Structure and method for loading encryption keys through a test access port
First Claim
1. In a programmable logic device (PLD) having a JTAG port, a decryptor for decrypting an encrypted bitstream, and a memory for storing decryption keys used by the decryptor to decrypt the encrypted bitstream, a method for loading the keys comprising:
- placing the PLD into a printed circuit board;
testing the printed circuit board using the JTAG port of the PLD; and
loading the decryption keys into the memory using the JTAG port.
1 Assignment
0 Petitions
Accused Products
Abstract
It is sometimes desirable to encrypt a design for loading into a PLD so that an attacker may not learn and copy the design as it is being written into the PLD. It is desirable that decryption keys be stored within the PLD, and that they be loaded conveniently before a board including the PLD is sold. The invention allows the PLD to be placed into a printed circuit board and the board to be tested using a JTAG port of the PLD, and then allows the decryption keys to be loaded into a key memory using the JTAG port. Loading of the keys can be performed without also loading of a design into the PLD. Loading may be performed without the use of a device programmer.
81 Citations
16 Claims
-
1. In a programmable logic device (PLD) having a JTAG port, a decryptor for decrypting an encrypted bitstream, and a memory for storing decryption keys used by the decryptor to decrypt the encrypted bitstream, a method for loading the keys comprising:
-
placing the PLD into a printed circuit board; testing the printed circuit board using the JTAG port of the PLD; and loading the decryption keys into the memory using the JTAG port. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A programmable logic device (PLD) comprising:
-
a test access port for testing the PLD; and a circuit for loading at least one decryption key through the test access port. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A programmable logic device (PLD), comprising:
-
a programmable logic arrangement and configuration memory coupled to the programmable logic arrangement; a configuration control circuit coupled to the configuration memory and to a configuration port, the configuration control circuit adapted to store configuration data in the configuration memory; a boundary scan control circuit coupled to a scan port and to the configuration control circuit; a key memory coupled to the boundary scan control circuit, the key memory adapted to store at least one decryption key input via the scan port, transition to one of a secure mode and an non-secure mode in response to a control signal from the boundary scan control circuit, disable read and write of the key memory via the boundary scan control circuit in response to the key memory operating in the secure mode, and enable read and write of the key memory via the boundary scan control circuit in response to the key memory operating in the non-secure mode; and a decryptor coupled to the configuration control circuit and to the key memory, the decryptor adapted to read the at least one decryption key from the key memory and decrypt an encrypted configuration bitstream from the configuration control circuit. - View Dependent Claims (14, 15, 16)
-
Specification