Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Synopsys P1735 Proposals Dave Graubart & Parminder Gill November 1, 2010.

Similar presentations


Presentation on theme: "1 Synopsys P1735 Proposals Dave Graubart & Parminder Gill November 1, 2010."— Presentation transcript:

1 1 Synopsys P1735 Proposals Dave Graubart & Parminder Gill November 1, 2010

2 2 Problem Statement Requirements Proposals Plan: Between now and next meeting: collect feedback and contribute to Twiki Agenda

3 3 Interoperability needs not yet met –Rights management –More complex tool flows –EDA tool version control These are essential for Synopsys FPGA synthesis in first version of 1735 We’re now prepared to make contributions Problem Statement

4 4 More Complex Tool Flow C or M High level synthesis RTL RTL synthesis SDC Formal Verification Simulation Netlist Placed Netlist Place & Route

5 5 1.Extensibility to any language 2.Tool rights 3.User rights 4.IP creation tool 5.Control of authorized tool versions Requirements

6 6 Support existing envelope for Verilog and VHDL Support envelope as header in any file –Useful for C, M (Matlab), Edif, SDC, and others Requirement 1: Extensibility to any language

7 7 Create rights/control block per key block –Plain text so end-user can view –Digest line that is tamper-proof and tightly associated with IP –Each right can be conditional Narrow scope of public key: key for single tool or family of similar tools, not one key for a big EDA vendor Requirement 2: Tool Rights

8 8 Identical mechanism to Tool Rights Use conditional syntax where condition varies by user Condition can be satisfied in multiple ways such as –License requirement –Password –One-time activation –Arbitrary mechanism Requirement 3: User Rights

9 9 Lower barrier for IP author participation Synopsys can contribute script that uses OpenSSL to process: –Encryption envelope or source plus commands –Key repository Requirement 4: Tool for IP Author

10 10 Allow IP author to specify minimum version of tool –After security fix –After functional enhancement Avoid expensive introduction of new keys Different than P1735 version Requirement 5: Control of authorized tool versions

11 11 Details and Proposed Solutions

12 12 Encrypted Synthesis flow RTL Compile Map Netlist Compiler log messages Mapper log messages Log file Technology view RTL view Graphical Views

13 13 Encrypted Synthesis flow RTL Compile Map Netlist Compiler log messages Mapper log messages Log file Technology view RTL view Graphical Views Technology view Mapper log messages Netlist RTL view Compiler log messages Netlist

14 14 Encrypted Synthesis flow RTL Compile Map Netlist Compiler log messages Mapper log messages Log file Technology view RTL view Graphical Views Technology view Mapper log messages Netlist RTL view Compiler log messages Netlist Visibility Log Messages Output Method None, No-name, No-restriction None, Interfaces, No-restriction None, Encrypted, Obfuscated Plain-text

15 15 Introducing Control Block Key Block - Simulation User Decryption Envelope (current) Key Block - Synthesis User Data Block

16 16 Introducing Control Block Key Block - Simulation User Decryption Envelope (enhanced) Key Block - Synthesis User Data Block Control Block - Synthesis User Basic encryption Encryption with fine grained controls

17 17 Enhancing Key Block Key Block - Simulation User Decryption Envelope (current) Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block)

18 18 Enhancing Key Block Key Block - Simulation User Decryption Envelope (enhanced) Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block) Control Block – Synthesis User Session Key (for control-block)

19 19 Enhancing Key Block Key Block - Simulation User Decryption Envelope (enhanced) Session Key (for data-block) Key Block – Synthesis User B Session Key (for data-block) Control Block – Synthesis User B Session Key (for control-block) Key Block – Synthesis User A Session Key (for data-block) Control Block – Synthesis User A Session Key (for control-block) Separate Control block for each tool Separate Control block session key for each tool

20 20 Defining Control Block Key Block - Simulation User Decryption Envelope (enhanced) Key Block - Synthesis User Control Block Control Line: Right=value Control Line: Right=value, condition Control Digest

21 21 Syntax Proposal – Key Block `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected Decryption Envelope (current) encoded encrypted

22 22 Syntax Proposal – Key Block `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected Decryption Envelope (enhanced) encoded encrypted

23 23 Syntax Proposal – Control Block `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected Decryption Envelope (re-spaced)

24 24 Syntax Proposal – Control Block `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect = `protect =, `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect = `protect =, `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected Decryption Envelope (enhanced)

25 25 Control Block – Internal Details Key Block - Simulation User Decryption Envelope (enhanced) Data Block Control Block Control Line: Right=value Control Line: Right=value, condition Control Digest

26 26 Syntax Example – Control Block `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=unrestricted, data_state=mapped `protect control_log_messages=noname `protect control_output_method=encrypted `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=unrestricted, data_state=mapped `protect control_log_messages=noname `protect control_output_method=encrypted `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected Decryption Envelope (enhanced with examples)

27 27 Introducing Tool Version Key Block - Simulation User Decryption Envelope (enhanced) Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block) Control Block – Synthesis User Session Key (for control-block) Tool Version Synthesis User Tool with version older than this is not allowed to read this IP

28 28 Syntax – Tool Version `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= tool-version= `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key= control-session-key= tool-version= `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected Decryption Envelope (enhanced with examples)

29 29 Encryption Script (for IP Vendors) IP Source File Verilog source VHDL Source … IP Source File Verilog source VHDL Source … Key Repository IP User A = IP User B = Key Repository IP User A = IP User B = Encryption Tool/Script Encrypted IP Source (Decryption Envelope) Encrypted IP Source (Decryption Envelope)

30 30 Encryption Script – Enhancements (for non-HDL files) IP Source File C/EDIF source Design constraints … IP Source File C/EDIF source Design constraints … Key Repository IP User A = IP User B = Key Repository IP User A = IP User B = Encryption Tool/Script IP Encryption Header `protect pragmas IP Encryption Header `protect pragmas Encrypted IP Source (Decryption Envelope) Encrypted IP Source (Decryption Envelope)

31 31 Syntax Example – Encryption Header `protect key_keyowner=“IP User”, key_method=“rsa”, key_block `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect data_method=“des-cbc”, begin.c `protect end `protect key_keyowner=“IP User”, key_method=“rsa”, key_block `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect data_method=“des-cbc”, begin.c `protect end Encryption Header file Optional. If present, ensures encryption header is linked to specified file only

32 32 End Thank You


Download ppt "1 Synopsys P1735 Proposals Dave Graubart & Parminder Gill November 1, 2010."

Similar presentations


Ads by Google