I have a board I designed and sell to a major networking company. We recently had some manufacturing issues because of component availability (not the semiconductor shortage, but a factory fire). They are still happy to work with me, and are asking for a redesign of the board to remove the parts we can't buy any longer.
As part of this, they want the right to manufacture the board, if my company is "unable to build or deliver forecasted quantities due to unforeseen supply chain circumstances, IP and manufacturing rights would be relinquished over to" XYZ company.
The IP rights would absolutely not be transferred, in the sense of them owning the design. But I'm ok with them making the boards, as long as they pay royalties.
The question here is, how can I provide them with the design for manufacturing without also giving away the keys?
First pass thought, use an SRAM FPGA with a separate Flash chip. Flash chip is copyrighted. Let the law protect me. lol I expect a major US company would not violate this protection. However...
It seems clear to me, their intent is to have the IP for making the board, but also for maintenance. We made some minor mods to rev 1 and rev 2 of the board after in production (this will be rev 3, of course). Or maybe not. Maybe the IP rights are requested just to avoid any claims of copyright violation??? As long as they pay me, I'm fine.
Still, if I want to give them sources to the FPGA code, is there a way to protect the IP rights from being copied without compensation? I found this page at Intel.
https://www.intel.com/content/www/us/en/support/programmable/support-resources/design-examples/vertical/ref-des-secur-mem.htmlSeems to be about a chip that could be sold (I assume programmed) so the design can't run without it. They don't actually give much details, so I'm not clear. However, it looks like it only protects the bitstream and could easily be worked around if you recompile the sources.
I know there are a few one time programmable FPGAs, but I'm not very familiar with them. The Lattice iCE40 parts have nonvolatile, one time programmable memory. I could specify the part number of a programmed chip, but they still would be able to work around this if they had a source code.
I think the secure Xilinx chips had to have the key programmed after assembly with the key backed up by a cap or something.
By selling them a physical entity, it allows me to know how many they are building. That's a good feature. I might even be able to have a distributor handle all the order taking and give me my cut!
I'm starting to think this is not going to be so easy to figure out. I'm sure I'm not the only one to want something like this.
Just to be clear, I'm not expecting this to foil major attempts to break security. It's not state secrets.