The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs

Abstract

The security of FPGAs is a crucial topic, as any vulnera-bility within the hardware can have severe consequences, ifthey are used in a secure design. Since FPGA designs areencoded in a bitstream, securing the bitstream is of the utmostimportance. Adversaries have many motivations to recoverand manipulate the bitstream, including design cloning, IPtheft, manipulation of the design, or design subversions e.g.,through hardware Trojans. Given that FPGAs are often part ofcyber-physical systems e.g., in aviation, medical, or industrialdevices, this can even lead to physical harm. Consequently,vendors have introduced bitstream encryption, offering au-thenticity and confidentiality. Even though attacks againstbitstream encryption have been proposed in the past, e.g.,side-channel analysis and probing, these attacks require so-phisticated equipment and considerable technical expertise.In this paper, we introduce novel low-cost attacks againstthe Xilinx 7-Series (and Virtex-6) bitstream encryption, re-sulting in the total loss of authenticity and confidentiality. Weexploit a design flaw which piecewise leaks the decrypted bit-stream. In the attack, the FPGA is used as a decryption oracle,while only access to a configuration interface is needed. Theattack does not require any sophisticated tools and, dependingon the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.