How Do You Protect an FPGA Bitstream With Encryption and Anti-Tamper Features?
Last updated 17 July 2026 · 5 min read
Direct Answer
An FPGA's bitstream, the configuration file that programs its internal logic fabric, is stored unencrypted in external SPI flash by default on most designs, which means anyone with physical access to the board can read that flash and obtain a complete, working copy of the design's intellectual property with no reverse-engineering required at all. Bitstream encryption addresses this directly: the FPGA vendor's toolchain encrypts the bitstream (commonly AES-256) before it's written to flash, and the FPGA itself holds the matching decryption key in an internal battery-backed or fuse-based key store, decrypting the bitstream internally as it loads at power-up so the external flash never holds a usable, readable copy of the design. Anti-tamper features go further, adding readback protection (disabling JTAG-based configuration readout after programming), tamper-detection sensors on some devices that actively erase the key store if physical intrusion is detected, and authentication (verifying the bitstream hasn't been modified, distinct from encryption, which only hides its contents) — together forming a defence against the specific threat of a physically accessible device having its design IP extracted, cloned, or maliciously modified.
Detailed Explanation
An SRAM-based FPGA loses its configuration every time power is removed, covered in the FPGA development flow's bitstream generation and programming section, and reloads it from external SPI flash on every power-up. That reload mechanism is exactly what creates the exposure bitstream encryption addresses: the flash chip holding that configuration is, on an unencrypted design, a complete, directly readable copy of the design's intellectual property, extractable with nothing more than physical access to the board and a flash programmer, no reverse-engineering of the logic itself required.
Bitstream encryption closes this by having the vendor toolchain encrypt the bitstream, commonly with AES-256, before it's written to flash. The FPGA itself stores the matching decryption key internally, in a battery-backed RAM, a one-time-programmable eFuse array, or a dedicated secure element depending on the specific device family, and decrypts the bitstream internally as part of its own power-up configuration sequence. The external flash never holds a usable copy of the design at any point; even a complete, bit-perfect dump of that flash chip is useless without the key that lives only inside the FPGA.
Readback Protection and Authentication
Encryption alone doesn't close every path. Readback protection is a separate, complementary feature that disables the ability to read configuration data back out of a programmed FPGA (typically over JTAG), which matters because encryption protects the bitstream in flash, not necessarily the configuration state already loaded inside a running device. Authentication is a third, distinct concept: verifying that a bitstream hasn't been modified or substituted, using a cryptographic signature, which matters even in cases where confidentiality (encryption) isn't the primary concern, since an attacker who can substitute a modified but valid-looking bitstream can potentially alter device behaviour without ever needing to read the original design's contents. A complete anti-tamper strategy on a device that supports all three typically layers encryption, readback protection, and authentication together, since each defends against a distinct attack path the others don't cover.
Some device families extend this further with dedicated tamper-detection hardware: sensors that monitor for physical intrusion attempts (voltage glitching, temperature extremes outside the specified operating range, or physical probing) and actively erase the internal key store the instant tampering is detected, destroying the ability to decrypt future configuration attempts even if the attacker gains full physical access afterward.
Practical Examples
A defence or industrial product with a contractual anti-tamper requirement is the clearest case for bitstream encryption: the requirement is often explicit in the contract or applicable standard, and the device family selection (see how to choose the right FPGA family) needs to account for encryption and anti-tamper support as a hard requirement from the start of the design, not an afterthought once a family has already been chosen for other reasons.
A commercial product with valuable, hard-to-replicate signal-processing IP in the FPGA fabric, sold into a market with real counterfeiting or IP-theft risk, benefits from bitstream encryption even without a formal contractual requirement, since the alternative (an unencrypted bitstream in flash) gives a competitor with access to a single unit a complete, working copy of the design's IP with no engineering effort required to extract it.
Design Considerations
- Confirm the specific device family's key-storage mechanism and its power-domain requirements before committing to it. A battery-backed key store needs a coin cell or supercap maintained across the product's service life; losing that backup power source can mean losing the key permanently, bricking every unit that depended on it. Understand this failure mode before it becomes a field problem.
- Plan the key-provisioning process for production, not just for prototypes. Programming a unique or shared encryption key into every production unit is a process and security control the manufacturing line needs to support securely; treating key provisioning as a one-off engineering-sample step that doesn't scale to volume production is a common planning gap.
- Enable readback protection alongside encryption where the device supports both, since encryption alone doesn't close the separate JTAG-based configuration-readout attack path covered in the FAQ above.
