270 likes | 427 Views
Lab:How to use SSG to build your security solution V1.0. Bob Yi Aug 4, 2008. Table of Contents. Introduction Objective Requirements Lab Steps Summary. Introduction. This Lab will show how to use SSG to speed up the development of security solution and mass production solution 。
E N D
Lab:How to use SSG to build your security solutionV1.0 Bob Yi Aug 4, 2008
Table of Contents • Introduction • Objective • Requirements • Lab Steps • Summary
Introduction This Lab will show how to use SSG to speed up the development of security solution and mass production solution。 SSG enable you customize your security solution via a GUI interface。 You may download an actual design,add security feature into it in minutes。 The basic flow is as below. • Pick a user application design electively • Implement the origin design (without authentication) • Run SSG to add the security funtion to the origin design • Re-Implement the design (NOW with authentication) • Change some settings in SSG, to observe the impact
Objective After you finish this lab, you will: • Become familiar with xilinx device-dna-based security solution flow • Understand the mass production flow • Utilize SSG tool customize and generate security design
Requirements • Hardware • Spartan 3AN Starter Kit Board • USB Cable • RS232 Cable • Laptop PC with ISE 10.1 (SP2) installed • Software • SSG tool • Hyperterminal • Source • ZIP file: ssg_examples.zip
STEPs The total lab is devided into 3 phases. Each phase will implement an individual task. Each phase contains several steps. • Steps of Phase 1: Implement the origin design in ISE (OPTIONAL)the phase will generate the design bitstream file (user_top.bit) without security feature.this phase is used for the goal to compare with the result of phase 3, If you’re familiar with these operations, You may jump the phase。 • Steps of Phase 2: Running SSGthe phase will generate the security core and the 2nd image (wcks.mcs) • Steps of Phase 3: Implement the authenticated design in ISEthe phase will generate the design mcs file (authentication.mcs) with security feature
Steps of Phase 1- Implement the origin design in ISE (1) 1.1. Download the zip file ssg_examples.zip or get it from instructor of course 1.2. Unzip the package to get the below directory • Ssg_examples • source audience can start from this directory • completed the completed version for comparation with audience’s result 1.2. Launch ISE 10.1- Project Navigator tool 1.3. Click【File】【Open Project】, Enter the source directory,Open the project “lab_ssg.ise”。 1.4. Browse the source RTL code Design hierarchy Structure: user_top top-level module +----- user_app user application module
Steps of Phase 1- Implement the origin design in ISE (1) 1.5. Click 【Generate Programming File】 in ISE’s “Processes” window 1.6. Connect USB cable between S3AN starter kit board with PC 1.7. Power on the S3AN starter kit board 1.8. Click 【Config Target Device】→ 【Manage Configuration File (iMPACT)】to download the design’s bitstream into targert board 1.9. Observe the result The LED lights flash in some rule, it present that user’s Application design runs
Browse the top level code (user_top.v) module user_top(tx_female,rx_female,sw,led,nf_ce,j2_30,j2_26,j2_22,j2_14,clk); … … … … … user_app instance_name ( .en(1’b1), //1 means enalbing the desing function .led(led), //you can change it to 1’b0 to disable the .clk(clk) // desing function ); endmodule
1. Click SSG icon to launch SSG tool 2. Apply to these settings as the below table Steps Of Phase 2- Running SSG (1) • Locate the “Step 2” page, Specify the user algorithm • Click “Load…” , then an Open-File-Dialog will pop-up, • Navigate the algorithm directory, find the file user_algorithm1.psm , select and highlight the file. • Click “Open” , then the algorithm code will fill the algorithm edit area。 • Final click “Apply” to save the content. • In the “Step 4” page, navigate the user contraint which are from S3A starter kit user guide
Browse User Algorithm CALL send_CR ;Send a CR to UART port LOAD sA,Flash_security_reg ;Get the value from the ISF Security Register FETCH s0,(sA) ; ...Work with the previous line LOAD sA,Flash_Fam_ID_start ;Get the value from the ISF Family ID FETCH s1,(sA) ; ...Work with the previous line XOR s0,s1 ;Operate using the above 2 values LOAD sA,CKvalue ;Save the result into Memory (CKValue) STORE s0,(sA) ; ...Work with the previous line LOAD s9, DNA_byte7 ;pointer to scratch pad memory ck_gen_loop: LOAD sA,CKvalue ;Re-Get the value of CKvalue. Prepare for the rest algorithm FETCH s0,(sA) ; ...Work with the previous line CALL send_hex_byte ; <*> Display via UART port CALL send_space CALL send_xor CALL send_xor CALL send_space ;------------------------------------------------------------------------------------------------------- ; for(address=DNA_byte7; address>DNA_byte0; address--) ; CKvalue = CKvalue xor *address; ;------------------------------------------------------------------------------------------------------- FETCH s0, (s9) ; get DNA byte 7 -- 0 CALL send_hex_byte CALL get_Yes_no_prompt LOAD sA,CKvalue FETCH s1,(sA) FETCH s0, (s9) XOR s0,s1 LOAD sA,CKvalue STORE s0,(sA) CALL send_equals LOAD sA,CKvalue FETCH s0,(sA) CALL send_hex_byte COMPARE s9, DNA_byte0 ;test for last byte displayed JUMP Z, ck_gen_done SUB s9, 01 CALL send_CR JUMP ck_gen_loop ck_gen_done: CALL send_CR CALL send_CKvalue CALL send_equals ;------------------------------------------------------------------------------------------------------- ; if(SW_port==0x00) //if the extra Switch is open, go further to append a extra algorithm ; ckvalue_change(CKvalue); ;-------------------------------------------------------------------------------------------------------
