Cmod A7: How to add a coin-battery for bitstream encryption?

[David1234]

For bitstream encryption using battery-backed RAM, you are suppose to supply the Vccaux pin with voltage to keep the encryption key alive in memory.

1. Where is the Vccaux pin on the Cmod A7? (Hopefully it is not the VU pin because it would be really wasteful to power the whole FPGA just to keep the encryption key alive!)

2. What voltage is supposed to be supplied?

 

Thanks,

David

[D@n]

@David1234,

If you look at page 4 of the schematic found here, in the bottom of block B2, you can see that vccaux is tied to the VCC1V8 net generated by the power supply shown on page 7 of the same schematic.  While I suppose you might cut this trace and insert your battery, it appears to also power the rest of the FPGA as well.

Not sure where this leaves you going forward.  You could place the configuration key in flash.  I know the flash supports a one-time-programmable memory, but 1) I'm not sure if Xilinx would support finding a key there, and 2) anyone who can get access to the flash chip could then get your key.  Another option would be to program the device every time it powers up.  Then you are guaranteed that it will "lose" its state without power, but you'd need to give it the config file in some other fashion.  I would imagine the FTDI chip on board could deliver it, but ... Digilent hasn't made that interface public.

Dan

[David1234]

I noticed that on the schematic as well. The problem with using the eFuse is that the key can be read with a microscope if an attacker mills the FPGA down to the right level. If BBRAM is used instead, the attacker would go through the same process but would need an electron microscope to read the key. Anyway, I probed several pins on the FPGA board looking for a 1.8v source to tap into.  I ended up tapping into C42 on the 1.8vline and soldered a 1.5v battery and lead onto it. It works fine now and does store the key when the FPGA is powered off but I'm concerned about how much amperage the additional load is drawing. I could measure it but without a reference amperage for the key-only scenario, there is nothing to compare the current setup to. 1. Do you know how much amperage just keeping the key alive would draw? 2. What else is the 1.8v line powering? It can't be everything else because a lot of the system is 3.2v

[zygot]

Just curious,

What kind of friends to you have that would go to all the trouble of milling down your CMOD-A7 or have an electron microscope for such purposes? That must be some application you're working on.

The power supply runs the VCCAUX  rails of the FPGA as well as the VCCADC, VCCBATT and VCCINT rails. So you're powering everything but the IO banks with your battery. I haven't done the analysis as to what this is doing to the power supply or the FPGA and frankly don't care to. If you've got something that secretive you might want to look for another platform. Personally, I'd look at a different FPGA vendor for such an application.

 

[zygot]

Oh, and you didn't mention differential power analysis. Does the Artix device address that? I haven't checked. There are vendors with devices that do. Did anyone notice that secretive IC1 device not mentioned in the reference manual? (not that it helps your concerns )