AN 556: Using the Design Security Features in Intel FPGAs

Download PDF
ID 683269
Date 5/21/2021
Public
Document Table of Contents
Document Table of Contents x
Using the Design Security Features in Intel® FPGAs
Using the Design Security Features in Intel® FPGAs x
Overview of the Design Security Feature Hardware and Software Requirements Steps for Implementing a Secure Configuration Flow Steps to Enable Tamper-Protection Bit Programming Supported Configuration Schemes Security Mode Verification Serial Flash Loader Support with Encryption Enabled Serial Flash Loader Support with Encryption Enabled for Single FPGA Device Chain JTAG Secure Mode for 28-nm and 20-nm FPGAs Document Revision History for AN 556: Using the Design Security Features in Intel® FPGAs
Overview of the Design Security Feature x
Security Encryption Algorithm Non-Volatile and Volatile Key Storage Key Programming Intel® Arria® 10 and Intel® Cyclone® 10 GX Qcrypt Security Tool
Intel® Arria® 10 and Intel® Cyclone® 10 GX Qcrypt Security Tool x
Using Qcrypt Tool Qcrypt Tool Options Security Levels of Qcrypt Tool Security Option
Hardware and Software Requirements x
Hardware Requirements Software Requirements
Steps for Implementing a Secure Configuration Flow x
Step 1: Generating .ekp File and Encrypting Configuration File Step 2a: Programming Volatile Key into the FPGAs Step 2b: Programming Non-Volatile Key into the FPGAs Step 3: Configuring the 40-nm, 28-nm, or 20-nm FPGAs with Encrypted Configuration Data
Step 1: Generating .ekp File and Encrypting Configuration File x
Generating Single-Device .ekp File and Encrypting Configuration File using Intel® Quartus® Prime Software Generating Single-Device .ekp File and Encrypting Configuration File using Command-Line Interface in Intel® Quartus® Prime Software Generating Multi-Device .ekp File and Encrypting Configuration File using Intel® Quartus® Prime Software
Step 2b: Programming Non-Volatile Key into the FPGAs x
Programming Volatile or Non-Volatile Key using Intel® FPGA Ethernet Cable and Intel® Quartus® Prime Software Programming Single-Device Volatile or Non-Volatile Key using Intel® Quartus® Prime Software Programming Single-Device Volatile or Non-Volatile Key using the Command-Line Interface in Intel® Quartus® Prime Software Programming Multi-Device Volatile or Non-Volatile Key using Intel® Quartus® Prime Software Programming Multi-Device Volatile or Non-Volatile Key using the Command-Line Interface in Intel® Quartus® Prime Software Programming Key using JTAG Technologies
Security Mode Verification x
JAM File for 40-nm FPGAs (Arria II GX Devices) JAM File for 40-nm FPGAs (Arria II GZ and Stratix IV Devices) JAM File for 28-nm FPGAs JAM File for 20-nm FPGAs Verification During JTAG Secure Mode
JTAG Secure Mode for 28-nm and 20-nm FPGAs x
Internal JTAG Interface Design Example for JTAG Secure Mode
Design Example for JTAG Secure Mode x
Design Example Intel® Quartus® Prime Design Components LOCK and UNLOCK JTAG Instructions Verifying JTAG Secure Mode
Using the Design Security Features in Intel® FPGAs

Security Mode Verification

Intel FPGAs support the KEY_VERIFY JTAG instruction that allows you to verify the existing security mode of the device. To check if you have successfully programmed the volatile key, use the .jam files to automate the security mode verification steps.

Table 13.   KEY_VERIFY JTAG Instruction
JTAG Instruction Instruction Code Description
KEY_VERIFY 00 0001 0011 Connects the key verification scan register between TDI and TDO.

The KEY_VERIFY JTAG instruction allows you to read out the information on the security features that are enabled on the chip. This instruction scans out associated bit values.

