The LatticeXP2 provides two methods to supply non-volatile programming images into the FPGA configuration memory. The first method employs an on-chip flash memory that is read and loaded at power-up or image refresh. The second method allows an external flash memory to store the image.
The LatticeXP2 devices also provide circuitry to make the Flash-based devices secure during and after programming. The configuration data (JEDEC file) loaded into LatticeXP2 can be decrypted prior to being written to the on-chip flash using the AES 128-bit block cipher standard. The AES encryption key is stored in on-chip, nonvolatile Flash memory. To successfully program a LatticeXP2 device that has the 128-bit encryption key programmed into it, a JEDEC file encrypted with the same 128-bit encryption key must be used. This feature is only available with the on-chip image store. Users wishing to encrypt their design may only do so with the on-chip flash to store the bitstream.
Users cannot encrypt the image stored in external flash. As previously mentioned, the LatticeXP2 decryption logic is only able to work on a bit stream (JEDEC file) that is loaded into internal flash. This is because the hardware decryption circuitry does not have the ability to operate on data supplied by an external SPI flash memory. Therefore encrypted bit streams can only be stored in the on-chip flash memory.