Synopsys p1735 proposals
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

Synopsys P1735 Proposals PowerPoint PPT Presentation


  • 227 Views
  • Uploaded on
  • Presentation posted in: General

Synopsys P1735 Proposals. Dave Graubart & Parminder Gill November 1, 2010. Agenda. Problem Statement Requirements Proposals Plan: Between now and next meeting: collect feedback and contribute to Twiki. Problem Statement. Interoperability needs not yet met Rights management

Download Presentation

Synopsys P1735 Proposals

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Synopsys p1735 proposals

Synopsys P1735 Proposals

Dave Graubart & Parminder Gill

November 1, 2010


Agenda

Agenda

Problem Statement

Requirements

Proposals

Plan: Between now and next meeting: collect feedback and contribute to Twiki


Problem statement

Problem Statement

  • Interoperability needs not yet met

    • Rights management

    • More complex tool flows

    • EDA tool version control

  • These are essential for Synopsys FPGA synthesis in first version of 1735

  • We’re now prepared to make contributions


More complex tool flow

More Complex Tool Flow

C or M

High level synthesis

RTL

SDC

Simulation

RTL synthesis

Netlist

Formal Verification

Place & Route

PlacedNetlist


Requirements

Requirements

Extensibility to any language

Tool rights

User rights

IP creation tool

Control of authorized tool versions


Requirement 1 extensibility to any language

Requirement 1: Extensibility to any language

  • Support existing envelope for Verilog and VHDL

  • Support envelope as header in any file

    • Useful for C, M (Matlab), Edif, SDC, and others


Requirement 2 tool rights

Requirement 2: Tool Rights

  • Create rights/control block per key block

    • Plain text so end-user can view

    • Digest line that is tamper-proof and tightly associated with IP

    • Each right can be conditional

  • Narrow scope of public key: key for single tool or family of similar tools, not one key for a big EDA vendor


Requirement 3 user rights

Requirement 3: User Rights

  • Identical mechanism to Tool Rights

  • Use conditional syntax where condition varies by user

  • Condition can be satisfied in multiple ways such as

    • License requirement

    • Password

    • One-time activation

    • Arbitrary mechanism


Requirement 4 tool for ip author

Requirement 4: Tool for IP Author

  • Lower barrier for IP author participation

  • Synopsys can contribute script that uses OpenSSL to process:

    • Encryption envelope or source plus commands

    • Key repository


Requirement 5 control of authorized tool versions

Requirement 5: Control of authorized tool versions

  • Allow IP author to specify minimum version of tool

    • After security fix

    • After functional enhancement

  • Avoid expensive introduction of new keys

  • Different than P1735 version


Synopsys p1735 proposals

Details and Proposed Solutions


Encrypted synthesis flow

Encrypted Synthesis flow

RTL

Log file

Graphical Views

Compile

Compiler log messages

RTL view

Map

Mapper log messages

Technology view

Netlist


Encrypted synthesis flow1

Encrypted Synthesis flow

RTL

Log file

Graphical Views

Compile

Compiler log messages

RTL view

Compiler log messages

RTL view

Map

Mapper log messages

Technology view

Mapper log messages

Technology view

Mapper log messages

Technology view

Netlist

Netlist

Netlist

Netlist


Encrypted synthesis flow2

Encrypted Synthesis flow

RTL

Log file

Graphical Views

Compile

Compiler log messages

RTL view

Compiler log messages

RTL view

Map

Mapper log messages

Technology view

Mapper log messages

Technology view

Mapper log messages

Technology view

Netlist

Netlist

None,

No-name,

No-restriction

Netlist

Log Messages

None,

Interfaces,

No-restriction

Netlist

Visibility

None,

Encrypted,

Obfuscated

Plain-text

Output Method


Introducing control block

Introducing Control Block

Decryption Envelope (current)

Key Block - Simulation User

Key Block - Synthesis User

Data Block


Introducing control block1

Introducing Control Block

Decryption Envelope (enhanced)

Basic encryption

Key Block - Simulation User

Key Block - Synthesis User

Encryption with fine grained controls

Control Block - Synthesis User

Data Block


Enhancing key block

Enhancing Key Block

Decryption Envelope (current)

Key Block - Simulation User

Session Key (for data-block)

Key Block – Synthesis User

Session Key (for data-block)


Enhancing key block1

Enhancing Key Block

Decryption Envelope (enhanced)

Key Block - Simulation User

Session Key (for data-block)

Key Block – Synthesis User

Session Key (for data-block)

Session Key (for control-block)

Control Block – Synthesis User


Enhancing key block2

Enhancing Key Block

Decryption Envelope (enhanced)

Key Block - Simulation User

Session Key (for data-block)

Key Block – Synthesis User A

Session Key (for data-block)

Session Key (for control-block)

Separate Control block for each tool

Control Block – Synthesis User A

Key Block – Synthesis User B

Session Key (for data-block)

Separate Control block session key for each tool

Session Key (for control-block)

Control Block – Synthesis User B


Defining control block

Defining Control Block

Decryption Envelope (enhanced)

