Lab:How to use SSG to build your security solution V1.0 Bob Yi Aug 4, 2008

SSG User Guide 2 Table of Contents Introduction Objective Requirements Lab Steps Summary

SSG User Guide 3 Introduction This Lab will show how to use SSG to speed up the development of security solution and mass production solution 。 SSG enable you customize your security solution via a GUI interface 。 You may download an actual design ， add security feature into it in minutes 。 The basic flow is as below. – Pick a user application design electively – Implement the origin design (without authentication) – Run SSG to add the security funtion to the origin design – Re-Implement the design (NOW with authentication) – Change some settings in SSG, to observe the impact

SSG User Guide 4 Objective After you finish this lab, you will: 1. Become familiar with xilinx device-dna-based security solution flow 2. Understand the mass production flow 3. Utilize SSG tool customize and generate security design

SSG User Guide 5 Requirements Hardware – Spartan 3AN Starter Kit Board – USB Cable – RS232 Cable – Laptop PC with ISE 10.1 (SP2) installed Software – SSG tool – Hyperterminal Source – ZIP file: ssg_examples.zip

SSG User Guide 6 STEPs The total lab is devided into 3 phases. Each phase will implement an individual task. Each phase contains several steps. – Steps of Phase 1: Implement the origin design in ISE ( OPTIONAL ) the phase will generate the design bitstream file (user_top.bit) without security feature.this phase is used for the goal to compare with the result of phase 3, If you’re familiar with these operations, You may jump the phase 。 – Steps of Phase 2: Running SSG the phase will generate the security core and the 2nd image (wcks.mcs) – Steps of Phase 3: Implement the authenticated design in ISE the phase will generate the design mcs file (authentication.mcs) with security feature

SSG User Guide 7 Steps of Phase 1 - Implement the origin design in ISE (1) 1.1. Download the zip file ssg_examples.zip or get it from instructor of course 1.2. Unzip the package to get the below directory – Ssg_examples source audience can start from this directory completed the completed version for comparation with audience ’ s result 1.2. Launch ISE Project Navigator tool 1.3. Click 【 File 】  【 Open Project 】, Enter the source directory ， Open the project “lab_ssg.ise” 。 1.4. Browse the source RTL code Design hierarchy Structure: user_toptop-level module user_appuser application module

SSG User Guide 8 Steps of Phase 1 - Implement the origin design in ISE (1) 1.5. Click 【 Generate Programming File 】 in ISE’s “Processes” window 1.6. Connect USB cable between S3AN starter kit board with PC 1.7. Power on the S3AN starter kit board 1.8. Click 【 Config Target Device 】 → 【 Manage Configuration File (iMPACT) 】 to download the design’s bitstream into targert board 1.9. Observe the result The LED lights flash in some rule, it present that user’s Application design runs

SSG User Guide 9 Browse the top level code (user_top.v) module user_top(tx_female,rx_female,sw,led,nf_ce,j2_30,j2_26,j2_22,j2_14,clk); … user_app instance_name (.en(1 ’ b1), //1 means enalbing the desing function.led(led), //you can change it to 1 ’ b0 to disable the.clk(clk)// desing function ); endmodule

SSG User Guide 10 Steps Of Phase 2 - Running SSG (1) 1. Click SSG icon to launch SSG tool 2. Apply to these settings as the below table ItemValue “Step 1” PageDevice Type XC3S700AN Device Package FGG484 Speed Grade -4 UART for monitor Checked “Step2” PageAlgorithm U s e the last option “User Define Algorithm” Then the coming step will specify a user algorithm “Step 3” PageLayout of ISF The Location of CKV 0x3FFC10 Other Option Keep the default value Locate the “Step 2” page, Specify the user algorithm 1. Click “Load…”, then an Open-File-Dialog will pop-up, 2. Navigate the algorithm directory, find the file user_algorithm1.psm, select and highlight the file. 3. Click “Open”, then the algorithm code will fill the algorithm edit area 。 4. Final click “Apply” to save the content. In the “Step 4” page, navigate the user contraint which are from S3A starter kit user guide