Browse User Algorithm INPUT s1,SW_port COMPARE s1,00 JUMP Z, ckvalue_change LOAD sA,CKvalue FETCH s0,(sA) CALL send_hex_byte CALL SPI_init ;FLASH disabled RETURN ;sub-routine ckvalue_change: CALL send_space CALL send_not CALL send_space LOAD sA,CKvalue FETCH s0,(sA) CALL send_hex_byte CALL send_equals LOAD sA,CKvalue FETCH s1,(sA) LOAD s0,ff SUB s0,s1 STORE s0,(sA) CALL send_hex_byte CALL SPI_init ;FLASH disabled
Browse the User Contraint # # Period constraint for 50MHz operation # NET "clk" PERIOD = 20.0ns HIGH 50%; # # # # soldered 50MHz Clock. # NET "clk" LOC = "E12" | IOSTANDARD = LVTTL; # # # UART connections # NET "tx_female" LOC = "F15" | IOSTANDARD = LVTTL | SLEW = SLOW | DRIVE = 4; NET "rx_female" LOC = "E16" | IOSTANDARD = LVTTL;
Steps of Phase 2- Running SSG (2) • In the “Step 5” page, Click 【Generate the security solution】button, a DOS console windows pops up。SSG will invoke some key functions of ISE to generate Security Core and 2nd image(known as CKV generator/writer) it will take few minutes to complete the process。Please be patient 。 • After finish the generation process,Click 【 Next>> 】 to enter “Step 6” Page, Click 【Open the final output directory ... 】 to open the final output directory。You can find there are 3 files: • Authentication.ngc • Authenticaton_wrapper.v • WCKV.mcs 6. Then copy these 3 files into “source” project directory
Steps of Phase 3 - Implement the authenticated design in ISE (1) 1. Switch to Launch ISE 10.1 tool 2. Enter the source directory,Open the project “lab_ssg.ise” again。 3. Click 【 Add source…】 to add the file “authentication_wrapper.v” which is copied in phase 2, Then modify the top level file (user_top.v), the final result is like the next slide. And to avoid to unexpected timing error, please add the below line into user contraint file. NET "instance_name/instance_name/cs0_b" TIG; 4. Browse the source RTL code again。 Design Hierarchy Structure user_toptop-level module +----- user_appuser application module +----- authentication user application module (New) Click【Generate Programming File】in ISE’s 【Processes】 window After finish this step, You can find the user application bitstream file user_top.bit Open a DOS console, and change the current direcotry to source project directory, the following 2 steps will be executed in the directory.
Browse the top-level code (user_top.v) module user_top(tx_female,rx_female, led, clk); … … … … // assign tx_female = 1’b1; comment this line authentication ins_auth ( .TX(tx_female), .RX(rx_female), .AUTH_EN(en), .CLK(clk) ); user_app instance_name ( .en(en), .led(led), .clk(clk) ); endmodule
Steps of Phase 3 - Implement the authenticated design in ISE (2) 7.Generate mcs file for user_top.bit(**To save time,you can copy the line from merge.bat) promgen -w -p mcs -c FF -s 2048 -spi -o user_top.mcs -u 000000 user_top.bitplease find merge.bat in merge dir of SSG 8 . Merge the 1st image (user_top.mcs) with 2nd image(wckv.mcs) generated by SSG wcks.mcs , use the following dos command (**To save time,you can copy this line from merge.bat) xmcsutil -accept_notice -i user_top.mcs wckv.mcs -o authentication.mcs -16 -useDataAddr -padFF -segaddr 0x000000 0x60000 Xmcsutil is a tool to manage mcs file, please find it in merge dir of SSG 9. Program the authentication.mcs into S3AN Internal flash using iMPACT tool 10. Connect USB cable between S3AN starter kit board with PC 11. Connect RS232 cable between S3AN starter kit board with PC
Steps of Phase 3 - Implement the authenticated design in ISE (3) 12. Open Hyperterminal Software, and apply settings as below. Baud Rate Setting 115200 8 N 1 13. Power on the S3AN starter kit board 14. Observe the authentication process Expected result: When power on the board, you can go through the process of authentication via uart output message。The expected flow is load 1st image authentication fail(LEDs light off) load 2nd image generate and write the check value re-power on the board -> authentication again pass (LEDs light on)。The following slide will show the work flow。
Observe the authentication process(1) Once the board is powerd on, the 1st image is boot-loaded. The welecom message appear The status is the current of ISF, Page Size means the size of each page, it could be 528,512,264,256 Security OPT includes the context of security table of ISF (len is 64bytes).
Observe the authentication process(2) The security register means the context of security register (its len also is 64 bytes), it is unique for every ISF device.
Observe the authentication process(4) Read out the value of Device DNA. The following shows the process of algorithm.
Observe the authentication process(5) Because the code can’t find the correct key value, so the authentication fail, the coming is to boot-load the 2nd image
Observe the authentication process(6) The 2nd image runs, then generate the check value, and store it in the specified location of ISF
Observe the authentication process(7) Re-Power on the board, it will be differenct from the first time. it can find the correct check value ,and authetication will pass. The LEDs light on
Summary It will speed up the development of security solution。You can generate an security core and the 2nd image。In your ISE project, you can import the security core。After the implement your user application design,you can merge the result with the 2nd image to obtain the final mcs file with authentication feature and mass production ability。