Cyclone® 10 GX Core Fabric and General Purpose I/Os Handbook

ID 683775
Date 7/08/2024
Public
Document Table of Contents

7.5. Design Security

The Cyclone® 10 GX design security feature supports the following capabilities:

  • Enhanced built-in advanced encryption standard (AES) decryption block to support 256-bit key industry-standard design security algorithm (FIPS-197 Certified)
  • Volatile and non-volatile key programming support
  • Secure operation mode for both volatile and non-volatile key through tamper protection mode
  • Limited accessible JTAG instruction during power-up in the JTAG Secure mode
  • Supports POF authentication and protection against Side-Channel Attack
  • Provides JTAG access control and security key control through fuse bit or option bits
  • Disables all JTAG instructions from power-up until the device is initialized
  • Supports board-level testing
  • Supports off-board key programming for non-volatile key
  • Stand-alone Qcrypt tool to encrypt and decrypt with other security settings to configuration bit stream.
  • Available in all configuration schemes except JTAG
  • Supports remote system upgrades feature
Table 79.  Design Security Approach for Cyclone® 10 GX Devices
Design Security Element Description
Non-Volatile key The non-volatile key is securely stored in fuses within the device. Proprietary security features make it difficult to determine this key.
Volatile Key The volatile key is securely stored in battery-backed RAM within the device. Proprietary security features make it difficult to determine this key.
Key Generation A user provided 256-bit key is processed by a one-way function before being programmed into the device.
Key Choice Both volatile and non-volatile key can exist in a device. User can choose which key to use by setting the option bits in encrypted configuration file through the Convert Programming File tool or the Qcrypt tool.
Tamper Protection Mode Tamper protection mode prevents the FPGA from being loaded with an unencrypted configuration file. When you enable this mode, the FPGA can only be loaded with a configuration that has been encrypted with your key. Unencrypted configurations and configurations encrypted with the wrong key can result in a configuration failure. You can enable this mode by setting a fuse within the device.
Configuration Readback These devices do not support a configuration readback feature. From a security perspective, this makes readback of your unencrypted configuration data infeasible.
Security Key Control By using different JTAG instructions and the security option in the Qcrypt tool, you have the flexibility to permanently or temporarily disable the use of the non-volatile or volatile key. You can also choose to lock the volatile key to prevent it from being overwritten or reprogrammed.
JTAG Access Control

You can enable various levels of JTAG access control by setting the OTP fuses or option bits in the configuration file using the Qcrypt tool:

  1. Bypass external JTAG pin. This feature disables external JTAG access, but can be unlocked through internal core access.
  2. Disable all AES key related JTAG instructions from external JTAG pins.
  3. Allows only a limited set of mandatory JTAG instruction to be accessed through external JTAG, similar to JTAG Secure mode.
Note:
  • You cannot enable encryption and compression at the same time for all configuration scheme.
  • When you use design security with Cyclone® 10 GX devices in an FPP configuration scheme, it requires a different DCLK-to-DATA[] ratio.