Table 14.  Security Mode Verification for 40-nm FPGAs
Security Mode Supported Device Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5
No key Arria® II GX 0 0 0 0 0 0
  • Arria® II GZ
  • Stratix® IV
0 0 0 0 X X
Volatile key Arria® II GX 1 0 0 0 0 0
  • Arria® II GZ
  • Stratix® IV
1 0 0 0 X X
Volatile key with tamper protection Arria® II GX 1 0 0 0 1 0
  • Arria® II GZ
  • Stratix® IV
X X X X X X
Non-volatile key Arria® II GX 0 1 0 1 0 0
  • Arria® II GZ
  • Stratix® IV
0 1 0 1 X X
Non-volatile key with tamper protection bit Arria® II GX 0 1 1 1 0 0
  • Arria® II GZ
  • Stratix® IV
0 1 1 1 X X
Table 15.  Security Mode Verification for 28-nm FPGAs
Security Mode Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Bit 6 Bit 7 Bit 8
No key 0 0 0 0 0 X X X X
Volatile key 1 0 0 0 0 X X X X
Volatile key with tamper protection 14 1 0 0 0 1 X X X X
Non-volatile key 0 1 0 1 0 X X X X
Non-volatile key with tamper protection bit 14 0 1 1 1 0 X X X X
Table 16.  Security Mode Verification for 20-nm FPGAs
Bit Security Feature or Settings Description Active value
0 Volatile Key

This bit is set when a volatile key has been successfully programmed into the device.

1
1 Attempt Non-volatile Key Programming This bit is set to indicate that someone attempted to burn a non-volatile key in the OTP fused. 1
2 Disable Non-volatile Key This bit is set to disable use of the volatile key. 1
3 Non-volatile Key This bit is set to indicate that someone has successfully burned a non-volatile key into the OTP fuses. 1
4 Tamper Protection This bit is set when FPGA is in Tamper Protection mode with either Non-volatile or Volatile key. 1
5 Don’t Care Don’t Care. X
6 Volatile Key Lock This bit is set to prevent the volatile key from being reprogrammed from external JTAG. 1
7 - 10 Don’t Care Don’t Care. X
11 15 Force Configuration from HPS only This bit is set when configuration is allowed from HPS only. 1
12 External JTAG Bypass This bit is set to indicate that external JTAG is disabled. 1
13 16 HPS JTAG Bypass This bit is set to indicate that HPS JTAG is disabled. 1
14 17 Disable Partial Reconfiguration and Scrubbing This bit is set to indicate that external PR and external scrubbing (including HPS PR and HPS scrubbing) are disabled. 1
15 Disable Volatile Key This bit is set to indicate that the volatile key is disabled. 1
16 Don’t Care Don’t Care. X
17 Disable Key Related JTAG Instructions This bit is set to indicate that external JTAG access to all key-related JTAG instructions is disabled. 1
18 JTAG Secure Mode This bit is set to indicate that only mandatory JTAG instructions are allowed to be externally accessed. 1
19 Don’t Care Don’t Care. X
20 Volatile Key Clear

This bit is set when the volatile key is successfully cleared from the device.

1

The following examples show the .jam files to verify the FPGAs security modes. The example .jam files are only applicable to single FPGA device in a JTAG chain. For SoC devices, add the following statements before the IRSCAN command. 

PREIR 4;
PREDR 1;

JAM File for 40-nm FPGAs (Arria II GX Devices)

STATE RESET;

STATE IDLE;

'Security Mode Identification

BOOLEAN verify_reg[6];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 6, $0, CAPTURE verify_reg[5..0];

JAM File for 40-nm FPGAs (Arria II GZ and Stratix IV Devices)

STATE RESET;

STATE IDLE;

'Key Verification

BOOLEAN verify_reg[4];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 4, $0, CAPTURE verify_reg[3..0];

JAM File for 28-nm FPGAs

STATE RESET;

STATE IDLE;

'Key Verification in JAM format

BOOLEAN verify_reg[9];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 9, $0, CAPTURE verify_reg[8..0];

JAM File for 20-nm FPGAs

STATE RESET;

STATE IDLE;

'Key Verification in JAM format

BOOLEAN verify_reg[21];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 21, $0, CAPTURE verify_reg[20..0];


Section Content
Verification During JTAG Secure Mode

Related Information
14 If the tamper protection is enabled, the device is in JTAG secure mode after power-up. You need to issue the UNLOCK to disable the JTAG secure mode.
15 Bit 11 is not applicable to Intel® Cyclone® 10 GX devices. In Intel® Cyclone® 10 GX devices, this bit is in a "don't care" condition.
16 Bit 13 is not applicable to Intel® Cyclone® 10 GX devices. In Intel® Cyclone® 10 GX devices, this bit is in a "don't care" condition.
17 Bit 14 is not applicable to Intel® Cyclone® 10 GX devices. In Intel® Cyclone® 10 GX devices, this bit is in a "don't care" condition.
Level Two Title