  
  instructing, by the programmable logic, the at least one hardware processor to transition to a non-secure environment, the non-secure environment implemented by a second operating system executable by the at least one hardware processor;
  
  retrieving, by the programmable logic, an event value from a status register associated with the watchdog timer; and
  
  determining, by the programmable logic, whether the first operating system was executed by comparing the retrieved event value with a second predetermined value.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the watchdog timer comprises a private watchdog timer assigned to the at least one hardware processor.
  - 13. The method of claim 11, wherein the predetermined value comprises a time interval measured in milliseconds.
  - 14. The method of claim 11, further comprising:
    - implementing, by the programmable logic, a reset timer signaling when the programmable logic is to instruct the at least one hardware processor to transition to the secure environment.
  - 15. The method of claim 14, wherein the reset timer is implemented using the predetermined value used to reset the watchdog timer.
  - 16. The method of claim 11, further comprising:
    - implementing, by the programmable logic, an event timer signaling when the programmable logic is to retrieve the event value from the status register associated with the watchdog timer.
  - 17. The method of claim 16, wherein the event timer is implemented using a time interval greater than the predetermined value loaded into the register associated with the watchdog timer.
  - 18. The method of claim 11, further comprising:
    - repetitively instructing the at least one hardware processor to transition to the secure environment and repetitively retrieving the event value from the status register so long as the programmable logic determines that the watchdog timer did not reach a zero value.
  - 19. The method of claim 18, wherein the retrieved event value comprises a first value indicating that the watchdog timer did not reach a zero value or a second value indicating that the watchdog timer reached a zero value.
  - 20. The method of claim 11, further comprising:
    - initiating a lockdown procedure for the FPGA where the comparison of the retrieved event value with the second predetermined value indicates that the watchdog timer was not reset by the at least one hardware processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Areno, Matthew C., Hoffman, John, Jennings, William T.

Granted Patent

US 9,940,483 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/74 operating in dual or compar...

G06F 21/76 in application-specific int...

FIRMWARE SECURITY INTERFACE FOR FIELD PROGRAMMABLE GATE ARRAYS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FIRMWARE SECURITY INTERFACE FOR FIELD PROGRAMMABLE GATE ARRAYS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links