FPGA Build Flow Traceability
Enverite® Trace® archiver creates and verifies a tamper-evident auditable digital thread as a design traverses the FPGA build flow. Trace® archiver cryptographically signs design files, settings, and other artifacts, storing them in an archive to record the design process. Working alongside traditional vendor build flows, Trace® archiver captures the design, extracts the relevant implementation artifacts before and after each implementation step, and applies cryptographic hashing and signature functions as integrity verification mechanisms. The implementation artifacts are preserved along with an electronic ledger containing the hash signatures in the Trace® Archive.
EDA build flows are vulnerable
A sophisticated adversary can leverage Advanced Persistent Threats or Insider Threats to pick and choose where to insert vulnerabilities and malicious behaviors in FPGA and ASIC design implementations. They can target the design files (HDL source code), EDA software installations, IP libraries, intermediate design state, or the final deployed binary in the form of the configuration bitstream. Existing verification tools can verify functional equivalence or check properties at a given point in time, but the attacker is free to modify the design state or bitstream at any point after verification has been completed. With Trace® archiver, we create a digital thread of the implementation flow that persists in time and can be audited with Retrace® auditor at any point in the future.
Trace archiver augments your build flow with a tamper-evident audit trail
Trace® archiver captures and preserves the design implementation state along with any design properties or implementation settings that would affect the build process as the design moves through the build flow. It does so without disturbing existing developer workflows or replacing EDA vendor tools by parsing the vendor project file (e.g., Vivado project.xpr) and generating a custom build script. This build script leverages vendor Tcl APIs to build the design, extract the relevant implementation artifacts before and after each implementation step, and apply cryptographic hashing and signature functions as integrity verification mechanisms. The implementation artifacts are preserved along with an electronic ledger containing the hash signatures in the Trace® Archive.
