When you use the xmprotect utility to prevent access to or modification of Verilog-AMS, Verilog (digital), VHDL-AMS, VHDL (digital), and Verilog-A source code, you can
- Protect selected design units or models
- Protect selected regions within design units or models
- Automatically protect all design units and models in a file
Source protection prevents access to protected regions. When you use source protection, software or commands that normally report information that depends on code do not return any information that might reveal the contents of the protected regions. In addition, AMS either suppresses warning and error messages from protected regions or issues generic messages that do not disclose protected information. You can use the protected code as usual in the simulation flow and it produces the same results as unprotected code.
To protect the source description of selected modules or regions:
- Place protection pragmas in the source description to define the protected region.
The pragmas, which are in the form of comments, are:pragma protect: Indicates the start of a protection block. Used in conjunction withpragma protect begin.pragma protect begin: Indicates the start of the data to be encrypted.pragma protect end: Indicates the end of the data to be encrypted.
You use the protection pragmas to mark regions you want to protect in Verilog-AMS, Verilog (digital), VHDL-AMS, and VHDL (digital) code and Verilog-A code in your model files. See Examples of Using the Protection Pragmas.
You can use the protection pragmas
protect beginandprotect endinside or outside of design units, provided that you pair eachprotect beginpragma with aprotect endpragma in the same source file. If you insert aprotect beginpragma without a correspondingprotect endpragma, the software issues a warning and encrypts everything remaining in the file.You can use multiple sets of the
protect beginandprotect endpragmas within design units. However, you cannot nest blocks of source code bounded byprotect beginandprotect endpragmas inside one another.The following tasks do nothing when they are located inside an area that is protected:
$strobe,$fstrobe,$display,$fdisplay,$debug,$fdebug,$write,$fwrite. - Run the
xmprotectcommand on the input files containing the regions to be protected.
The protection pragmas mark the regions you want to protect; encryption actually occurs when you run thexmprotectcommand on the source description files.
Processing a source description with the
xmprotectcommand generally protects only the regions marked withprotect beginandprotect endpragmas. The command creates a new source file that differs from the original file in the following ways:- The pragmas
protect beginandprotect endbecomeprotect begin_protectedandprotect end_protected, respectively. The software adds other pragmas for the encryption. - The regions you marked for protection in the original source description become unreadable.
By default, the new file has the same name as the original file, but with an appended p.
Ensure that the encrypted file is not changed after it is generated, perhaps by making the file read-only. Changing the encrypted code by hand corrupts the file, causing error messages such as the following:Error while decrypting : Corrupted encrypted block, checksum did not match
If you get such an error, you can resolve the problem by recreating or reinstalling the protected code. - The pragmas
To use the protected modules, you run the compiler as usual. The compiler decrypts the encrypted files and compiles the design units in the file. You can then elaborate the design and simulate the snapshot. Downstream programs provide restricted visibility and access to the protected units.
Examples of Using the Protection Pragmas
These examples show how to use the protect begin and protect end pragmas in a source file.
The following example shows how to mark a region in the module top_design for protection:
module top_design (a, b, c)
bottom inst ();
// pragma protect
// pragma protect begin
initial
$display ("Inside module top_design");
// pragma protect endendmodule
The protected version of the example takes the following form, allowing read access to the first two lines while encrypting the remainder of the module:
module top_design (a, b, c) // readable
bottom inst (); // readable
//pragma protect begin_protected
//pragma protect key_keyowner=Cadence Design Systems.
//pragma protect key_keyname=CDS_KEY
//pragma protect key_method=RC5
//pragma protect key_block
hjQ2rsuJMpL9F3O43Xx7zf656dz2xxBxdnHC0GvJFJG3Y5HL0dSoPcLMN5Zy6Iq+ySMMWcOGkowbtoHVjNn3UdcZFD6NFlWHJpb7KIc8Php8iT1uEZmtwTgDSy64yqLLSCaqKffWXhnJ5n/936szbTSvc8vs2ILJYG4FnjIZeYARwKjbofvTgA==
//pragma protect end_key_block
//pragma protect digest_block
uilUH9+52Dwx1U6ajpWVBgZque4=
//pragma protect end_digest_block
//pragma protect data_block
jGZcQn3lBzXvF2kCXy+abmSjUdOfUzPOp7g7dfEzgN96O2ZRQP4aN7kqJOCA9shIjcvO6pnBhjaTNlxUJBSbBA==
//pragma protect end_data_block
//pragma protect digest_blockt
zEpxTPg7KWB9yMYYlqfoVE3lVk=
//pragma protect end_digest_block
//pragma protect end_protected
endmodule
The new, protected, source files do not overwrite the original, unprotected, source files. When you protect the original source file with xmprotect, you can specify an optional file extension you want the software to append to the name of the protected source file. If you do not specify an extension, the xmprotect command automatically appends a p to the source file name to create the protected file name.
For example, the following command protects the file src.v. By default, the software appends a p to the protected source file name: src.vp.
xmprotect src.v
The following command specifies an extension myext for the protected version of design.v: design.v.myext.
xmprotect design.v -extension myext
If the name of the protected file conflicts with the name of an existing file, the xmprotect command does not create the protected file; instead, it issues a message that alerts you to the conflict.
The following example shows how to mark an entire module, including the module name, for protection:
// pragma protect
// pragma protect begin
module bottom ();
initial
begin
$display ("Inside module bottom");
end
endmodule
// pragma protect end
The following example illustrates how to protect a region in a VHDL description:
architecture behavior of myblock is
-- pragma protect
-- pragma protect begin
SIGNAL s: bit:= '0';
BEGIN
digital: process (s)
BEGIN
s <= NOT s after 1 ms;
REPORT "s=" & bit.image(s);
END PROCESS digital;
END behavior;
-- pragma protect end
END myblock;