Key Block - Simulation User

Key Block - Synthesis User

Control Block

Control Line: Right=value

Control Line: Right=value, condition

Control Digest


Syntax proposal key block

Syntax Proposal – Key Block

Decryption Envelope (current)

`protect begin_protected

`protect key_keyowner=“IP User”, key_method=“rsa”

`protect encoding=(enctype=“base64”, …), key_block

<session key>

`protect data_method=“des-cbc”

`protect encoding=(enctype=“base64”, …), data_block

encoded encrypted IP

`protect end_protected

encoded encrypted


Syntax proposal key block1

Syntax Proposal – Key Block

Decryption Envelope (enhanced)

`protect begin_protected

`protect key_keyowner=“IP User”, key_method=“rsa”

`protect encoding=(enctype=“base64”, …), key_block

data-session-key=<session key>

control-session-key=<control session key>

`protect data_method=“des-cbc”

`protect encoding=(enctype=“base64”, …), data_block

encoded encrypted IP

`protect end_protected

encoded encrypted


Syntax proposal control block

Syntax Proposal – Control Block

Decryption Envelope (re-spaced)

`protect begin_protected

`protect key_keyowner=“IP User”, key_method=“rsa”

`protect encoding=(enctype=“base64”, …), key_block

data-session-key=<session key>

control-session-key=<control session key>

`protect data_method=“des-cbc”

`protect encoding=(enctype=“base64”, …), data_block

encoded encrypted IP

`protect end_protected


Syntax proposal control block1

Syntax Proposal – Control Block

Decryption Envelope (enhanced)

`protect begin_protected

`protect key_keyowner=“IP User”, key_method=“rsa”

`protect encoding=(enctype=“base64”, …), key_block

data-session-key=<session key>

control-session-key=<control session key>

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block

`protect <right>=<value>

`protect <right>=<value>, <conditions>

`protect encoding=(enctype=“base64”, …), control_digest

encoded encrypted control digest

`protect data_method=“des-cbc”

`protect encoding=(enctype=“base64”, …), data_block

encoded encrypted IP

`protect end_protected


Control block internal details

Control Block – Internal Details

Decryption Envelope (enhanced)

Key Block - Simulation User

Control Block

Control Line: Right=value

Control Line: Right=value, condition

Control Digest

Data Block


Syntax example control block

Syntax Example – Control Block

Decryption Envelope (enhanced with examples)

`protect begin_protected

`protect key_keyowner=“IP User”, key_method=“rsa”

`protect encoding=(enctype=“base64”, …), key_block

data-session-key=<session key>

control-session-key=<new session key>

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block

`protect control_visibility=none

`protect control_visibility=unrestricted, data_state=mapped

`protect control_log_messages=noname

`protect control_output_method=encrypted

`protect control_output_method=plain-text, license=(…)

`protect encoding=(enctype=“base64”, …), control_digest

encoded encrypted control digest

`protect data_method=“des-cbc”

`protect encoding=(enctype=“base64”, …), data_block

encoded encrypted IP

`protect end_protected


Introducing tool version

Introducing Tool Version

Decryption Envelope (enhanced)

Key Block - Simulation User

Session Key (for data-block)

Key Block – Synthesis User

Session Key (for data-block)

Session Key (for control-block)

Synthesis User Tool with version older than this is not allowed to read this IP

Tool Version

Control Block – Synthesis User


Syntax tool version

Syntax – Tool Version

Decryption Envelope (enhanced with examples)

`protect begin_protected

`protect key_keyowner=“IP User”, key_method=“rsa”

`protect encoding=(enctype=“base64”, …), key_block

data-session-key=<session key>

control-session-key=<new session key>

tool-version=<version number>

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block

`protect control_visibility=none

`protect control_visibility=full, data_state=mapped

`protect control_log_messages=noname

`protect control_output_method=obfuscated

`protect control_output_method=plain-text, license=(…)

`protect encoding=(enctype=“base64”, …), control_digest

encoded encrypted control digest

`protect data_method=“des-cbc”

`protect encoding=(enctype=“base64”, …), data_block

encoded encrypted IP

`protect end_protected


Encryption script for ip vendors

Encryption Script (for IP Vendors)

IP Source File

Verilog source

VHDL Source

Encrypted IP Source

(Decryption Envelope)

Encryption Tool/Script

Key Repository

IP User A = <Public Key>

IP User B = <Public Key>


Encryption script enhancements for non hdl files

Encryption Script – Enhancements(for non-HDL files)

IP Source File

C/EDIF source

Design constraints

Encrypted IP Source

(Decryption Envelope)

Encryption Tool/Script

IP Encryption Header

`protect pragmas

Key Repository

IP User A = <Public Key>

IP User B = <Public Key>


Syntax example encryption header

Syntax Example – Encryption Header

Encryption Header file

`protect key_keyowner=“IP User”, key_method=“rsa”, key_block

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block

`protect control_visibility=none

`protect control_visibility=full, data_state=mapped

`protect control_log_messages=noname

`protect control_output_method=obfuscated

`protect control_output_method=plain-text, license=(…)

`protect data_method=“des-cbc”, begin

<IP Source File>.c

`protect end

Optional. If present, ensures encryption header is linked to specified file only


Synopsys p1735 proposals

End

Thank You


  • Login