Intel® MAX® 10 FPGA Configuration User Guide

Download PDF
ID 683865
Date 3/27/2023
Public
Document Table of Contents
Document Table of Contents x
1. Intel® MAX® 10 FPGA Configuration Overview 2. Intel® MAX® 10 FPGA Configuration Schemes and Features 3. Intel® MAX® 10 FPGA Configuration Design Guidelines 4. Intel® MAX® 10 FPGA Configuration IP Core Implementation Guides 5. Dual Configuration Intel® FPGA IP Core References 6. Unique Chip ID Intel® FPGA IP Core References 7. Document Revision History for the Intel® MAX® 10 FPGA Configuration User Guide
2. Intel® MAX® 10 FPGA Configuration Schemes and Features x
2.1. Configuration Schemes 2.2. Configuration Features 2.3. Configuration Details
2.1. Configuration Schemes x
2.1.1. JTAG Configuration 2.1.2. Internal Configuration
2.1.1. JTAG Configuration x
2.1.1.1. JTAG Pins
2.1.2. Internal Configuration x
2.1.2.1. Internal Configuration Modes 2.1.2.2. Configuration Flash Memory 2.1.2.3. In-System Programming 2.1.2.4. Initialization Configuration Bits 2.1.2.5. Internal Configuration Time
2.1.2.2. Configuration Flash Memory x
2.1.2.2.1. Configuration Flash Memory Sectors 2.1.2.2.2. Configuration Flash Memory Programming Time
2.1.2.3. In-System Programming x
2.1.2.3.1. ISP Clamp 2.1.2.3.2. Real-Time ISP 2.1.2.3.3. ISP and Real-Time ISP Instructions
2.2. Configuration Features x
2.2.1. Remote System Upgrade 2.2.2. Configuration Design Security 2.2.3. SEU Mitigation and Configuration Error Detection 2.2.4. Configuration Data Compression
2.2.1. Remote System Upgrade x
2.2.1.1. Remote System Upgrade Flow 2.2.1.2. Remote System Upgrade Circuitry 2.2.1.3. User Watchdog Timer 2.2.1.4. Dual Configuration Intel® FPGA IP Core
2.2.1.2. Remote System Upgrade Circuitry x
2.2.1.2.1. Remote System Upgrade Circuitry Signals 2.2.1.2.2. Remote System Upgrade Circuitry Input Control 2.2.1.2.3. Remote System Upgrade Input Register 2.2.1.2.4. Remote System Upgrade Status Registers 2.2.1.2.5. Master State Machine
2.2.2. Configuration Design Security x
2.2.2.1. AES Encryption Protection 2.2.2.2. Unique Chip ID 2.2.2.3. JTAG Secure Mode 2.2.2.4. Verify Protect 2.2.2.5. JTAG Instruction Availability 2.2.2.6. Configuration Flash Memory Permissions
2.2.2.1. AES Encryption Protection x
2.2.2.1.1. Encryption and Decryption
2.2.2.2. Unique Chip ID x
2.2.2.2.1. Unique Chip ID Intel® FPGA IP Core
2.2.2.3. JTAG Secure Mode x
2.2.2.3.1. JTAG Secure Mode Instructions
2.2.2.6. Configuration Flash Memory Permissions x
2.2.2.6.1. Flash Region Access Control and Immutability
2.2.3. SEU Mitigation and Configuration Error Detection x
2.2.3.1. Configuration Error Detection 2.2.3.2. User Mode Error Detection 2.2.3.3. Error Detection Timing 2.2.3.4. Recovering from CRC Errors
2.2.3.2. User Mode Error Detection x
2.2.3.2.1. Error Detection Block 2.2.3.2.2. CHANGE_EDREG JTAG Instruction
2.2.3.3. Error Detection Timing x
2.2.3.3.1. Error Detection Frequency 2.2.3.3.2. Cyclic Redundancy Check Calculation Timing
2.3. Configuration Details x
2.3.1. Configuration Sequence 2.3.2. Intel® MAX® 10 Configuration Pins
2.3.1. Configuration Sequence x
2.3.1.1. Power-up 2.3.1.2. Configuration 2.3.1.3. Configuration Error Handling 2.3.1.4. Initialization 2.3.1.5. User Mode
2.3.1.1. Power-up x
2.3.1.1.1. POR Monitored Voltage Rails for Single-supply and Dual-supply Intel® MAX® 10 Devices 2.3.1.1.2. Monitored Power Supplies Ramp Time Requirement for Intel® MAX® 10 Devices
3. Intel® MAX® 10 FPGA Configuration Design Guidelines x
3.1. Dual-Purpose Configuration Pins 3.2. Configuring Intel® MAX® 10 Devices using JTAG Configuration 3.3. Configuring Intel® MAX® 10 Devices using Internal Configuration 3.4. Implementing ISP Clamp in Intel® Quartus® Prime Software 3.5. Accessing Remote System Upgrade through User Logic 3.6. Error Detection 3.7. Enabling Data Compression 3.8. AES Encryption 3.9. Intel® MAX® 10 JTAG Secure Design Example
3.1. Dual-Purpose Configuration Pins x
3.1.1. Guidelines: Dual-Purpose Configuration Pin 3.1.2. Enabling Dual-Purpose Pin
3.1.1. Guidelines: Dual-Purpose Configuration Pin x
3.1.1.1. JTAG Pin Sharing Behavior
3.2. Configuring Intel® MAX® 10 Devices using JTAG Configuration x
