A prototype of trusted platform functionality on reconfigurable hardware for bitstream updates

摘要

This contribution proposes a secure and efficient method for updating reconfigurable hardware devices like FPGAs by using trusted computing technology. An interesting application is latent in the domain of embedded systems like in the automotive sector when durable products shall be updated in the field while stringent safety and security constraints have to be met. We propose an architecture to send arbitrary FPGA configuration bitstreams personalized to specific platforms over public channels. By using trusted platform modules we achieve a secure delivery chain for IP cores without the need of predefined shared secrets or keys. Furthermore integrity and confidentiality of the IP and enforcement of usage policies can be guaranteed. This enables the vendor to ensure a correct configuration of the device in order to adhere safety commitments. As a side effect such methods can also be used to deliver IP-cores from multiple IP vendors to remote devices securely and efficiently.