Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dave Graubart & Parminder Gill November 1, 2010

Published byJosie Bevis Modified over 9 years ago

Similar presentations

Presentation on theme: "Dave Graubart & Parminder Gill November 1, 2010"— Presentation transcript:

1 Dave Graubart & Parminder Gill November 1, 2010
Synopsys P1735 Proposals Dave Graubart & Parminder Gill November 1, 2010

2 Agenda Problem Statement Requirements Proposals
Plan: Between now and next meeting: collect feedback and contribute to Twiki

3 Problem Statement Interoperability needs not yet met
Rights management More complex tool flows EDA tool version control These are essential for Synopsys FPGA synthesis in first version of 1735 We’re now prepared to make contributions

4 More Complex Tool Flow C or M High level synthesis RTL SDC Simulation
RTL synthesis Netlist Formal Verification Place & Route PlacedNetlist

5 Requirements Extensibility to any language Tool rights User rights
IP creation tool Control of authorized tool versions

6 Requirement 1: Extensibility to any language
Support existing envelope for Verilog and VHDL Support envelope as header in any file Useful for C, M (Matlab), Edif, SDC, and others

7 Requirement 2: Tool Rights
Create rights/control block per key block Plain text so end-user can view Digest line that is tamper-proof and tightly associated with IP Each right can be conditional Narrow scope of public key: key for single tool or family of similar tools, not one key for a big EDA vendor

8 Requirement 3: User Rights
Identical mechanism to Tool Rights Use conditional syntax where condition varies by user Condition can be satisfied in multiple ways such as License requirement Password One-time activation Arbitrary mechanism

9 Requirement 4: Tool for IP Author
Lower barrier for IP author participation Synopsys can contribute script that uses OpenSSL to process: Encryption envelope or source plus commands Key repository

10 Requirement 5: Control of authorized tool versions
Allow IP author to specify minimum version of tool After security fix After functional enhancement Avoid expensive introduction of new keys Different than P1735 version

11 Details and Proposed Solutions

12 Encrypted Synthesis flow
RTL Technology view RTL view Graphical Views Log file Compile Compiler log messages Map Mapper log messages Netlist

13 Encrypted Synthesis flow
RTL Graphical Views Log file Compile Compiler log messages RTL view Compiler log messages RTL view Map Technology view Mapper log messages Technology view Mapper log messages Technology view Mapper log messages Netlist Netlist Netlist Netlist

14 Encrypted Synthesis flow
RTL Graphical Views Log file Compile Compiler log messages RTL view Compiler log messages RTL view Map Technology view Mapper log messages Technology view Mapper log messages Technology view Mapper log messages Netlist Netlist Netlist Log Messages None, No-name, No-restriction None, Interfaces, No-restriction Netlist Visibility Output Method None, Encrypted, Obfuscated Plain-text

15 Introducing Control Block
Decryption Envelope (current) Key Block - Simulation User Key Block - Synthesis User Data Block

16 Introducing Control Block
Decryption Envelope (enhanced) Basic encryption Key Block - Simulation User Key Block - Synthesis User Encryption with fine grained controls Control Block - Synthesis User Data Block

17 Enhancing Key Block Decryption Envelope (current)
Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block)

18 Enhancing Key Block Decryption Envelope (enhanced)
Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block) Session Key (for control-block) Control Block – Synthesis User

19 Enhancing Key Block Decryption Envelope (enhanced)
Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User A Session Key (for data-block) Session Key (for control-block) Separate Control block for each tool Control Block – Synthesis User A Key Block – Synthesis User B Session Key (for data-block) Separate Control block session key for each tool Session Key (for control-block) Control Block – Synthesis User B

20 Defining Control Block
Decryption Envelope (enhanced) Key Block - Simulation User Key Block - Synthesis User Control Block Control Line: Right=value Control Line: Right=value, condition Control Digest

21 Syntax Proposal – Key Block
Decryption Envelope (current) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block <session key> `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected encoded encrypted

22 Syntax Proposal – Key Block
Decryption Envelope (enhanced) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<control session key> `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected encoded encrypted

23 Syntax Proposal – Control Block
Decryption Envelope (re-spaced) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<control session key> `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

24 Syntax Proposal – Control Block
Decryption Envelope (enhanced) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<control session key> `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect <right>=<value> `protect <right>=<value>, <conditions> `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

25 Control Block – Internal Details
Decryption Envelope (enhanced) Key Block - Simulation User Control Block Control Line: Right=value Control Line: Right=value, condition Control Digest Data Block

26 Syntax Example – Control Block
Decryption Envelope (enhanced with examples) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<new session key> `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=unrestricted, data_state=mapped `protect control_log_messages=noname `protect control_output_method=encrypted `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

27 Introducing Tool Version
Decryption Envelope (enhanced) Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block) Session Key (for control-block) Synthesis User Tool with version older than this is not allowed to read this IP Tool Version Control Block – Synthesis User