3.2.1. Auto-Generating Configuration Files for Third-Party Programming Tools Generating Third-Party Programming Files using Intel® Quartus® Prime Programmer 3.2.3. JTAG Configuration Setup 3.2.4. ICB Settings in JTAG Configuration
3.3. Configuring Intel® MAX® 10 Devices using Internal Configuration x
3.3.1. Selecting Internal Configuration Modes 3.3.2. .pof and ICB Settings 3.3.3. Programming .pof into Internal Flash
3.3.2. .pof and ICB Settings x
3.3.2.1. Auto-Generated .pof 3.3.2.2. Generating .pof using Convert Programming Files Generating Third-Party Programming Files using Intel® Quartus® Prime Programmer
3.4. Implementing ISP Clamp in Intel® Quartus® Prime Software x
3.4.1. Creating IPS File 3.4.2. Executing IPS File
3.6. Error Detection x
3.6.1. Verifying Error Detection Functionality 3.6.2. Enabling Error Detection 3.6.3. Accessing Error Detection Block Through User Logic
3.7. Enabling Data Compression x
3.7.1. Enabling Compression Before Design Compilation 3.7.2. Enabling Compression After Design Compilation
3.8. AES Encryption x
3.8.1. Generating .ekp File and Encrypt Configuration File 3.8.2. Generating .jam/.jbc/.svf file from .ekp file 3.8.3. Programming .ekp File and Encrypted POF File 3.8.4. Encryption in Internal Configuration
3.8.3. Programming .ekp File and Encrypted POF File x
3.8.3.1. Programming .ekp File and Encrypted .pof Separately 3.8.3.2. Integrate the .ekp into .pof Programming
3.9. Intel® MAX® 10 JTAG Secure Design Example x
3.9.1. Internal and External JTAG Interfaces 3.9.2. JTAG WYSIWYG Atom for JTAG Control Block Access Using Internal JTAG Interface 3.9.3. Executing LOCK and UNLOCK JTAG Instructions 3.9.4. Verifying the JTAG Secure Mode
4. Intel® MAX® 10 FPGA Configuration IP Core Implementation Guides x
4.1. Unique Chip ID Intel® FPGA IP Core 4.2. Dual Configuration Intel® FPGA IP Core
4.1. Unique Chip ID Intel® FPGA IP Core x
4.1.1. Instantiating the Unique Chip ID Intel® FPGA IP Core 4.1.2. Resetting the Unique Chip ID Intel® FPGA IP Core
4.2. Dual Configuration Intel® FPGA IP Core x
4.2.1. Instantiating the Dual Configuration Intel® FPGA IP Core
5. Dual Configuration Intel® FPGA IP Core References x
5.1. Dual Configuration Intel® FPGA IP Core Avalon® Memory-Mapped Address Map 5.2. Dual Configuration Intel® FPGA IP Core Parameters
6. Unique Chip ID Intel® FPGA IP Core References x
6.1. Unique Chip ID Intel® FPGA IP Core Ports
1. Intel® MAX® 10 FPGA Configuration Overview
2. Intel® MAX® 10 FPGA Configuration Schemes and Features
3. Intel® MAX® 10 FPGA Configuration Design Guidelines
4. Intel® MAX® 10 FPGA Configuration IP Core Implementation Guides
5. Dual Configuration Intel® FPGA IP Core References
6. Unique Chip ID Intel® FPGA IP Core References
7. Document Revision History for the Intel® MAX® 10 FPGA Configuration User Guide

2.2.2. Configuration Design Security

Security Notice: Intel® MAX® 10 devices do not include an internal mechanism to authenticate bitstreams. Intel® recommends implementing system-level controls external to the Intel® MAX® 10 devices via additional components or via soft IP within the Intel® MAX® 10 devices to incorporate bitstream authentication. Alternatively, you may select a device that includes internal bitstream authentication such as Intel® Stratix® 10 or Intel Agilex® 7 devices.

The Intel® MAX® 10 design security feature supports the following capabilities:

  • Encryption—Built-in encryption standard (AES) to support 128-bit key industry-standard design security algorithm
  • Chip ID—Unique device identification
  • JTAG secure mode—limits access to JTAG instructions
  • Verify Protect—allows optional disabling of CFM content read-back
  • Flash region access control and immutability—enable immutability of the flash region CFM0 when configured from CFM1. You can leverage this feature to implement a Device Identifier Composition Engine (DICE) compliant design.
    Note: The flash region access control and immutability feature is only available in Intel® MAX® 10 devices with DD feature options (10M40DD and 10M50DD).

Section Content
AES Encryption Protection
Unique Chip ID
JTAG Secure Mode
Verify Protect
JTAG Instruction Availability
Configuration Flash Memory Permissions

Level Two Title