Blog Layout

Process Design Kits lack vital security

Unsecured PDKs and Pcells are a major security risk

Anyone that has tried to obtain a Process Design Kit (PDK) from a foundry will have a story of how much pain they endured to get it. Where once PDKs could be licensed on the back of a mutual NDA, foundries now demand background checks, audits, and an exhaustive security review. Some users have described the process of obtaining an advanced PDKs taking up to a year, and even access to mature PDKs can take months.

PDKs contain an enormous amount of secret information that could be copied or reverse engineered to allow competitors develop their own manufacturing processes. Components descriptions are completely unsecured, meaning that they can be opened and used on any compatible EDA system. Component construction, dimensions and parameter limits would be available to anyone who wanted to look. For all of the audits and NDAs, the simulation and layout secrets in the PDKs are wide open if the files are stolen.

The PDK market is dominated by Cadence Design Systems and most PDKs are written in Cadence's proprietary Skill language. Cadence PDKs are considered the gold standard by many in the industry, and Cadence's robust and standardized design framework has been a cornerstone of semiconductor development. Skill enables the creation of Parameterized Cells (Pcells), which dynamically generate design layouts based on user parameters to streamline the design process. This flexibility is essential for efficient chip design, but the same accessibility and programmability that makes Skill so powerful also make it a target for exploitation. While the code inside the PDK is hidden, there are no restrictions on where a PDK can be used, leaving details of component design and construction vulnerable to theft and reverse engineering.

Skill-based PDK software is not compatible with industry standard security and licensing tools, so it's difficult to restrict them using electronic licenses. Commercial license software can't be compiled into PDKs so they can't be controlled in the same way as design tools. Checking licenses via an external utility is possible, but the interface can be vulnerable to hacking and compromise.

The problem of PDK and component security isn't just restricted to foundries, as many fabless companies produce their own PDKs which give them a critical competitive advantage. Industry sectors focused on emerging technologies such as silicon photonics often deliver their most critical IP in the form of PDKs while military, space and other defense related sectors rely on specialized components in PDKs to develop their products.

IN2FAB has built an extensive knowledge of PDKs and databases from the development of its migration tools and services. Internal development has led to Secure PDK, a new product to protect databases from unauthorized use. Secure PDK integrates cybersecurity by adding calls to check licenses in the Pcell code to lock down the functions inside. This renders the Pcells inactive without an electronic license, and prevents the components inside being used or seen.

Unsecured parameterized cells and PDKs are more than just a technical problem—they are a gateway to corporate espionage, economic loss, and national security threats. By addressing these vulnerabilities, Secure PDK can protect innovation, secure critical infrastructure, and maintain the integrity of the semiconductor supply chain.

< Older Post