How to store data and program permanently in an FPGA?

Question

From what I surfed, once the power goes off in an FPGA you've to program it again. But I'm trying to implement an FPGA based security system using verilog. In that, I want the password of the system to be permanently stored i.e. even when the power goes off the password shouldn't be erased. It'll also be good if the program can be stored too. I'm a beiginner in FPGA. So please tell me how to do this. The device is XC3S400 Spartan 3 Family.

Answer 1

If you have a SRAM-based FPGA, like the Spartan 3, then you have to program it each time it is powered up. The reason for this is that the SRAM which stores the configuration is volatile and loses the programmed configuration after power is switched off.

The Spartan 3 AN is one of few Xilinx FPGAs which offer some amount of internal flash memory, but I can't give any details since I never used this feature myself.

Alternatively, there are purely flash-based FPGAs, which offer non-volatile configuration storage, i.e. you don't have to read in a configuration file each time the FPGA is powered on. You still have to configure it once, but it keeps the configuration after power is switched off. At the next powerup it will already be configured and ready to operate.

It all comes down to whether you have non-volatile memory inside your FPGA or not. Otherwise you need to use external ICs.

As an alternative solution to your custom-password: Many vendors offer tool support to encrypt the configuration bitstream. The configuration logic embedded inside the FPGA is able to decrypt the bitstream on the fly while it is being configured. It will still be possible for everyone to read the bitstream from the configuration PROM but since it is encrypted it will be of little use.

Answer 2

Generally at every powerup FPGA is loaded again from some sort of flash memory, and the bitstream it is loaded with is insecure, i.e. anybody can store it and then reproduce and even, theoretically, reverse-engineer it.

However, some FPGAs could be secured, for example by means of having unique cryptographic write-only key inside it, which the bitstream could be encrypted with. You can then program password inside your verilog code and check it as it is entered.

If your key or password is supposed to change often or should be different within each copy of the device, you should store it in external FLASH/EEPROM memory with the encryption provided by the permanent secret key inside FPGA.