Autonomous, self-authenticating and self-contained secure boot-up system and methods

The invention claimed is: 1. A method for an autonomous, self-authenticating and self-contained secure boot-up process for FPGAs, wherein the method leverages PUFs to generate a decryption key at boot-up time for decrypting a second stage boot-up image and the method further comprises a SHA-3 hash algorithm operable in a functional mode and a PUF mode. 2. The method according to claim 1 , wherein the secure boot-up process boots from an unencrypted bitstream. 3. The method according to claim 2 , wherein configuration data of the FPGA with the unencrypted bitstream is read out and used as challenges to the PUF. 4. The method according to claim 3 , wherein any tamper that occurs with an externally stored unencrypted bitstream results in failure to generate a correct decryption key. 5. The method according to claim 4 , wherein the failure to generate the correct decryption key results in a failure to unencrypt the second stage boot-up image. 6. The method according to claim 5 , wherein tamper results in the fielded device failing to boot-up. 7. The method according to claim 1 , wherein the functional mode is configured to produce digests of configuration data that are later used as challenges for the PUF. 8. The method according to claim 1 , wherein the PUF mode is configured to use path delays within the SHA-3 hash algorithm to represent a source of entropy for generation of a unique and unclonable encryption/decryption key. 9. The method according to claim 1 further comprising time-to-digital-converter including a calibration method to obtain precise timing measurements of path delays in an entropy source. 10. The method according to claim 9 , wherein the entropy source is a SHA-3 hash algorithm. 11. The method according to claim 1 , wherein a clock is generated using a ring oscillator to eliminate use of a Xilinx multi-mode clock manager. 12. The method according to claim 1 , wherein embedded hardwired security features on the FPGA are not utilized. 13. The method according to claim 1 , wherein the PUF mode is configured to use path delays within components that implement the HELP algorithm itself. 14. The method according to claim 1 , wherein the PUF mode is configured to use path delays between components of the Xilinx internal access configuration register and the entire secure boot-up implementation. 15. The method according to claim 1 , wherein the PUF mode is configured to use path delays surrounding the entire secure boot-up implementation to provide a guard band preventing adversaries from adding information leakage channels to the secure boot-up implementation. 16. The method according to claim 1 further comprising a time-to-digital converter for obtaining high resolution measurements of path delays, which leverages the on-chip embedded carry chain components of the FPGA, to eliminate use of a Xilinx multi-mode clock manager. 17. The method according to claim 1 , wherein the second stage boot-up image comprises an application that runs in a fielded device. 18. A boot-up process method for a field programmable gate array (FPGA) comprising the steps of: during an enrollment phase, loading by a first stage boot loader (FSBL) an unencrypted bitstream into the FPGA; generating an encryption key from the unencrypted bitstream; using the encryption key to encrypt a second stage bootloader image; storing the unencrypted bitstream and the encrypted second stage bootloader image in an external non-volatile memory (NVM); during a regeneration phase, reading from the NVM the encrypted second stage bootloader image; generating a decryption key from the unencrypted bitstream; decrypting the encrypted second stage bootloader image using the decryption key. 19. The boot-up process method according to claim 18 , wherein the decryption key is destroyed after the decrypting step. 20. The boot-up process method according to claim 18 , wherein a physical unclonable function (PUF) is used to generate the decryption key. 21. The boot-up process method according to claim 20 , wherein the decryption key is generated by measuring variations in path delays. 22. A FPGA comprising an autonomous, self-authenticating and self-contained secure boot-up process that leverages PUFs to generate a decryption key at boot-up time for decrypting a second stage boot-up image and the FPGA further comprises a SHA-3 hash algorithm operable in a functional mode and a PUF mode. 23. The FPGA according to claim 22 , wherein the secure boot-up process boots from an unencrypted bitstream. 24. The FPGA according to claim 22 , wherein configuration data of the FPGA with the unencrypted bitstream is read out and used as challenges to the PUF.