SSG User Guide 11 Browse User Algorithm CALL send_CR;Send a CR to UART port LOAD sA,Flash_security_reg;Get the value from the ISF Security Register FETCH s0,(sA) ;...Work with the previous line LOAD sA,Flash_Fam_ID_start;Get the value from the ISF Family ID FETCH s1,(sA) ;...Work with the previous line XOR s0,s1;Operate using the above 2 values LOAD sA,CKvalue ;Save the result into Memory (CKValue) STORE s0,(sA) ;...Work with the previous line LOAD s9, DNA_byte7 ;pointer to scratch pad memory ck_gen_loop: LOAD sA,CKvalue ;Re-Get the value of CKvalue. Prepare for the rest algorithm FETCH s0,(sA) ;...Work with the previous line CALL send_hex_byte; Display via UART port CALL send_space CALL send_xor CALL send_space ; ; for(address=DNA_byte7; address>DNA_byte0; address--) ; CKvalue = CKvalue xor *address; ; FETCH s0, (s9) ; get DNA byte CALL send_hex_byte CALL get_Yes_no_prompt LOAD sA,CKvalue FETCH s1,(sA) FETCH s0, (s9) XOR s0,s1 LOAD sA,CKvalue STORE s0,(sA) CALL send_equals LOAD sA,CKvalue FETCH s0,(sA) CALL send_hex_byte COMPARE s9, DNA_byte0 ;test for last byte displayed JUMP Z, ck_gen_done SUB s9, 01 CALL send_CR JUMP ck_gen_loop ck_gen_done: CALL send_CR CALL send_CKvalue CALL send_equals ; ; if(SW_port==0x00) //if the extra Switch is open, go further to append a extra algorithm ;ckvalue_change(CKvalue); ;

SSG User Guide 12 Browse User Algorithm INPUT s1,SW_port COMPARE s1,00 JUMP Z, ckvalue_change LOAD sA,CKvalue FETCH s0,(sA) CALL send_hex_byte CALL SPI_init ;FLASH disabled RETURN ;sub-routine ckvalue_change: CALL send_space CALL send_not CALL send_space LOAD sA,CKvalue FETCH s0,(sA) CALL send_hex_byte CALL send_equals LOAD sA,CKvalue FETCH s1,(sA) LOAD s0,ff SUB s0,s1 STORE s0,(sA) CALL send_hex_byte CALL SPI_init ;FLASH disabled

SSG User Guide 13 Browse the User Contraint # # Period constraint for 50MHz operation # NET "clk" PERIOD = 20.0ns HIGH 50%; # # soldered 50MHz Clock. # NET "clk" LOC = "E12" | IOSTANDARD = LVTTL; # # UART connections # NET "tx_female" LOC = "F15" | IOSTANDARD = LVTTL | SLEW = SLOW | DRIVE = 4; NET "rx_female" LOC = "E16" | IOSTANDARD = LVTTL;

SSG User Guide 14 Steps of Phase 2 - Running SSG (2) 4. In the “Step 5” page, Click 【 Generate the security solution 】 button, a DOS console windows pops up 。 SSG will invoke some key functions of ISE to generate Security Core and 2nd image(known as CKV generator/writer) it will take few minutes to complete the process 。 Please be patient 。 5. After finish the generation process ， Click 【 Next>> 】 to enter “Step 6” Page ， Click 【 Open the final output directory... 】 to open the final output directory 。 You can find there are 3 files: Authentication.ngc Authenticaton_wrapper.v WCKV.mcs 6. Then copy these 3 files into “source” project directory

