Secure processor operation using integrated circuit configuration circuitry

US 9,483,416 B1
Filed: 10/21/2010
Issued: 11/01/2016
Est. Priority Date: 10/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

loading encrypted program code encapsulated within a bitstream into an integrated circuit (IC) through a configuration port of the IC;

decrypting the encrypted program code using a decryptor of the IC resulting in decrypted program code;

wherein the decryptor and the configuration port are implemented as non-programmable hard circuitry within the IC and the decrypted program code is executable by a processor; and

providing the decrypted program code to the processor by outputting the decrypted program code from the IC through the configuration port of the IC.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of processor operation using an integrated circuit (IC) can include loading encrypted program code into the IC through a configuration port of the IC and decrypting the encrypted program code using configuration circuitry of the IC. Decryption of the encrypted program code can result in decrypted program code which can be provided to a target destination.

22 Citations

View as Search Results

15 Claims

1. A method, comprising:
- loading encrypted program code encapsulated within a bitstream into an integrated circuit (IC) through a configuration port of the IC;
  
  decrypting the encrypted program code using a decryptor of the IC resulting in decrypted program code;
  
  wherein the decryptor and the configuration port are implemented as non-programmable hard circuitry within the IC and the decrypted program code is executable by a processor; and
  
  providing the decrypted program code to the processor by outputting the decrypted program code from the IC through the configuration port of the IC.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - loading configuration data specifying circuitry for implementation within programmable circuitry of the IC, wherein the circuitry specifies a data port that, when instantiated within the IC, forms a path through which the decrypted program code is provided to the processor.
  - 3. The method of claim 2, wherein the configuration data is also encapsulated within the bitstream, the method further comprising:
    - distinguishing between the encrypted program code and the configuration data.
  - 4. The method of claim 2, wherein providing the decrypted program code to the processor further comprises:
    - first instantiating the circuitry within the IC.
  - 5. The method of claim 1, wherein the decrypted program code comprises a key, the method further comprising:
    - decrypting further encrypted program code using the processor and the key from the decrypted program code.
  - 6. The method of claim 1, wherein the IC is not yet loaded with configuration data.

7. A system comprising:
- an integrated circuit (IC) comprising;
  
  a configuration port configured to receive a bitstream comprising encapsulated, encrypted program code;
  
  a configuration module coupled to the configuration port and configured to distinguish between configuration data for the IC and the encrypted program code within the bitstream; and
  
  a decryptor coupled to the configuration module, wherein the decryptor is configured to decrypt configuration data for the IC that is encrypted and the encrypted program code, and generate decrypted program code;
  
  wherein the configuration module and the decryptor are implemented as non-programmable hard circuitry within the IC and the configuration port is further configured to output the decrypted program code from the IC; and
  
  a processor coupled to the IC, wherein the processor is configured to receive the decrypted program code;
  
  wherein the decrypted program code is executable by the processor.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein:
    - the decrypted program code comprises a key; and
      
      the processor is operable to decrypt further program code using the key from the decrypted program code.
  - 9. The system of claim 8, wherein:
    - the configuration data is also encapsulated within the bitstream;
      
      the configuration module is further configured to instantiate circuitry, specified by the configuration data, within programmable circuitry of the IC; and
      
      the circuitry implements a data port through which the decrypted program code is provided to the processor.
  - 10. The system of claim 9, wherein:
    - the instantiated circuitry further comprises a memory coupled to the data port.
  - 11. The system of claim 7, wherein the configuration module is further configured to output decrypted program code from the decryptor through the configuration port.

12. A method, comprising:
- loading encrypted program code encapsulated within a bitstream into an integrated circuit (IC) through a configuration port of the IC;
  
  decrypting the encrypted program code using a decryptor of the IC resulting in decrypted program code;
  
  wherein the decryptor and the configuration port are implemented as non-programmable hard circuitry within the IC and the decrypted program code is executable by a processor; and
  
  providing the decrypted program code to the processor by loading configuration data specifying circuitry for implementation within programmable circuitry of the IC, wherein the circuitry specifies a data port that, when instantiated within the IC, forms a path through which the decrypted program code is provided to the processor.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the configuration data is also encapsulated within the bitstream, the method further comprising:
    - distinguishing between the encrypted program code and the configuration data.
  - 14. The method of claim 12, wherein providing the decrypted program code to the processor further comprises:
    - first instantiating the circuitry within the IC.
  - 15. The method of claim 12, wherein the decrypted program code comprises a key, the method further comprising:
    - decrypting further encrypted program code using the processor and the key from the decrypted program code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Inventors
Lu, Ting, Trimberger, Stephen M., Edwards, Eric E., Lu, Weiguang, Li, Kam-Wing
Primary Examiner(s)
Hoffman, Brandon

Application Number

US12/909,493
Time in Patent Office

2,203 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/30   Monitoring

G06F 12/14   Protection against unauthor...

G06F 21/575   Secure boot

Secure processor operation using integrated circuit configuration circuitry

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Secure processor operation using integrated circuit configuration circuitry

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links