DRM Controller IP
This section is for application architects and IP designers who are willing to protect at runtime their design and/or IP running on FPGA. This document presents in details, the DRM Activator IP.
For information about the DRM Controller, see DRM Activator IP.
For information about hardware integration, see DRM Hardware integration.
Features
The DRM Controller manages the sensitive data communication between the System Software (AXI4-Lite Status & Control interface) and the Protected IP Cores (DRM Bus interface). The main functionality of the DRM Controller IP is to:
Read and interpret the encrypted License Key and convey securely the Activation Codes and the Credit timers to the Protected IP Cores.
Collect the Metering Data from the Protected IP Cores and deliver an encrypted and authenticated Metering Data block to the System.
The DRM Controller also gathers the design information (Protected IPs VLNVs, 64 bits each) and the chip identifier (Public Chip ID (DNA) or PUF) that are required to request the License Key.
Block diagram

Interface description
Example of a DRM Environment Topology:

DRM bus
The communication on the DRM Bus uses the AXI4-Stream protocol where the IP Activator is a slave and the DRM Controller is the master. The DRM bus size depends on the number of Protected IP cores in the design. For each IP connected there are 3 parts:
The Clock and Reset ports
Name
Direction
Size
Description
drm_aclk
in
1
DRM bus clock: must be identical to all the DRM Activators clock
drm_arstn
in
1
DRM bus asynchronous active low reset
Note
drm_aclk
clock drives the internal DRM core.
The DRM Controller to Activator channel:
Name
Direction
Size
Description
drm_to_uip<IDX>_tready
in
1
AXI4-Stream Ready signal for DRM Controller to IP Activator Channel
drm_to_uip<IDX>_tvalid
out
1
AXI4-Stream Valid signal for DRM Controller to IP Activator Channel
drm_to_uip<IDX>_tdata
out
32
AXI4-Stream Data signal for DRM Controller to IP Activator Channel
The Activator to DRM Controller channel:
Name
Direction
Size
Description
uip<IDX>_to_drm_tready
out
1
AXI4-Stream Ready signal for IP Activator to DRM Controller Channel
uip<IDX>_to_drm_tvalid
in
1
AXI4-Stream Valid signal for IP Activator to DRM Controller Channel
uip<IDX>_to_drm_tdata
in
32
AXI4-Stream Data signal for IP Activator to DRM Controller Channel
AXI4-Lite Register Interface
The communication with the Software layer is performed through an AXI4-Lite slave interface. The address space exposed by the DRM Controller IP is minimum 16 bit wide.
Name |
Direction |
Size |
Description |
---|---|---|---|
m_axi_aclk |
in |
1 |
AXI4-Lite clock |
m_axi_arstn |
in |
1 |
AXI4-Lite asynchronous reset active low |
m_axi_awready |
out |
1 |
AXI4-Lite write address ready |
m_axi_awvalid |
in |
1 |
AXI4-Lite write address valid |
m_axi_awaddr |
in |
32 |
AXI4-Lite write address value |
m_axi_awprot |
in |
3 |
AXI4-Lite write address protection type |
m_axi_wready |
out |
1 |
AXI4-Lite write ready |
m_axi_wvalid |
in |
1 |
AXI4-Lite write valid |
m_axi_wdata |
in |
32 |
AXI4-Lite write data value |
m_axi_wstrb |
in |
4 |
AXI4-Lite write strobes |
m_axi_bready |
in |
1 |
AXI4-Lite write response ready |
m_axi_bvalid |
out |
1 |
AXI4-Lite write response valid |
m_axi_bresp |
out |
2 |
AXI4-Lite write response |
m_axi_arready |
out |
1 |
AXI4-Lite read address ready |
m_axi_arvalid |
in |
1 |
AXI4-Lite read address valid |
m_axi_araddr |
in |
32 |
AXI4-Lite read address value |
m_axi_arprot |
in |
3 |
AXI4-Lite read address protection type |
m_axi_rready |
in |
1 |
AXI4-Lite read ready |
m_axi_rvalid |
out |
1 |
AXI4-Lite read valid |
m_axi_rdata |
out |
32 |
AXI4-Lite read data value |
m_axi_rresp |
out |
2 |
AXI4-Lite read response |
The DRM Controller maintains different pages of registers that provide status and allow control over the overall DRM system. To operate correctly, those registers must be accessible in read and write mode by Software layer (DRM Library).
Please refer to DRM Library integration for more information.
Chip DNA Interface
Chip DNA is internally instantiated by the DRM Controller. It is exposed to the user for his/her convenience.
Name |
Direction |
Size |
Description |
---|---|---|---|
chip_dna_valid |
out |
1 |
Indicate the validity of the DNA value: 0=DNA not valid, 1=DNA valid |
chip_dna |
out |
96 |
DNA as exposed by the chip |
Implementation results
Example for a DRM Controller supporting 10 IPs:
FPGA |
LUT |
FF |
RAM |
---|---|---|---|
Kintex ultrascale+ |
11500 |
6600 |
5 of 36Kbits, 20 of 18Kbits |
Kintex 7 |
12000 |
6750 |
3 of 36Kbits, 20 of 18Kbits |
Timings
The DRM Controller performance is directly related to the DNA primitive frequency. Tables below summarize the maximum frequency for few FPGA families.
Warning
It is your responsibility to ensure your design is not violating the limitation of your target.
The table below lists the performance of DRM Controller for some Xilinx FPGA families.
Xilinx Family |
Frequency |
Device documentation |
---|---|---|
ultrascale+ |
200MHz |
|
ultrascale |
200MHz |
|
virtex 7 |
100MHz |
|
virtex 6 |
Missing Data |
|
spartan 6 |
2MHz |
|
spartan 3a dsp |
100MHz |
|
spartan 3a |
100MHz |
|
kintex 7 |
100MHz |
|
artix 7 |
100MHz |
The table below lists the performance of DRM Controller for some Intel/Altera FPGA families:
Intel Family |
Frequency |
Device documentation |
---|---|---|
cyclone v |
100MHz |
|
arria 10 |
30MHz |
|
arria v gz |
100MHz |
|
arria v |
100MHz |
|
stratix v |
100MHz |
File structure
common/
-- sv/
----- altera/
-------- altchip_id_arria10.sv
-- vhdl/
----- altera/
-------- drm_all_components.vhdl
----- modelsim/
-------- drm_all_components.vhdl
----- xilinx/
-------- drm_all_components.vhdl
----- xilinx_sim/
-------- drm_all_components.vhdl
controller/
-- rtl/
---- core/
------ cdc_bridge.sv
------ drm_ip_controller.vhdl
---- sim/
------ top_drm_controller_sim.vhdl
------ top_drm_controller_sim.sv
---- syn/
------ top_drm_controller.vhdl
------ top_drm_controller.sv
-- vitis/
---- src/
------ kernel_drm_controller.v
------ kernel_drm_controller.xml
---- scripts/
------ gen_drmctrl_xo.tcl
------ package_drmctrl_stage.tcl
---- Makefile
Implementation guidelines
Only one DRM Controller can be instantiated in the Chip Design to serve multiple Protected IPs.
Here is an overview of the steps needed to integrate a DRM Controller in a design:
Specify the number of protected IP instances and get an appropriate DRM HDK from Accelize.
Instantiate the DRM Controller at the top level of the design.
Connect the DRM Controller to the AXI4-Lite System Bus
Protect the IPs by adding the DRM interface and instantiation the DRM Activator.
Connect the different protected IP instances to the DRM Controller.
For information about hardware integration, see DRM Hardware integration.