Intel® MAX® 10 FPGA Configuration User Guide

Download PDF
ID 683865
Date 3/27/2023
Public
Document Table of Contents
Document Table of Contents x
1. Intel® MAX® 10 FPGA Configuration Overview 2. Intel® MAX® 10 FPGA Configuration Schemes and Features 3. Intel® MAX® 10 FPGA Configuration Design Guidelines 4. Intel® MAX® 10 FPGA Configuration IP Core Implementation Guides 5. Dual Configuration Intel® FPGA IP Core References 6. Unique Chip ID Intel® FPGA IP Core References 7. Document Revision History for the Intel® MAX® 10 FPGA Configuration User Guide
2. Intel® MAX® 10 FPGA Configuration Schemes and Features x
2.1. Configuration Schemes 2.2. Configuration Features 2.3. Configuration Details
2.1. Configuration Schemes x
2.1.1. JTAG Configuration 2.1.2. Internal Configuration
2.1.1. JTAG Configuration x
2.1.1.1. JTAG Pins
2.1.2. Internal Configuration x
2.1.2.1. Internal Configuration Modes 2.1.2.2. Configuration Flash Memory 2.1.2.3. In-System Programming 2.1.2.4. Initialization Configuration Bits 2.1.2.5. Internal Configuration Time
2.1.2.2. Configuration Flash Memory x
2.1.2.2.1. Configuration Flash Memory Sectors 2.1.2.2.2. Configuration Flash Memory Programming Time
2.1.2.3. In-System Programming x
2.1.2.3.1. ISP Clamp 2.1.2.3.2. Real-Time ISP 2.1.2.3.3. ISP and Real-Time ISP Instructions
2.2. Configuration Features x
2.2.1. Remote System Upgrade 2.2.2. Configuration Design Security 2.2.3. SEU Mitigation and Configuration Error Detection 2.2.4. Configuration Data Compression
2.2.1. Remote System Upgrade x
2.2.1.1. Remote System Upgrade Flow 2.2.1.2. Remote System Upgrade Circuitry 2.2.1.3. User Watchdog Timer 2.2.1.4. Dual Configuration Intel® FPGA IP Core
2.2.1.2. Remote System Upgrade Circuitry x
2.2.1.2.1. Remote System Upgrade Circuitry Signals 2.2.1.2.2. Remote System Upgrade Circuitry Input Control 2.2.1.2.3. Remote System Upgrade Input Register 2.2.1.2.4. Remote System Upgrade Status Registers 2.2.1.2.5. Master State Machine
2.2.2. Configuration Design Security x
2.2.2.1. AES Encryption Protection 2.2.2.2. Unique Chip ID 2.2.2.3. JTAG Secure Mode 2.2.2.4. Verify Protect 2.2.2.5. JTAG Instruction Availability 2.2.2.6. Configuration Flash Memory Permissions
2.2.2.1. AES Encryption Protection x
2.2.2.1.1. Encryption and Decryption
2.2.2.2. Unique Chip ID x
2.2.2.2.1. Unique Chip ID Intel® FPGA IP Core
2.2.2.3. JTAG Secure Mode x
2.2.2.3.1. JTAG Secure Mode Instructions
2.2.2.6. Configuration Flash Memory Permissions x
2.2.2.6.1. Flash Region Access Control and Immutability
2.2.3. SEU Mitigation and Configuration Error Detection x
2.2.3.1. Configuration Error Detection 2.2.3.2. User Mode Error Detection 2.2.3.3. Error Detection Timing 2.2.3.4. Recovering from CRC Errors
2.2.3.2. User Mode Error Detection x
2.2.3.2.1. Error Detection Block 2.2.3.2.2. CHANGE_EDREG JTAG Instruction
2.2.3.3. Error Detection Timing x
2.2.3.3.1. Error Detection Frequency 2.2.3.3.2. Cyclic Redundancy Check Calculation Timing
2.3. Configuration Details x
2.3.1. Configuration Sequence 2.3.2. Intel® MAX® 10 Configuration Pins
2.3.1. Configuration Sequence x
2.3.1.1. Power-up 2.3.1.2. Configuration 2.3.1.3. Configuration Error Handling 2.3.1.4. Initialization 2.3.1.5. User Mode
2.3.1.1. Power-up x
2.3.1.1.1. POR Monitored Voltage Rails for Single-supply and Dual-supply Intel® MAX® 10 Devices 2.3.1.1.2. Monitored Power Supplies Ramp Time Requirement for Intel® MAX® 10 Devices
3. Intel® MAX® 10 FPGA Configuration Design Guidelines x
3.1. Dual-Purpose Configuration Pins 3.2. Configuring Intel® MAX® 10 Devices using JTAG Configuration 3.3. Configuring Intel® MAX® 10 Devices using Internal Configuration 3.4. Implementing ISP Clamp in Intel® Quartus® Prime Software 3.5. Accessing Remote System Upgrade through User Logic 3.6. Error Detection 3.7. Enabling Data Compression 3.8. AES Encryption 3.9. Intel® MAX® 10 JTAG Secure Design Example
3.1. Dual-Purpose Configuration Pins x
3.1.1. Guidelines: Dual-Purpose Configuration Pin 3.1.2. Enabling Dual-Purpose Pin
3.1.1. Guidelines: Dual-Purpose Configuration Pin x
3.1.1.1. JTAG Pin Sharing Behavior
3.2. Configuring Intel® MAX® 10 Devices using JTAG Configuration x
3.2.1. Auto-Generating Configuration Files for Third-Party Programming Tools Generating Third-Party Programming Files using Intel® Quartus® Prime Programmer 3.2.3. JTAG Configuration Setup 3.2.4. ICB Settings in JTAG Configuration
3.3. Configuring Intel® MAX® 10 Devices using Internal Configuration x
3.3.1. Selecting Internal Configuration Modes 3.3.2. .pof and ICB Settings 3.3.3. Programming .pof into Internal Flash
3.3.2. .pof and ICB Settings x
3.3.2.1. Auto-Generated .pof 3.3.2.2. Generating .pof using Convert Programming Files Generating Third-Party Programming Files using Intel® Quartus® Prime Programmer
3.4. Implementing ISP Clamp in Intel® Quartus® Prime Software x
3.4.1. Creating IPS File 3.4.2. Executing IPS File
3.6. Error Detection x
3.6.1. Verifying Error Detection Functionality 3.6.2. Enabling Error Detection 3.6.3. Accessing Error Detection Block Through User Logic
3.7. Enabling Data Compression x
3.7.1. Enabling Compression Before Design Compilation 3.7.2. Enabling Compression After Design Compilation
3.8. AES Encryption x
3.8.1. Generating .ekp File and Encrypt Configuration File 3.8.2. Generating .jam/.jbc/.svf file from .ekp file 3.8.3. Programming .ekp File and Encrypted POF File 3.8.4. Encryption in Internal Configuration
3.8.3. Programming .ekp File and Encrypted POF File x
3.8.3.1. Programming .ekp File and Encrypted .pof Separately 3.8.3.2. Integrate the .ekp into .pof Programming
3.9. Intel® MAX® 10 JTAG Secure Design Example x
3.9.1. Internal and External JTAG Interfaces 3.9.2. JTAG WYSIWYG Atom for JTAG Control Block Access Using Internal JTAG Interface 3.9.3. Executing LOCK and UNLOCK JTAG Instructions 3.9.4. Verifying the JTAG Secure Mode
4. Intel® MAX® 10 FPGA Configuration IP Core Implementation Guides x
4.1. Unique Chip ID Intel® FPGA IP Core 4.2. Dual Configuration Intel® FPGA IP Core
4.1. Unique Chip ID Intel® FPGA IP Core x
4.1.1. Instantiating the Unique Chip ID Intel® FPGA IP Core 4.1.2. Resetting the Unique Chip ID Intel® FPGA IP Core
4.2. Dual Configuration Intel® FPGA IP Core x
4.2.1. Instantiating the Dual Configuration Intel® FPGA IP Core
5. Dual Configuration Intel® FPGA IP Core References x
5.1. Dual Configuration Intel® FPGA IP Core Avalon® Memory-Mapped Address Map 5.2. Dual Configuration Intel® FPGA IP Core Parameters
6. Unique Chip ID Intel® FPGA IP Core References x
6.1. Unique Chip ID Intel® FPGA IP Core Ports
1. Intel® MAX® 10 FPGA Configuration Overview
2. Intel® MAX® 10 FPGA Configuration Schemes and Features
3. Intel® MAX® 10 FPGA Configuration Design Guidelines
4. Intel® MAX® 10 FPGA Configuration IP Core Implementation Guides
5. Dual Configuration Intel® FPGA IP Core References
6. Unique Chip ID Intel® FPGA IP Core References
7. Document Revision History for the Intel® MAX® 10 FPGA Configuration User Guide

