Visible to Intel only — GUID: bco1526878784511
Ixiasoft
Overview of the Design Security Feature
Hardware and Software Requirements
Steps for Implementing a Secure Configuration Flow
Steps to Enable Tamper-Protection Bit Programming
Supported Configuration Schemes
Security Mode Verification
Serial Flash Loader Support with Encryption Enabled
Serial Flash Loader Support with Encryption Enabled for Single FPGA Device Chain
JTAG Secure Mode for 28-nm and 20-nm FPGAs
Document Revision History for AN 556: Using the Design Security Features in Intel® FPGAs
Generating Single-Device .ekp File and Encrypting Configuration File using Intel® Quartus® Prime Software
Generating Single-Device .ekp File and Encrypting Configuration File using Command-Line Interface in Intel® Quartus® Prime Software
Generating Multi-Device .ekp File and Encrypting Configuration File using Intel® Quartus® Prime Software
Programming Volatile or Non-Volatile Key using Intel® FPGA Ethernet Cable and Intel® Quartus® Prime Software
Programming Single-Device Volatile or Non-Volatile Key using Intel® Quartus® Prime Software
Programming Single-Device Volatile or Non-Volatile Key using the Command-Line Interface in Intel® Quartus® Prime Software
Programming Multi-Device Volatile or Non-Volatile Key using Intel® Quartus® Prime Software
Programming Multi-Device Volatile or Non-Volatile Key using the Command-Line Interface in Intel® Quartus® Prime Software
Programming Key using JTAG Technologies
Visible to Intel only — GUID: bco1526878784511
Ixiasoft
Steps to Enable Tamper-Protection Bit Programming
The default .ekp file generated in the Steps for Implementing a Secure Configuration Flow section contains only volatile or non-volatile key programming. To enable the tamper-protection bit programming, follow these steps:
- Create a quartus.ini file using the text editor, with this key-value pair: PGM_GEN_KEY_SECURE_EKP=ON.
- Save the quartus.ini in one of the following folders:
- Project folder
- <Quartus installation folder>\bin64 folder for Windows OS
- <Quartus installation folder>/linux64 folder for Linux OS
- When the Intel® Quartus® Prime Convert Programming File tool read the quartus.ini during .ekp file generation process, the additional tamper-protection bit programming instruction is inserted into the generated .ekp file.
CAUTION:The .ekp file generated with this quartus.ini contain tamper-protection bit programming. When the .ekp file is used to program into the devices, the tamper-protection bit is programmed, and this programming is not reversible. You need to manage the .ekp file to avoid unintentional programming of tamper-protection bit into your device.As the .ekp file contains the tamper bit programming instruction, therefore if you generate .jam or .svf files from this .ekp file for key programming, the .jam or .svf files program the tamper-protection bit without the need for the quartus.ini with the specified key-value pair.