SSG User Guide 15 Steps of Phase 3 - Implement the authenticated design in ISE (1) 1. Switch to Launch ISE 10.1 tool 2. Enter the source directory ， Open the project “lab_ssg.ise” again 。 3. Click 【 Add source… 】 to add the file “authentication_wrapper.v” which is copied in phase 2, Then modify the top level file (user_top.v), the final result is like the next slide. And to avoid to unexpected timing error, please add the below line into user contraint file. NET "instance_name/instance_name/cs0_b" TIG;the next slide 4. Browse the source RTL code again 。 Design Hierarchy Structure user_top top-level module user_app user application module authentication user application module (New) 5. Click 【 Generate Programming File 】 in ISE’s 【 Processes 】 window After finish this step, You can find the user application bitstream file user_top.bit 6. Open a DOS console, and change the current direcotry to source project directory, the following 2 steps will be executed in the directory.

SSG User Guide 16 Browse the top-level code (user_top.v) module user_top(tx_female,rx_female, led, clk); … // assign tx_female = 1 ’ b1; comment this line authentication ins_auth (.TX(tx_female),.RX(rx_female),.AUTH_EN(en),.CLK(clk) ); user_app instance_name (.en(en),.led(led),.clk(clk) ); endmodule

SSG User Guide 17 Steps of Phase 3 - Implement the authenticated design in ISE (2) 7.Generate mcs file for user_top.bit (**To save time,you can copy the line from merge.bat) promgen -w -p mcs -c FF -s spi -o user_top.mcs -u user_top.bit please find merge.bat in merge dir of SSG 8. Merge the 1st image (user_top.mcs) with 2nd image(wckv.mcs) generated by SSG wcks.mcs, use the following dos command (**To save time,you can copy this line from merge.bat) xmcsutil -accept_notice -i user_top.mcs wckv.mcs - o authentication.mcs -16 -useDataAddr -padFF - segaddr 0x x60000 Xmcsutil is a tool to manage mcs file, please find it in merge dir of SSG 9. Program the authentication.mcs into S3AN Internal flash using iMPACT tool 10. Connect USB cable between S3AN starter kit board with PC 11. Connect RS232 cable between S3AN starter kit board with PC

SSG User Guide 18 Steps of Phase 3 - Implement the authenticated design in ISE (3) 12. Open Hyperterminal Software, and apply settings as below. Baud Rate Setting N Power on the S3AN starter kit board 14. Observe the authentication process Expected result: When power on the board, you can go through the process of authentication via uart output message 。 The expected flow is load 1st image  authentication  fail(LEDs light off)  load 2nd image  generate and write the check value  re-power on the board -> authentication again  pass (LEDs light on) 。 The following slide will show the work flow 。

SSG User Guide 19 Observe the authentication process(1) Once the board is powerd on, the 1st image is boot-loaded. The welecom message appear The status is the current of ISF, Page Size means the size of each page, it could be 528,512,264,256 Security OPT includes the context of security table of ISF (len is 64bytes).

SSG User Guide 20 Observe the authentication process(2) The security register means the context of security register (its len also is 64 bytes), it is unique for every ISF device.

SSG User Guide 21 Observe the authentication process(3)

SSG User Guide 22 Observe the authentication process(4) Read out the value of Device DNA. The following shows the process of algorithm.

SSG User Guide 23 Observe the authentication process(5) Because the code can’t find the correct key value, so the authentication fail, the coming is to boot-load the 2nd image

SSG User Guide 24 Observe the authentication process(6) The 2nd image runs, then generate the check value, and store it in the specified location of ISF

SSG User Guide 25 Observe the authentication process(7) Re-Power on the board, it will be differenct from the first time. it can find the correct check value,and authetication will pass. The LEDs light on

SSG User Guide 26 Summary It will speed up the development of security solution 。 You can generate an security core and the 2nd image 。 In your ISE project, you can import the security core 。 After the implement your user application design ， you can merge the result with the 2nd image to obtain the final mcs file with authentication feature and mass production ability 。

Thank You!