28 Syntax – Tool Version Decryption Envelope (enhanced with examples)
`protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<new session key> tool-version=<version number> `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

29 Encryption Script (for IP Vendors)
IP Source File Verilog source VHDL Source Encryption Tool/Script Encrypted IP Source (Decryption Envelope) Key Repository IP User A = <Public Key> IP User B = <Public Key>

30 Encryption Script – Enhancements (for non-HDL files)
IP Source File C/EDIF source Design constraints Encryption Tool/Script Encrypted IP Source (Decryption Envelope) IP Encryption Header `protect pragmas Key Repository IP User A = <Public Key> IP User B = <Public Key>

31 Syntax Example – Encryption Header
Encryption Header file `protect key_keyowner=“IP User”, key_method=“rsa”, key_block `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect data_method=“des-cbc”, begin <IP Source File>.c `protect end Optional. If present, ensures encryption header is linked to specified file only

32 End Thank You

Download ppt "Dave Graubart & Parminder Gill November 1, 2010"

Similar presentations

SOAP.

SOAP.
DCDL The Design Constraints Description Language An Emerging OVI Standard.

DCDL The Design Constraints Description Language An Emerging OVI Standard.
The Design Process Outline Goal Reading Design Domain Design Flow

The Design Process Outline Goal Reading Design Domain Design Flow
An Introduction to Synopsys Design Automation Jeremy Lee November 7, 2007.

An Introduction to Synopsys Design Automation Jeremy Lee November 7, 2007.
METRICS Standards and Infrastructure for Design Productivity Measurement and Optimization Andrew B. Kahng and Stefanus Mantik UCLA CS Dept., Los Angeles,

METRICS Standards and Infrastructure for Design Productivity Measurement and Optimization Andrew B. Kahng and Stefanus Mantik UCLA CS Dept., Los Angeles,
ECE 699: Lecture 2 ZYNQ Design Flow.

ECE 699: Lecture 2 ZYNQ Design Flow.
Foundation and XACTstepTM Software

Foundation and XACTstepTM Software
1 Chapter 7 Design Implementation. 2 Overview 3 Main Steps of an FPGA Design ’ s Implementation Design architecture Defining the structure, interface.

1 Chapter 7 Design Implementation. 2 Overview 3 Main Steps of an FPGA Design ’ s Implementation Design architecture Defining the structure, interface.
Digital System Design EEE344 Lecture 1 INTRODUCTION TO THE COURSE

Digital System Design EEE344 Lecture 1 INTRODUCTION TO THE COURSE
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
© 2011 Xilinx, Inc. All Rights Reserved This material exempt per Department of Commerce license exception TSU Xilinx Tool Flow.

© 2011 Xilinx, Inc. All Rights Reserved This material exempt per Department of Commerce license exception TSU Xilinx Tool Flow.
Robust Low Power VLSI R obust L ow P ower VLSI Memory Management Units for Instruction and Data Cache for OR1200 CPU Core Arijit Banerjee ASIC/SOC Class.

Robust Low Power VLSI R obust L ow P ower VLSI Memory Management Units for Instruction and Data Cache for OR1200 CPU Core Arijit Banerjee ASIC/SOC Class.
© 2003 Xilinx, Inc. All Rights Reserved CORE Generator System.

© 2003 Xilinx, Inc. All Rights Reserved CORE Generator System.
Chap. 1 Overview of Digital Design with Verilog. 2 Overview of Digital Design with Verilog HDL Evolution of computer aided digital circuit design Emergence.

Chap. 1 Overview of Digital Design with Verilog. 2 Overview of Digital Design with Verilog HDL Evolution of computer aided digital circuit design Emergence.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Ch.9 CPLD/FPGA Design TAIST ICTES Program VLSI Design Methodology Hiroaki Kunieda Tokyo Institute of Technology.

Ch.9 CPLD/FPGA Design TAIST ICTES Program VLSI Design Methodology Hiroaki Kunieda Tokyo Institute of Technology.
ASIC/FPGA design flow. FPGA Design Flow Detailed (RTL) Design Detailed (RTL) Design Ideas (Specifications) Design Ideas (Specifications) Device Programming.

ASIC/FPGA design flow. FPGA Design Flow Detailed (RTL) Design Detailed (RTL) Design Ideas (Specifications) Design Ideas (Specifications) Device Programming.
1 PAR Presentation DASC meeting at DAC, June 21, 2001 Project title: A standard for an Advanced Library Format (ALF) describing Integrated Circuit (IC)

1 PAR Presentation DASC meeting at DAC, June 21, 2001 Project title: A standard for an Advanced Library Format (ALF) describing Integrated Circuit (IC)
Xilinx Development Software Design Flow on Foundation M1.5

Xilinx Development Software Design Flow on Foundation M1.5

Similar presentations

Ads by Google