FPGAs are used today in many markets instead of ASICs, such as 10-100 GbEthernet, wireless communication, high throughput encryption, even in smartphones (project ARA). As mentioned, their ability to implement any logic function is a great asset. But after the FPGA is configured at power-on, it is not possible to change it's function over the input-output pins.
How do you load the bitstream ? Then how do you lock it ? Also how do you avoid getting back to square one (properly locking down the device) if you depend on a non corrupted bitstream in the first place ? Which FPGA do you plan to use ?
However, microcontroller is prone to attacks from it's input-output pins and dedicated interfaces (uart, usb, etc.). If a remote attacker was able to change the code on the microcontroller flash, only a single successful attack is needed. Afterwards the infected microcontroller can leak private keys, attack any device it is connected to (see recent usb vulnerability) and more without the user knowing it. (example:
http://www.bunniestudios.com/blog/?p=3554)
it's exactly the same problem if someone manages to change the bitstream. where is it loaded from ?
With FPGA a developer controls every single bit and logic gate inside the chip as a routine.
except you can't verify the generated bitstream on many (all ?) typical commercial FPGAs, so you blindly trust the generator.
With microcontroller you have to trust the compiler and effectively can not check the resulting binary code, because it is very different from the high-level C code written by developer.
you can still check the generated assembly code, at least, while you can't read the generated bitstream.
FPGA configuration can be done only over dedicated pins of the chip, which are not accessible from external interface.
ok, so how do you reprogram it and avoid getting a "bad" firewall uploaded then ?
