Practical Chip Design

One sure indication that low-power FPGAs are beginning to penetrate the domain of small ASICs in power-constrained applications is that the FPGA vendors are running headlong into new design requirements. That proof is reflected in the announcement this morning of a new Cyclone III line—the Cyclone III LS—from Altera. The mid-sized FPGA features low power consumption, plus two feature sets rather novel for Altera: design-protection to prevent reverse-engineering from discovering the programming data, and hardware-level isolation within the logic array to allow for both data security and hardware redundancy.

The low-power credentials of the part are notable for an SRAM-based device. Altera manager of product marketing Umar Mughal said the chip dissipated less than a quarter Watt of static power, primarily through use of TSMC's 60L low-leakage process. That process can have slightly higher dynamic power than the other 60 nm variants, and FPGAs, with their high-capacitance interconnect, can have a problem with dynamic power in general. Altera has attacked the issue with some—but relatively few—circuit-design changes to the Cyclone logic array. Instead, the company has reduced the number of I/Os, backed off to a lower speed grade, and put extensive dynamic power reduction features in Quartus II. "Quartus II can by itself make a 20-35 percent difference in power through internal optimizations," Mughal said.

This kind of attention to power can put an FPGA onto the shortlist for some—not all--applications that normally would have gone to a cell-based ASIC. That is apparently happening, because the Cyclone III LS shows up with some features that normally wouldn't be part of the SRAM FPGA repertoire, though they might be familiar to a user of Actel or QuickLogic, both of which companies have significant exposure in the low-end consumer and military markets.

It is in these areas that the new feature-sets are directed. The first cluster of features is around design security. The issue has obvious importance in the military area, where you don't really want an enemy to reverse-engineer the first battlefield radio they capture and extract all of your encryption algorithms. But design security is also of significance in the just-as-competitive—and sometimes nearly violent—world of low-end consumer electronics, where you can pretty well count on some of your first product shipments going into the reverse-engineering labs of competitors in low-cost countries.

The obvious first problem is the programming bit-stream that flows from an external ROM into an SRAM-based FPGA every time you turn the power on. Data encryption has become pretty standard for the programming stream, and the LS provides 256-bit AES. But the configuration data is subject to more invasive attacks as well. Intruders may try to alter the configuration to either reverse-engineer the part or alter its behavior. To counter this, Altera has provided a cyclic redundancy check on the configuration file.

More sophisticated still are efforts to crack into the chip during operation. The LS provides a lock-out on the JTAG port, preventing use of the chip's debug and test features. There is also provision for a small part of the logic array to run autonomously, with its own on-chip local oscillator for a clock. Thus an intruder cannot defeat the circuitry by stopping the clocks to the FPGA. Altera intends this area for a user-defined state machine. This machine has hardware inputs from the chip that detect either an attempt to read the AES-key storage or the configuration RAM. If either read occurs, the state machine has the ability to wipe the AES key or the configuration RAM itself, counterattacking against the exploit. At this point there doesn't appear to be any protection against exploits that rely on monitoring tiny changes in supply current, however.

There is one more interesting hardware feature to the LS, this one related to two user needs: data security and system reliability. These are both primarily, one suspects, results of interest in the Cyclone family from people building software-defined radios for the military. "SDR is moving from being just a voice-communications medium to full battlefield secure data networks," Mughal said. "That is changing the hardware requirements for SDR."

The LS doesn't appear to have gone as far as, for example, secure SmartCard controllers in detecting voltage-manipulation exploits, radiation from FIB systems, and loss of package integrity—yet. Mughal says the company is exploring what other signals may need to go into that security state machine.

The first issue is data security. In some situations, a network node must handle both ultra-secure and not-so-sensitive data streams, and it is vital that the hardware designer be able for formally prove that data cannot leak from one domain into the other. The surest way to do this is to have the two hardware blocks in two different chips, with clearly defined connections between the two. But in a hand-held or worn device, the extra substrate is not welcome.

Altera's approach has been to change the partitioning scheme for the long interconnect lines in the logic array. In essence, they have broken the longest lines so that there are no routing paths that pass directly through one partition on the array and into another. This, in conjunction with the programming tools, allows users to set up physically isolated blocks of logic in the array, and then to explicitly define what signals pass between the two. In principle, this would isolate the two blocks from each other even if an intruder managed to hack the less-secure one.

Finally, there is the matter of full redundancy. Xilinx demonstrated the value of full hardware redundancy years ago with a design win for the triple-redundant wheel-motor controllers on the Mars Rovers. Despite the relative radiation-softness of SRAM FPGAs, rad-tolerant and high-reliability applications continue to use the parts, relying on multiple-chip redundancy to minimize the probability of a system failure.

But in the kinds of applications a low-power Cyclone device is aiming for, there just isn't the real estate or the power for full multiple-chip redundancy. So Altera has worked out a way to use the aforementioned isolation partitioning of the logic array to accomplish nearly the same thing. It is possible to create at least two fully-isolated logic designs within on LS device. The separate blocks would presumably have separate power rails, clock trees, and I/O pins, but, Mughal admits, they would share a single I/O power grid.