Method and apparatus for securing programming data of a programmable device

摘要

Configuration data for a programmable integrated circuit device is at least partially encrypted according to at least one encryption scheme. A plurality of key stores store a plurality of decryption keys for the at least one encryption scheme. Control circuitry identifies a required key from the at least partially encrypted configuration data and generates a key selection signal. Key selection circuitry responsive to the key selection signal reads the plurality of key stores and provides the required key to the control circuitry. The control circuitry may include decryption circuitry that decrypts the at least partially encrypted configuration data using the required key. In some embodiments, different portions of the configuration data, which may represent separate partial reconfigurations of the device, require different decryption keys. Keys may be generated from combinations of the contents of the key stores.

主权项

1. A programmable integrated circuit device comprising:
an input for configuration data for said programmable integrated circuit device, wherein said programmable integrated circuit device is partially reconfigurable by writing into said input, in different operations at different times, a first portion of configuration data and at least one respective additional portion of configuration data, said first portion of configuration data being at least partially encrypted according to a first encryption scheme, and said at least one respective additional portion of configuration data being at least partially encrypted according to a respective at least one additional encryption scheme different from said first encryption scheme; a plurality of key stores that store a plurality of respective keys for at least said first encryption scheme and said respective at least one additional encryption scheme; control circuitry that identifies required keys from said at least partially encrypted first portion of configuration data and said at least partially encrypted at least one respective additional portion of configuration data, and generates respective key selection signals; and key selection circuitry responsive to said respective key selection signals, that reads said plurality of key stores and provides said required keys to said control circuitry; wherein: said control circuitry includes decryption circuitry that decrypts said at least partially encrypted first portion of configuration data and said at least partially encrypted at least one respective additional portion of configuration data using respective ones of said required keys.