Editing Field-programmable gate array (section)

== Security ==

FPGAs have both advantages and disadvantages as compared to ASICs or secure microprocessors, concerning [[hardware security]]. FPGAs' flexibility makes malicious modifications during [[Semiconductor device fabrication|fabrication]] a lower risk.<ref name="paper">{{Cite journal |doi=10.1109/MDT.2008.166 |title=Managing Security in FPGA-Based Embedded Systems |journal=IEEE Design & Test of Computers |volume=25 |issue=6 |pages=590–598 |year=2008 |last1=Huffmire |first1=Ted |last2=Brotherton |first2=Brett |last3=Sherwood |first3=Timothy |last4=Kastner |first4=Ryan |last5=Levin |first5=Timothy |last6=Nguyen |first6=Thuy D. |last7=Irvine |first7=Cynthia|s2cid=115840 |hdl=10945/7159 |hdl-access=free }}</ref> Previously, for many FPGAs, the design [[bitstream]] was exposed while the FPGA loads it from external memory (typically on every power-on). All major FPGA vendors now offer a spectrum of security solutions to designers such as bitstream [[encryption]] and [[authentication]]. For example, [[Altera]] and [[Xilinx]] offer [[Advanced Encryption Standard|AES]] encryption (up to 256-bit) for bitstreams stored in an external flash memory. [[Physical unclonable function]]s (PUFs) are integrated circuits that have their own unique signatures, due to processing, and can also be used to secure FPGAs while taking up very little hardware space.<ref>{{Cite journal |last1=Babaei |first1=Armin |last2=Schiele |first2=Gregor |last3=Zohner |first3=Michael |date=2022-07-26 |title=Reconfigurable Security Architecture (RESA) Based on PUF for FPGA-Based IoT Devices |journal=Sensors |language=en |volume=22 |issue=15 |pages=5577 |doi=10.3390/s22155577 |issn=1424-8220 |pmc=9331300 |pmid=35898079 |bibcode=2022Senso..22.5577B |doi-access=free }}</ref> 

FPGAs that store their configuration internally in nonvolatile flash memory, such as [[Microsemi]]'s ProAsic 3 or [[Lattice Semiconductor|Lattice]]'s XP2 programmable devices, do not expose the bitstream and do not need [[encryption]]. In addition, flash memory for a [[lookup table]] provides [[single event upset]] protection for space applications.{{clarify|date=January 2013}} Customers wanting a higher guarantee of tamper resistance can use write-once, antifuse FPGAs from vendors such as [[Microsemi]].

With its Stratix 10 FPGAs and SoCs, [[Altera]] introduced a Secure Device Manager and [[physical unclonable function]]s to provide high levels of protection against physical attacks.<ref>{{cite web|url=https://www.intrinsic-id.com/eetimes-security-features-for-non-security-experts/|title=EETimes on PUF: Security features for non-security experts – Intrinsic ID|work=Intrinsic ID|date=2015-06-09|access-date=2015-07-12|archive-date=2015-07-13|archive-url=https://web.archive.org/web/20150713093531/https://www.intrinsic-id.com/eetimes-security-features-for-non-security-experts/|url-status=dead}}</ref>

In 2012 researchers Sergei Skorobogatov and Christopher Woods demonstrated that some FPGAs can be vulnerable to hostile intent. They discovered a critical [[Backdoor (computing)|backdoor]] [[Vulnerability (computing)|vulnerability]] had been manufactured in silicon as part of the Actel/Microsemi ProAsic 3 making it vulnerable on many levels such as reprogramming crypto and [[access key]]s, accessing unencrypted bitstream, modifying [[low-level]] silicon features, and extracting [[Computer configuration|configuration]] data.<ref>{{cite book |volume=7428|pages=23–40|doi=10.1007/978-3-642-33027-8_2|series = Lecture Notes in Computer Science|year = 2012|last1 = Skorobogatov|first1 = Sergei|title=Cryptographic Hardware and Embedded Systems – CHES 2012|last2=Woods|first2=Christopher|isbn=978-3-642-33026-1|chapter=Breakthrough Silicon Scanning Discovers Backdoor in Military Chip}}</ref>

In 2020 a critical vulnerability (named "Starbleed") was discovered in all Xilinx 7series FPGAs that rendered bitstream encryption useless. There is no workaround. Xilinx did not produce a hardware revision. Ultrascale and later devices, already on the market at the time, were not affected.