AN 556: Using the Design Security Features in Intel FPGAs

ID 683269
Date 5/21/2021
Public
Document Table of Contents

Overview of the Design Security Feature

The design security feature for Intel FPGAs protects against unauthorized copying , reverse engineering, and tampering. The following table lists some of the design approaches to make the solution secure.

The 20-nm FPGAs have additional security features that you can enable by burning a fuse, or by setting an option bit in the configuration bit-stream by using the stand-alone Qcrypt tool or the Intel® Quartus® Prime Convert Programming File tool. Tamper-protection bit and JTAG Secure mode can be enabled separately in 20-nm FPGAs only.

Table 3.  Design Security Approach for 40-nm and 28-nm FPGAs
CAUTION:
Enabling the tamper-protection bit disables the test mode in 40-nm and 28-nm FPGAs. Disabling the test mode is irreversible and prevents Intel from carrying out failure analysis. To enable the tamper protection bit, refer to the Steps to Enable Tamper-Protection Bit Programming section.
Design Security Element 40-nm FPGA 28-nm FPGA 1
Non-Volatile key The non-volatile key is securely stored in fuses within the device. Proprietary security features make it difficult to determine this key.
Volatile Key The volatile key is securely stored in battery-backed RAM within the device. Proprietary security features make it difficult to determine this key.
Key Generation Two user provided 256-bit strings are processed to generate a 256-bit key that is programmed into the device. A user provided 256-bit key is processed by a one-way function before being programmed into the device.
Key Choice User only set either 1 security key type (non-volatile key or volatile key) into the device.
Tamper Protection Mode Tamper protection mode prevents the FPGA from being loaded with an unencrypted configuration file. When you enable this mode, the FPGA can only be loaded with a configuration that has been encrypted with your key. Unencrypted configurations and configurations encrypted with the wrong key result in a configuration failure. You can enable this mode by setting a fuse within the device.
Configuration Readback These devices do not support a configuration readback feature which makes readback of your unencrypted configuration data infeasible.
Table 4.  Design Security Approach for 20-nm FPGAs
Design Security Element Description
Non-Volatile key The non-volatile key is securely stored in fuses within the device. Proprietary security features make it difficult to determine this key.
Volatile Key The volatile key is securely stored in battery-backed RAM within the device. Proprietary security features make it difficult to determine this key.
Key Generation A user provided 256-bit key is processed by a one-way function before being programmed into the device.
Key Choice Both volatile and non-volatile key can exist in a device. User can choose which key to use by setting the option bits in encrypted configuration file through the Convert Programming File tool or the Qcrypt tool.
Tamper Protection Mode Tamper protection mode prevents the FPGA from being loaded with an unencrypted configuration file. When you enable this mode, the FPGA can only be loaded with a configuration that has been encrypted with your key. Unencrypted configurations and configurations encrypted with the wrong key result in a configuration failure. You can enable this mode by setting a fuse within the device.
Configuration Readback These devices do not support a configuration readback feature. From a security perspective, this makes readback of your unencrypted configuration data infeasible.
Security Key Control By using different JTAG instructions and the security option in the Qcrypt tool, you have the flexibility to permanently or temporarily disable the use of the non-volatile or volatile key. You can also choose to lock the volatile key to prevent it from being overwritten or reprogrammed.
JTAG Access Control

You can enable various levels of JTAG access control by setting the OTP fuses or option bits in the configuration file using the Qcrypt tool:

  1. Force full configuration or partial configuration to be done through HPS only.
  2. Bypass external JTAG pin or HPS JTAG. This feature disables external JTAG or HPS JTAG access, but can be unlocked through internal core access. 2
  3. Disable all AES key related JTAG instructions from external JTAG pins.
  4. Allows only a limited set of mandatory JTAG instruction to be accessed through external JTAG, similar to JTAG Secure mode.
Note: For additional details on these and other security features, contact Intel FPGA Technical Support.
1 When you enable the tamper-protection bit in 28-nm FPGAs, the device is in the JTAG secure mode.
2 Intel® Cyclone® 10 GX does not support force full configuration or partial configuration through HPS and HPS JTAG Bypass.