Configuration-over-Ethernet (COE) is a Layer 2 configuration protocol design by SoC-e to access remotely to FPGAs that implements SoC-e switching infrastructures. COE uses one of the Ethernet data lines of the switch and the typical use of COE is accessing the internal registers of the IPs for configuration and status reports purposes. This approach simplifies system design due to it is not necessary including specific configuration channel like MDIO or SPI. This solution has been widely implement on installations based son SoC-e modules like SMARToem.
In order to enable the use of this protocol in non-secure channels, SoC-e has relased a COE secure implementation named Configuration-over-Ethernet Secure (COEsec). COEsec has the same key benefits of the standard implementation, like CPU-less operation and small layout, but it ensures the security in the access to the remote device through encryption and authentication.
In order to provide the required information to secure the communications, a custom frame format has been developed. Thus, COEsec frames are standard Ethernet frames whose payload has been divided in several subfields that contain both cryptographic and configuration information.
The core of the IP is a cryptographic engine that is able to encrypt, decrypt and authenticate COE frames making use of the AES-GCM algorithm implemented on hardware. This cryptographic engine is an all in hardware solution that provides a great balance between performance and resources. Furthermore, this approach allows to minimize the latency at the same time that the efficiency is increased compared to other software based cryptographic solutions.
SoC-e HSR/PRP Switch and Managed Ethernet Switch IP Cores support COEsec apart from other configuration links (MDIO, AXI4, etc.).
- Configuration and control protocol over Ethernet between external CPU or SCADA/PC and the FPGA
- AES-GCM secured
- Reduced FPGA resources utilization
- Software API and program examples provided for the CPU or PC system