現今很多嵌入式系統開發商將現場可程式化邏輯閘陣列 (FPGA) 的設計外包給知識產權 (IP) 設計公司。為了保護他們的 IP 設計 (FPGA的配置) 免受篡改,需要一種安全的認證方法。在本文中,我們提出了一種針對 Xilinx Ultrascale+ MPSoC 架構的 FPGA 的安全認證方法。而在認證之前需要一個讀回 FPGA 的配置。然而,Xilinx Ultrascale+ MPSoC 讀回方法很容易受到攻擊。而傳統的 FPGA 認證方法在 FPGA 內部實現認證模組,消耗了大量的 FPGA 資源。在我們的方法中,我們禁用了 Xilinx Ultrascale+ MPSoC 中的讀回流程。攻擊者無法訪問 FPGA 的配置。我們利用可信執行環境 (TEE) 安全地讀回 FPGA 的配置,而不需要消耗 FPGA 的資源。我們的證明模組可以安全地認證 FPGA 的執行狀態。分析和實驗表明,我們的設計可以安全地讀回 FPGA 的配置並對其進行認證。;Nowadays, many embedded system developers outsource the designs of Field Programmable Gate Array (FPGA) to Intellectual Property (IP) design houses. To protect their IP designs (the configuration of FPGA) from tamper attack, a secure attestation method is necessary. In this paper, we propose a secure attestation method for FPGA in Xilinx Ultrascale+ MPSoC archi tecture. To attest the configuration of FPGA, a readback process is needed before attestation. However, Xilinx Ultrascale+ MPSoC readback method is vulnerable. Traditional attestation methods for FPGA implement their at testation module in FPGA, which consumes lots of resources of FPGA. In our method, we disable the readback flow in Xilinx Ultrascale+ MPSoC. The adversaries cannot access the configuration of FPGA. We leverage Trusted Execution Environment (TEE) to readback the configuration status of FPGA securely, which does not need to consume the resources of FPGA. Our attes tation module can securely attest to the execution status of FPGA. Analysis and experimental results show that our design can readback the configuration of FPGA securely and attest it efficiently.
