Visible to Intel only — GUID: sss1440053381228
Ixiasoft
Visible to Intel only — GUID: sss1440053381228
Ixiasoft
1.2.1. Secure Device Manager
The SDM comprises peripherals, cryptographic IP and sensors, boot ROM, triple-redundant lockstep processors, and other blocks shown in the SDM Block Diagram figure. The SDM performs and manages the following security functions:
-
Configuration bitstream authentication: During the configuration state, the SDM authenticates the Intel-generated configuration firmware and configuration bitstream, ensuring that configuration bitstream is from a trusted source. All Intel® Agilex™ support authentication.
- Encryption: Encryption protects the configuration bitstream or confidential data from unauthorized third-party access.
- Side channel attack protection: Side channel attack protection guards AES Key and confidential data under non-intrusive attacks.
- Integrity checking: Integrity checking verifies that an accidental event has not corrupted the configuration bitstream. This function is active, even if you do not enable authentication.
Here is an overview of the additional functions the SDM controls:
-
SDM uses temperature sensor for SmartVID feature to communicate to the external PMBus voltage regulator when you select -V and -E devices.
-
The AES/SHA and other Crypto Accelerator blocks implement secure configuration and boot.
-
The AS enables active configuration schemes via dedicated SDM pins.
-
The Avalon® -ST x8 configuration scheme uses SDM I/O pins. The Avalon® -ST x16 and x32 configuration schemes use dedicated SDM I/O pins and dual-purpose I/O pins. Refer to the SDM Pin Mapping for more information.
-
To reduce configuration file size and support smaller memory sizes, and enable faster configuration, the Intel® Quartus® Prime software compresses the configuration data. All Intel® Agilex™ devices compress the configuration bitstream. This feature is always enabled. When specifying an encrypted configuration bitstream, the Intel® Quartus® Prime Pro Edition software compresses the configuration bitstream before encryption.
-
A specific PCIe* block included in the Intel® Agilex™ device supports CvP.