3.8.1. Generating .ekp File and Encrypt Configuration File

To generate the .ekp file and encrypt your configuration file, follow these steps:

  1. On the File menu, click Convert Programming Files.
  2. Under Output programming file, select Programmer Object File (.pof) in the Programming file type list.
  3. In the Mode list, select Internal Configuration.
  4. Click Option/Boot Info and the ICB setting dialog box will appear.
  5. You can enable the Allow encrypted POF only option. Click OK once ICB setting is set.
    The device will only accept encrypted bitstream during internal configuration if this option is enabled. If you encrypt one of CFM0, CFM1 or CFM2 only, the Programmer will post a warning.
  6. Type the file name in the File name field, or browse to and select the file.
  7. Under the Input files to convert section, click SOF Data.
  8. Click Add File to open the Select Input File dialog box.
  9. Browse to the unencrypted .sof and click Open.
  10. Under the Input files to convert section, click on the added .sof.
  11. Click Properties and the SOF Files Properties: Bitstream Encryption dialog box will appear.
  12. Turn on Generate encrypted bitstream.
  13. Turn on Generate key programming file and type the .ekp file path and file name in the text area, or browse to and select <filename>.ekp.
  14. You can the key with either a .key file or entering the key manually.
    Note: Intel® MAX® 10 devices require the entry of 128-bit keys.
    • Adding key with a .key file.

      The .key file is a plain text file in which each line represents a key unless the line starts with "#". The "#" symbol is used to denote comments. Each valid key line has the following format: 

      <key identity><white space><128-bit hexadecimal key>
# This is an example key file
key1 0123456789ABCDEF0123456789ABCDEF
      1. Enable the Use key file checkbox.
      2. Click Open and add the desired .key file and click Open again.
      3. Under Key entry part, the key contained in the .key file will be selected in the drop-down list.
      4. Click OK.
    • Entering your key manually.
      1. Under Key entry part, click the Add button.
      2. Select the Key Entry Method to enter the encryption key either with the On-screen Keypad or Keyboard.
      3. Enter a key name in the Key Name (alphanumeric) field.
      4. Key in the desired key in the Key (128-bit hexadecimal) field and repeat in the Confirm Key field below it.
      5. Click OK.
  15. Read the design security feature disclaimer. If you agree, turn on the acknowledgment box and click OK.
  16. In the Convert Programming Files dialog box, click OK. The <filename>.ekp and encrypted configuration file will be generated in the same project directory.
    Note: For dual configuration .pof file, both .sof file need to be encrypted with the same key.The generation of key file and encrypted configuration file will not be successful if different keys are used.
Level Two Title