A SoC Design of TrustZone based Key Provisioning for FPGA IP Protection

With the rise of globalization, third party intellectual property 3PIP use in the system on chip SoC and the horizontal business model of outsourcing the manufacturing and packaging processes has improved the design time, cost and adoption of newer sub-micron technologies. This however results in sharing the intellectual property with system integrators and the offshore foundries which has resulted in the new security vulnerabilities of the semiconductor supply chain. IP protection laws aren’t consistent across all countries, so companies need to protect their IP from untrustworthy foundries attempting to pirate their design.In this work we propose "AAFLE" (Automated Application for FPGA Logic Encryption), an automated application for IP developers to protect their design with an automated flow to lock the design using state of the art logic locking schemes. We will propose a secure hardware isolation mechanism that leverages ARM TrustZone to enable a secure key provisioning system. The system uses TOPPERS/SafeG, a dual-OS monitor, which allows a execution of two operating systems simultaneously, a non-trusted OS confined to the isolated hardware and a trusted OS with access to the entire SoC. The non-secure OS is a Linux kernel with an application that will ask users for the correct key in order to unlock the system. The secure OS is an RTOS application that is responsible for storing and checking for a correct key input, as well as giving this key to the encrypted hardware in the programmable logic.