We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 40360

FPGA - What are the methods to protect the FPGA bitstream against unauthorized duplication?


How many techniques does Xilinx provide to protect the FPGA bitstream?


First of all, you should specify the design security level by selecting whether or not to allow the readback and reconfiguration of the device during generation of the bitstream.

The most powerful techniques are AES with the battery-backed SRAM key, or AES with the eFUSE key (7 series, Virtex-6, Spartan-6 devices; Virtex-5 FPGA does not support eFUSE). Also, there is an on-chip bitstream keyed-Hash Message Authentication Code (HMAC) algorithm implemented in hardware to provide additional security beyond that provided by the AES decryption alone. (7 series, Virtex-6 devices)

Device identification is a third technique which uses a lower level of security and a device DNA (7 series, Virtex-6, Spartan-6, extended Spartan-3A devices).

Besides, the customer can use an external encryption device, a secure EEPROM, to protect the design. First, calculate a verification code, then compare it with the one from the secure EEPROM. Details and reference designs can be found at: http://www.xilinx.com/support/documentation/application_notes/xapp780.pdf. This is useful in more cost-sensitive applications where the level of security required is limited. This concept can be applied to all FPGA families.

AR# 40360
Date 01/22/2013
Status Active
Type General Article
  • FPGA Device Families