bitstream secrecy
Sébastien Bourdeauducq
sebastien.bourdeauducq at lekernel.net
Tue Sep 7 18:54:04 EDT 2010
Forgot to say that:
* the Xilinx toolchain accepts EDIF: so it can be interfaced with an open
source synthesis front-end
* the Xilinx toolchain can convert between the proprietary/binary NCD format
and the human readable XDL format.
* The NCD format (used by most of the Xilinx tools) is basically a bitstream
in a different format and with additional information (net names, unrouted
nets, etc.) that is stripped down before downloading to a FPGA chip. It can be
edited at chip level using a tool called "FPGA Editor", and can be converted
into bitstream format. So a 3rd party P&R tool can be made to put out XDL for
debugging both with the real chip and by examining the result in FPGA Editor -
without any reverse engineering of the bitstream format proper, just by using
the XDL format and appropriate XDL->NCD and NCD->BIT conversion programs.
By the way: NCD stands for "NeoCAD Circuit Description". At one point, one
startup company, NeoCAD, was developing alternative P&R and timing tools for
Xilinx devices (via reverse engineering it seems). After somewhat conflicting
relations with Xilinx, they eventually got bought out by Xilinx
(http://findarticles.com/p/articles/mi_m0EKF/is_n2059_v41/ai_16836512/) who
"blessed" the NeoCAD suite as their default toolchain. Interestingly enough,
the Lattice tools are also "rebranded" NeoCAD tools, but I do not know the
story behind this.
If you used the Xilinx tools in command line (even in 2010), you can clearly
see the NeoCAD legacy in the very program output:
http://www.slac.stanford.edu/BFROOT/www/Detector/Trigger/ift/Interface/FC/FC_LBL/fc_code/orca/neocad.dir.v.1.1/5_1.par
So you see, reverse engineering is possible ;)
Another interesting paper on the bitstream format:
http://www.cl.cam.ac.uk/~sd410/papers/fpga_security.pdf
S.
More information about the discussion
mailing list