AN 556: Using the Design Security Features in Intel FPGAs

Download PDF
ID 683269
Date 5/21/2021
Public
Document Table of Contents
Document Table of Contents x
Using the Design Security Features in Intel® FPGAs
Using the Design Security Features in Intel® FPGAs x
Overview of the Design Security Feature Hardware and Software Requirements Steps for Implementing a Secure Configuration Flow Steps to Enable Tamper-Protection Bit Programming Supported Configuration Schemes Security Mode Verification Serial Flash Loader Support with Encryption Enabled Serial Flash Loader Support with Encryption Enabled for Single FPGA Device Chain JTAG Secure Mode for 28-nm and 20-nm FPGAs Document Revision History for AN 556: Using the Design Security Features in Intel® FPGAs
Overview of the Design Security Feature x
Security Encryption Algorithm Non-Volatile and Volatile Key Storage Key Programming Intel® Arria® 10 and Intel® Cyclone® 10 GX Qcrypt Security Tool
Intel® Arria® 10 and Intel® Cyclone® 10 GX Qcrypt Security Tool x
Using Qcrypt Tool Qcrypt Tool Options Security Levels of Qcrypt Tool Security Option
Hardware and Software Requirements x
Hardware Requirements Software Requirements
Steps for Implementing a Secure Configuration Flow x
Step 1: Generating .ekp File and Encrypting Configuration File Step 2a: Programming Volatile Key into the FPGAs Step 2b: Programming Non-Volatile Key into the FPGAs Step 3: Configuring the 40-nm, 28-nm, or 20-nm FPGAs with Encrypted Configuration Data
Step 1: Generating .ekp File and Encrypting Configuration File x
Generating Single-Device .ekp File and Encrypting Configuration File using Intel® Quartus® Prime Software Generating Single-Device .ekp File and Encrypting Configuration File using Command-Line Interface in Intel® Quartus® Prime Software Generating Multi-Device .ekp File and Encrypting Configuration File using Intel® Quartus® Prime Software
Step 2b: Programming Non-Volatile Key into the FPGAs x
Programming Volatile or Non-Volatile Key using Intel® FPGA Ethernet Cable and Intel® Quartus® Prime Software Programming Single-Device Volatile or Non-Volatile Key using Intel® Quartus® Prime Software Programming Single-Device Volatile or Non-Volatile Key using the Command-Line Interface in Intel® Quartus® Prime Software Programming Multi-Device Volatile or Non-Volatile Key using Intel® Quartus® Prime Software Programming Multi-Device Volatile or Non-Volatile Key using the Command-Line Interface in Intel® Quartus® Prime Software Programming Key using JTAG Technologies
Security Mode Verification x
Verification During JTAG Secure Mode
JTAG Secure Mode for 28-nm and 20-nm FPGAs x
Internal JTAG Interface Design Example for JTAG Secure Mode
Design Example for JTAG Secure Mode x
Design Example Intel® Quartus® Prime Design Components LOCK and UNLOCK JTAG Instructions Verifying JTAG Secure Mode
Using the Design Security Features in Intel® FPGAs

Verifying JTAG Secure Mode

Intel® recommends that you verify whether your device has successfully enter or exit JTAG secure mode by executing the non-mandatory JTAG instructions. To validate the JTAG secure mode with the reference design , follow these steps:
  1. FPGA power up
    After the FPGA is powered up, the FPGA is in the JTAG secure mode because the tamper-protection bit is enabled.
  2. FPGA configuration
    Configure the reference design into the FPGA. Since the FPGA is tamper resistant and accepts only encrypted configuration file, you need to configure the reference design in encrypted file as shown in Step 3: Configuring the 40-nm, 28-nm, or 20-nm FPGAs with Encrypted Configuration Data. To ensure the device enters user mode successfully, you can check the CONFDONE pin or observe the counter_output pin. If the device enters user mode successfully, the CONFDONE pin goes high and the counter_output pin should toggle.
  3. Verify the JTAG secure mode
    After the device enters user mode, issue the PULSE_NCONFIG JTAG instruction using the external JTAG pins. You can use the pulse_nconfig.jam file attached in the design example. To execute the pulse_nconfig.jam file, you can use the quartus_jli or the JAM player. The PULSE_NCONFIG JTAG instruction triggers device reconfiguration. If your device is in the JTAG secure mode, reconfiguration is not taking place because the PULSE_NCONFIG JTAG instruction is a non-mandatory JTAG instruction. You can confirm this by observing the CONFDONE pin and the counter_output pin. If reconfiguration did not take place, the CONFDONE pin stays high and the counter_output pin continues to toggle.
  4. Execute the UNLOCK JTAG instruction
    Pull the start_unlock port of the user logic to logic high. After the UNLOCK JTAG instruction is complete, the indicator port goes high.
  5. Verify the JTAG secure mode
    After the UNLOCK JTAG instruction is completed, issue the PULSE_NCONFIG JTAG instruction again using the external JTAG pins. If your device is not in the JTAG secure mode, the PULSE_NCONFIG JTAG instruction triggers device reconfiguration. You can observe the CONFDONE pin and the counter_output pin to monitor the device reconfiguration. The CONFDONE pin goes from high to low and the counter_output pin stops toggling during device reconfiguration.
Related Information
You should only apply these steps on an FPGA with the tamper-protection bit enabled.
Level Two Title