AN 556: Using the Design Security Features in Intel FPGAs

ID 683269
Date 5/21/2021
Public
Document Table of Contents

Step 2b: Programming Non-Volatile Key into the FPGAs

Before programming the non-volatile key into the devices, ensure that you can successfully configure the FPGA with an unencrypted configuration file. The non-volatile key is one-time programmable through the JTAG interface. You can program the non-volatile key into the devices without an external battery. Devices with the non-volatile key successfully programmed can accept both encrypted and unencrypted configuration bitstreams. If you set the tamper protection bit, only encrypted configuration bitstreams are accepted. This enables the use of unencrypted configuration bitstreams for board-level testing.

Any attempt to configure the FPGAs containing the volatile key with a configuration file encrypted with the wrong key causes the configuration to fail. If this occurs, the nSTATUS signal from the FPGA pulses low and continues to reset itself if you enable the Auto-restart configuration after error option in the Intel® Quartus® Prime software.

You can program the non-volatile key into the devices using on-board prototyping, volume production, and off-board prototyping and production listed in Key Programming.