- Weigh the added complexity against the actual threat model honestly. As covered in the FAQ above, bitstream encryption and key management are a real, ongoing engineering and production cost; commit to them when the IP value or the product's threat model genuinely justifies it, not as a default box to tick on every FPGA design.
- Zeus Design designs FPGA hardware and firmware, including bitstream encryption and anti-tamper implementation for defence, industrial, and IP-sensitive commercial products, as part of embedded firmware development.
Common Mistakes
- Shipping a production design with an unencrypted bitstream in flash when the design's IP genuinely warrants protection, leaving the complete design extractable from any unit an adversary can physically access.
- Treating encryption and readback protection as interchangeable, when, as covered in the FAQ above, they defend against different attack paths and are meant to be used together on devices that support both.
- Losing track of key-provisioning process security in production, treating it as an engineering-sample convenience step rather than a manufacturing-line security control that must scale correctly and securely to full production volume.
- Choosing an FPGA family for other criteria first and discovering afterward that it lacks bitstream encryption or anti-tamper support the application actually needs. Confirm this requirement against the specific device family and tier during initial family selection, not after the design is otherwise locked in.
Frequently Asked Questions
- Does every FPGA family support bitstream encryption?
- No. Bitstream encryption and the internal key storage it depends on (battery-backed RAM, eFuses, or a dedicated secure element depending on the family) are features of specific device families and often specific tiers within a family, not a universal capability across every FPGA on the market. Entry-level and low-cost families frequently omit it entirely. Confirm bitstream encryption support, the specific key-storage mechanism, and its associated cost and power-domain requirements (a battery-backed key store needs a small coin cell or supercap to retain the key when main power is removed, on parts using that mechanism) against the exact target device's datasheet before committing a design's IP-protection strategy to it.
- Is bitstream encryption the same as readback protection?
- No, they defend against different things and are commonly used together. Bitstream encryption protects the bitstream's contents so that a copy obtained from external flash is unusable without the decryption key. Readback protection is a separate feature that disables the ability to read the configuration data back out of the FPGA itself, typically over JTAG, after it has been programmed, closing a different attack path where someone with physical and JTAG access to a programmed device attempts to extract the configuration directly from the FPGA rather than from the external flash. A complete IP-protection strategy on a device that supports both typically enables both features together, since each closes a path the other doesn't.
- Do I need bitstream encryption for a typical commercial embedded product?
- It depends on how much the design's IP is worth protecting relative to the cost and complexity of implementing it, and whether the product's threat model includes an adversary with physical access to a unit. A product with genuinely valuable, hard-to-replicate FPGA IP, sold into a market where a competitor or counterfeiter having physical access to a unit is a real risk, or a product with a regulatory or contractual requirement for IP or anti-tamper protection (defence and some industrial contracts commonly require it explicitly) justifies the added key-management complexity. A design with no meaningful IP value in the bitstream itself, or a low physical-access threat model, often doesn't need it, and the added key-provisioning and key-management burden in production is a real, ongoing cost that should be weighed against the actual risk being defended against.
References
Related Questions
FPGA Development Flow: From HDL to Working Hardware
Learn the complete FPGA development flow: synthesis, place-and-route, timing constraints, timing closure, and bitstream generation in Vivado and Quartus.
How Do You Use Zynq / SoC-FPGA Devices?
How Zynq and other SoC-FPGA devices integrate a hard ARM processor with FPGA fabric: PS-PL AXI interconnect, boot flow, and PetaLinux vs bare-metal.
How Do You Choose the Right FPGA Family?
How to choose an FPGA family: compare Xilinx Artix-7, Lattice ECP5 and iCE40, and Intel Cyclone on LUT count, toolchain, power, cost, and dev board ecosystem.
How Do STM32 RDP and WRP Option Bytes Protect Flash Memory?
STM32 RDP levels (0/1/2) and WRP sector protection guard flash — but RDP Level 2 permanently disables debug access. Here is how to use them safely.
How Do You Enable ESP32 Secure Boot and Flash Encryption for Production?
ESP32 Secure Boot v2 and flash encryption protect firmware from tampering and extraction — but the eFuse decisions are permanent. Here's how to plan them.
What Is JTAG?
JTAG (IEEE 1149.1) is a 4-pin interface for testing and debugging ICs via boundary scan. Learn how the TAP state machine, JTAG chains, and debug probes work.