backhus,

That is something that we thought about. But, really what we talking
about is providing access to the crypto-engine through the general
interconnect, and control of that engine.

It was considered that anything we do in this regard would have to be
completely and thoroughly tested so as not to be a back door, and
compromise security.

It wasn't worth the work to have to prove we did not break something.

Even the JTAG is considered a real threat to security, so we have a
method of disabling it once you have been configured with your encrypted
bitstream (in V4 and V5).

Kevin of FPGA Journal is looking for student interns for some security
fun (in FPGAs). If anyone is interested, email me directly.

We submitted our V2 Pro to 9 schools and universities (and some
non-existent agencies) three years ago, and no one has broken the
security, or even compromised it. That is what our security is about:
we gave the students the complete schematics of the PCB, provided series
access for PDA attacks, etc. All we asked was: tell us the key, or
make the TRNG deliver non-random numbers (affect operation). We wqnt to
know every weakness so we can fix it in the next version (and hopefully
not break anything).

Austin

backhus wrote:
> Hi Austin,
> besides everything concerning the security gain of an encrypted
> bitstream I have a different question.
>
> Xilinx offers a similar feature too in its Virtex4 (and 5?) FPGAs.
> Now, that some silicon already is used up by the AES algorithm, wouldn't
> it be nice to make it accessible to the custumer? Just the Keyscheduler
> and the round function, not the key memory.
>
> Would be a nice feature for some custumers, but (nearly) no drawback for
> all others.
>
> Best regards
> Eilert