What technology area does this patent fall under?

Primary CPC classification G06F9/4401. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Secure boot using a field programmable gate array (FPGA)

US9600291B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9600291-B1
Application number	US-201414201016-A
Country	US
Kind code	B1
Filing date	Mar 7, 2014
Priority date	Mar 14, 2013
Publication date	Mar 21, 2017
Grant date	Mar 21, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

This disclosure describes techniques for ensuring security in an integrated circuit system that includes a processor subsystem and a configurable-logic (e.g., FPGA) subsystem, which is capable of storing code executed by the processor. Techniques for utilizing the configurable-logic to control the process of booting a processor in the processor subsystem securely are described. Because the configurable-logic may be on the same die as the processor in the integrated circuit, the configurable-logic may securely boot the processor inside the security boundary of the package containing the die.

First claim

Opening claim text (preview).

What is claimed is: 1. An integrated circuit comprising: a hard processor subsystem comprising: processor circuitry comprising a processor; and a boot read only memory (ROM); a field programmable gate array (FPGA) subsystem comprising: FPGA circuitry comprising a FPGA core and a FPGA memory; and an interface coupled to the hard processor subsystem and the FPGA subsystem, wherein the interface is configured to transmit data and control signals between the hard processor subsystem and the FPGA subsystem; wherein the processor of the hard processor subsystem is configured to: execute a first set of boot instructions stored in the boot ROM of the hard processor subsystem to boot the processor; and read, via the interface, a second set of boot instructions from a program object file (POF) stored in the FPGA memory to boot the processor and execute the second set of boot instructions after the FPGA core has authenticated the POF and after the first set of boot instructions has been executed. 2. The integrated circuit of claim 1 , wherein the FPGA core, in response to authenticating the POF, sends a signal to the processor circuitry indicating that the processor circuitry execute the second set of boot instructions. 3. The integrated circuit of claim 2 , wherein the FPGA circuitry comprises data authentication circuitry for authenticating the POF and wherein the processor circuitry and the FPGA circuitry are located on the same package. 4. The integrated circuit of claim 3 , wherein the boot ROM and the processor circuitry are located on the same die in the package. 5. The integrated circuit of claim 1 , wherein the FPGA core, in response to failing to authenticate the POF, declares boot failure. 6. The integrated circuit of claim 1 , wherein the FPGA core holds the processor circuitry in a secure state while the FPGA core authenticates the POF. 7. The integrated circuit of claim 1 , wherein the FPGA core causes data stored in a writable memory block included in the processor circuitry to be zeroed to ensure the processor circuitry is in a secure state. 8. An integrated circuit comprising: a hard processor subsystem comprising processor circuitry, wherein the processor circuitry comprises a processor and a boot read only memory (ROM); and a field programmable gate array (FPGA) subsystem comprising FPGA circuitry, wherein the FPGA comprises a FPGA core and a FPGA memory; and an interface coupled to the hard processor subsystem and the FPGA subsystem, wherein the interface is configured to transmit data and control signals between the hard processor subsystem and the FPGA subsystem; wherein the FPGA circuitry of the FPGA subsystem: receives instructions in a program object file (POF); authenticates the POF using data authentication circuitry, wherein the POF is authenticated after a first set of instructions stored in the boot ROM is executed by the processor to boot the processor; sends a signal to the processor circuitry via the interface, said signal causing data stored in at least one writable memory block included in the processor circuitry to be scrambled; and resets the processor via the interface after scrambling the data stored in the at least one writeable memory block. 9. The integrated circuit of claim 8 , wherein the FPGA core, in response to failing to authenticate the POF, declares boot failure. 10. The integrated circuit of claim 8 , wherein the first set of boot instructions stored in the boot ROM is non-secure code. 11. The integrated circuit of claim 8 , further comprising the processor executing a second set of boot instructions stored in the FPGA memory based on the POF. 12. The integrated circuit of claim 11 , wherein the second set of boot instructions stored in the FPGA memory is secure code. 13. The integrated circuit of claim 8 , wherein the boot ROM and processor circuitry are located on the same die. 14. A method for performing a secure boot in an integrated circuit comprising processor circuitry of a hard processor subsystem and field programmable gate array (FPGA) circuitry of an FPGA subsystem, the method comprising: executing, via the processor circuitry of the hard processor subsystem, a first set of boot instructions stored in a boot read only memory (ROM) of the processor circuitry to boot the processor circuitry; and reading, via the processor circuitry and an interface coupled to the hard processor subsystem and the FPGA subsystem, a second set of boot instructions from a program object file (POF) stored in a FPGA memory of the FPGA circuitry of the FPGA subsystem to boot the processor circuitry; and executing, via the processor circuitry, the second set of boot instructions after a FPGA core of the FPGA circuitry has authenticated the POF and after the first set of boot instructions has been executed. 15. The method of claim 14 , further comprising: in response to authenticating the POF, sending a signal to the processor circuitry indicating that the processor circuitry execute the second set of boot instructions. 16. The method of claim 15 , wherein the FPGA circuitry comprises data authentication circuitry for authenticating the POF and wherein the processor circuitry and the FPGA circuitry are located on the same package. 17. The method of claim 16 , wherein the boot ROM and the processor circuitry are located on the same die in the package. 18. The method of claim 14 , further comprising: in response to failing to authenticate the POF, declaring boot failure. 19. The method of claim 14 , further comprising holding the processor circuitry in a secure state while the FPGA circuitry authenticates the POF.

Assignees

Altera Corp

Inventors

Atsatt Sean R

Classifications

G06F9/4401Primary
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
G06F21/575
Secure boot · CPC title

Patent family

Related publications grouped by family.

View patent family 58286174

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9600291B1 cover?: This disclosure describes techniques for ensuring security in an integrated circuit system that includes a processor subsystem and a configurable-logic (e.g., FPGA) subsystem, which is capable of storing code executed by the processor. Techniques for utilizing the configurable-logic to control the process of booting a processor in the processor subsystem securely are described. Because the conf…
Who is the assignee on this patent?: Altera Corp
What technology area does this patent fall under?: Primary CPC classification G06F9/4401. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).