As an example of this basic field logic update process, Fig 1 illustrates Lattice's four-step "Transparent Field Reconfiguration" or TransFR process. A number of Lattice's FPGA architectures support this flow.
1. The four-step TransFR process.
These four requirements are the basic steps to follow for access to the FPGA "Fountain of Youth": the ability to refresh and add years of life to FPGA-based designs. However, there are also issues of field logic update reliability and security to be considered as follows:
- What happens to the system if the new, updated FPGA bitstream gets corrupted during the remote configuration process?
- How is the Intellectual Property (IP) embedded in the FPGA bitstream protected throughout the field logic update process?
Dual boot for field logic update reliability
While the stored FPGA configuration is being updated, there is always the risk that a power or communications failure could result in a corrupted configuration and a non-operational system. One approach to guard against this possibility is the use of Dual Boot, whereby a second, or "golden," configuration is stored in boot memory and is always available in the event of a failed configuration attempt. With this approach, the system will always recover.
Some SRAM-based FPGA architectures support multiple boot images (or configuration bitstreams) in a single SPI Flash boot memory. Some non-volatile SRAM/Flash FPGA architectures store the active boot image in the on-chip Flash and have the golden boot image available in a dedicated SPI Flash boot memory.
As an example of a Dual Boot implementation, Fig 2 illustrates the Dual Boot capability of the LatticeXP2 family of non-volatile, embedded Flash, FPGAs.
2. Dual boot capability.
Encryption for design security
There are a number of FPGA architectures in the marketplace that support bitstream encryption (typically 128-bit AES Encryption). The FPGA system designer creates an encryption key that is programmed into the FPGA silicon and also incorporated into the encrypted bitstream itself. The encrypted bitstream is introduced to the FPGA silicon, whose on-chip decryption engine – in combination with the stored encryption key – decrypts the encrypted bitstream prior to downloading to the SRAM configuration memory. This flow allows sensitive design data to be protected during the field logic update process.
As an example of a 128-bit AES Encryption flow, Fig 3 illustrates the encryption capability of the LatticeXP2 family of non-volatile, embedded Flash, FPGAs.
3. Example encryption scenario.
Increasingly, system designers must be able to update their FPGA-based systems in the field so as to add years of life to their otherwise soon-to-be obsolete system designs. The challenge is to design with an FPGA fabric that – in addition to meeting the demands for field update reliability and security – supports the four fundamental requirements for field logic updates presented earlier in this article. Fortunately, there are FPGAs available in the marketplace today that support all of these requirements.
Steve Stark is the Director of Product Marketing for Lattice Semiconductor. Steve has been with Lattice 17 years and in the semiconductor industry 28 years.
Steve holds a B.S. Industrial Engineering degree from the University of Illinois and an MBA from Houston Baptist University. He can be contacted at firstname.lastname@example.org.