FPGA SECURITY · IP PROTECTION

Xilinx FPGA Bitstream Encryption Guide: AES256 + eFUSE/BBR + HMAC for Production

When your FPGA project moves to production, protecting the bitstream from readback, reverse engineering, or tampering is critical. Xilinx 7-series (Artix-7, Kintex-7, Virtex-7) and Virtex-6 FPGAs offer AES256 encryption + HMAC authentication – a robust security solution. This guide walks through the encryption principles, key storage options (eFUSE vs BBR), and step-by-step implementation using Vivado.

1. Basic Protection vs. Strong Encryption

Xilinx provides two levels of security:

Readback prevention: Set BITSTREAM.READBACK.SECURITY to LEVEL1 (disable readback) or LEVEL2 (disable readback and reprogramming). This stops JTAG readout but not advanced attacks (e.g., probing the configuration interface during power-up).
AES256 encryption + HMAC: Even if the bitstream is captured, it cannot be decrypted without the key. HMAC ensures integrity – any tampering makes the bitstream unusable.

2. AES256 in CBC Mode – How Xilinx Implements Encryption

AES (Advanced Encryption Standard) is a symmetric block cipher. Xilinx uses CBC (Cipher Block Chaining) mode with 128-bit block size and a 256-bit key. The encryption process requires:

AES Key (256-bit) – used for encryption/decryption.
StartCBC (128-bit initial vector, IV) – randomizes the first block.

In CBC mode, each plaintext block is XORed with the previous ciphertext block before encryption. The first block uses the StartCBC as the initial vector. Decryption requires the same key and IV.

Additionally, Xilinx includes a 256-bit HMAC key (Hash-based Message Authentication Code) to verify bitstream integrity, preventing malicious replacement of the configuration file.

🔐 Three essential secrets: AES Key (256b) + StartCBC (128b) + HMAC Key (256b). All must be stored securely. The .nky file bundles them.

3. Key Storage: BBR vs. eFUSE

Encrypted bitstreams require the FPGA to store the decryption key internally. Xilinx offers two options:

Feature	BBR (Battery-Backed RAM)	eFUSE (One-Time Programmable)
Persistence	Requires external battery; lost when power removed	Permanent, no battery needed
Reprogrammability	Multiple times (as long as battery holds)	One-time only, irreversible
Security level	Lower (key can be wiped if battery fails)	High (physically unreadable after programming)
Typical use	Development, prototyping	Mass production, high-security products

For production, eFUSE is strongly recommended. However, once eFUSE is programmed and the key is lost, the FPGA becomes permanently unusable (bricked).

4. eFUSE Control Register – Critical Configuration

The eFUSE control register determines security behavior. It contains six meaningful bits. A recommended setting for production is binary 101100 (refer to Xilinx UG470 for bit meanings). Bit 0 is especially dangerous: if set and the AES key is lost, the device is permanently locked. Always double-check before programming.

⚠️ CRITICAL WARNING: Before blowing eFUSE:

Back up the .nky file containing AES Key, StartCBC, and HMAC Key in a secure location.
Test the encrypted bitstream on a device with temporary key injection (via JTAG or BBR) to ensure functionality.
Verify the eFUSE control bits – an incorrect setting can brick the device.

5. Step-by-Step Implementation Flow (Vivado)

Step 1: Generate Keys and Encrypted Bitstream

Create a .nky file (Netlist Key) with the following format (example for xc7a35t):

            Device xc7a35t;

            Key 0 0f2ec1178ae0d04c8c1431afe8266d08e799b01c5c486c2567f3621f47319aaf;

            Key StartCBC a6262d508c338eeab815340a7832436d;

            Key HMAC d82e72733a7bd7904c802d13db37187b8ad20b972ac163470c5a4d239bce6308;

In Vivado, after synthesis/implementation, right-click Generate Bitstream → Edit Device Properties, enable Enable Encryption, point to the .nky file, and select key storage (eFUSE or BBR). Generate the encrypted bitstream.

Step 2: Program eFUSE (One Time)

Connect to the target FPGA via JTAG in Hardware Manager. Right-click the device → Program eFUSE Registers. Load the .nky file (Vivado extracts the AES key). Set the eFUSE control register (recommended 101100). Click Program. After successful programming, the key is permanently stored.

Step 3: Load Encrypted Bitstream

In Hardware Manager, select Program Device and choose the encrypted bitstream generated in Step 1. The FPGA automatically decrypts using the eFUSE key and configures normally. For QSPI flash boot, convert the encrypted bitstream to MCS and program the flash.

Step 4: Verification

Readback attempt: Use Vivado/iMPACT to read back – should fail or return scrambled data.
Non-encrypted bitstream test: Try loading an unencrypted bitstream – the FPGA should reject it if the eFUSE control bits require encryption.
Tampering test: Modify one byte of the encrypted bitstream and attempt to load – HMAC mismatch causes configuration failure.

6. Procurement and Engineering Recommendations

Key management: Store the .nky file in a secure, access-controlled repository. Losing the key means losing the ability to update encrypted devices.
Spare devices: Keep a small stock of unprogrammed (eFUSE-blank) FPGAs for potential design updates or key changes.
Supported devices: All Xilinx 7-series (A/K/V), Virtex-6, and UltraScale families support AES256. Spartan-6 does NOT support encryption.

🔧 LimChip services: We supply genuine Xilinx FPGAs (xc7a35t, xc7k325t, etc.) and can assist with pre-programming eFUSE keys or providing unprogrammed devices for in-house secure programming.

Need encrypted FPGA devices or security consulting?

Contact LimChip for Xilinx FPGA sourcing, eFUSE programming services, and bitstream encryption guidance. We support production-scale secure configuration.

Request Encryption Support →

LimChip Security Engineering · June 2026 Based on Xilinx UG470 (7 Series Configuration and Security Guide) Always test encryption flows on sample devices before production eFUSE programming.