AN 556: Using the Design Security Features in Intel FPGAs

ID 683269
Date 5/21/2021
Public
Document Table of Contents

Security Mode Verification

Intel FPGAs support the KEY_VERIFY JTAG instruction that allows you to verify the existing security mode of the device. To check if you have successfully programmed the volatile key, use the .jam files to automate the security mode verification steps.

Table 13.   KEY_VERIFY JTAG Instruction
JTAG Instruction Instruction Code Description
KEY_VERIFY 00 0001 0011 Connects the key verification scan register between TDI and TDO.

The KEY_VERIFY JTAG instruction allows you to read out the information on the security features that are enabled on the chip. This instruction scans out associated bit values.

Table 14.  Security Mode Verification for 40-nm FPGAs
Security Mode Supported Device Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5
No key Arria® II GX 0 0 0 0 0 0
  • Arria® II GZ
  • Stratix® IV
0 0 0 0 X X
Volatile key Arria® II GX 1 0 0 0 0 0
  • Arria® II GZ
  • Stratix® IV
1 0 0 0 X X
Volatile key with tamper protection Arria® II GX 1 0 0 0 1 0
  • Arria® II GZ
  • Stratix® IV
X X X X X X
Non-volatile key Arria® II GX 0 1 0 1 0 0
  • Arria® II GZ
  • Stratix® IV
0 1 0 1 X X
Non-volatile key with tamper protection bit Arria® II GX 0 1 1 1 0 0
  • Arria® II GZ
  • Stratix® IV
0 1 1 1 X X
Table 15.  Security Mode Verification for 28-nm FPGAs
Security Mode Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Bit 6 Bit 7 Bit 8
No key 0 0 0 0 0 X X X X
Volatile key 1 0 0 0 0 X X X X
Volatile key with tamper protection 14 1 0 0 0 1 X X X X
Non-volatile key 0 1 0 1 0 X X X X
Non-volatile key with tamper protection bit 14 0 1 1 1 0 X X X X
Table 16.  Security Mode Verification for 20-nm FPGAs
Bit Security Feature or Settings Description Active value
0 Volatile Key

This bit is set when a volatile key has been successfully programmed into the device.

1
1 Attempt Non-volatile Key Programming This bit is set to indicate that someone attempted to burn a non-volatile key in the OTP fused. 1
2 Disable Non-volatile Key This bit is set to disable use of the volatile key. 1
3 Non-volatile Key This bit is set to indicate that someone has successfully burned a non-volatile key into the OTP fuses. 1
4 Tamper Protection This bit is set when FPGA is in Tamper Protection mode with either Non-volatile or Volatile key. 1
5 Don’t Care Don’t Care. X
6 Volatile Key Lock This bit is set to prevent the volatile key from being reprogrammed from external JTAG. 1
7 - 10 Don’t Care Don’t Care. X
11 15 Force Configuration from HPS only This bit is set when configuration is allowed from HPS only. 1
12 External JTAG Bypass This bit is set to indicate that external JTAG is disabled. 1
13 16 HPS JTAG Bypass This bit is set to indicate that HPS JTAG is disabled. 1
14 17 Disable Partial Reconfiguration and Scrubbing This bit is set to indicate that external PR and external scrubbing (including HPS PR and HPS scrubbing) are disabled. 1
15 Disable Volatile Key This bit is set to indicate that the volatile key is disabled. 1
16 Don’t Care Don’t Care. X
17 Disable Key Related JTAG Instructions This bit is set to indicate that external JTAG access to all key-related JTAG instructions is disabled. 1
18 JTAG Secure Mode This bit is set to indicate that only mandatory JTAG instructions are allowed to be externally accessed. 1
19 Don’t Care Don’t Care. X
20 Volatile Key Clear

This bit is set when the volatile key is successfully cleared from the device.

1

The following examples show the .jam files to verify the FPGAs security modes. The example .jam files are only applicable to single FPGA device in a JTAG chain. For SoC devices, add the following statements before the IRSCAN command.

PREIR 4;
PREDR 1;

JAM File for 40-nm FPGAs (Arria II GX Devices)

STATE RESET;

STATE IDLE;

'Security Mode Identification

BOOLEAN verify_reg[6];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 6, $0, CAPTURE verify_reg[5..0];

JAM File for 40-nm FPGAs (Arria II GZ and Stratix IV Devices)

STATE RESET;

STATE IDLE;

'Key Verification

BOOLEAN verify_reg[4];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 4, $0, CAPTURE verify_reg[3..0];

JAM File for 28-nm FPGAs

STATE RESET;

STATE IDLE;

'Key Verification in JAM format

BOOLEAN verify_reg[9];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 9, $0, CAPTURE verify_reg[8..0];

JAM File for 20-nm FPGAs

STATE RESET;

STATE IDLE;

'Key Verification in JAM format

BOOLEAN verify_reg[21];

IRSCAN 10, $013;

WAIT 100 USEC;

DRSCAN 21, $0, CAPTURE verify_reg[20..0];

14 If the tamper protection is enabled, the device is in JTAG secure mode after power-up. You need to issue the UNLOCK to disable the JTAG secure mode.
15 Bit 11 is not applicable to Intel® Cyclone® 10 GX devices. In Intel® Cyclone® 10 GX devices, this bit is in a "don't care" condition.
16 Bit 13 is not applicable to Intel® Cyclone® 10 GX devices. In Intel® Cyclone® 10 GX devices, this bit is in a "don't care" condition.
17 Bit 14 is not applicable to Intel® Cyclone® 10 GX devices. In Intel® Cyclone® 10 GX devices, this bit is in a "don't care" condition.