How do I use the Triple DES encryption feature in Virtex-II? Where do I find documentation for the Triple DES encryption feature in Virtex-II?
The Virtex-II Triple DES encryption feature is described in the Virtex-II Platform FPGA User Guide -> Design Considerations -> Using Bitstream Encryption at:
For new orders, if you plan to use the Triple DES feature, please inform your FAE or sales office when ordering the device. A specific ordering code might be required to ensure that the device is specifically tested for Triple DES.
The software flow for the bitstream encryption feature for these devices is as follows:
1. Set the stepping level in the UCF/NCF or the HDL file as follows :
CONFIG STEPPING = "1";
See (Xilinx Answer 14339) for the default value for the Config Stepping setting.
2. Apply BitGen commands as described in the User Guide (located at the link above).
For 2V1000, 2V3000, 2V4000, and 2V6000 devices, the default CONFIG STEPPING = 0.
If you order the device with the special ordering number, you will receive the stepping level 1 devices. In the ISE software, you MUST set the CONFIG STEPPING = 1 to ensure the generation of a correct bitstream.
If CONFIG STEPPING = 0 is set, the ISE software creates a bitstream that should be used only with stepping level 0 devices.
For existing devices that were not ordered with the specific ordering code, refer to the following information:
- Stepping level 1 devices (with enhanced multiplier support) listed in (Xilinx Answer 14339) support Triple DES as described in the User Guide. This is the preferred and supported method for Triple DES. However, a specific ordering code is required to order devices with the Triple DES feature. If not ordered with the specific ordering code, these devices are not tested for Triple DES. Please work with your FAE or sales office to obtain the correct devices.
- If your device is listed below (these are stepping level 0 devices), Triple DES encryption can be used after setting CONFIG STEPPING = 0.
Setting the config stepping to 0 and using the BitGen encrypt option produces a bitstream that configures the device in a slightly different sequence. This is NOT the preferred method and should only be used with guidance from Xilinx. A White Paper describing this in detail is available; to obtain it, contact your Xilinx FAE or Xilinx Technical Support.