Security Overview for SDM-Based FPGA Devices

ID 794424
Date 9/20/2024
Public

3. Device Security Resources

Altera® provides several resources to help you choose and use device security features:

  • Documentation resources are available on the Resource and Documentation Center and require an Intel.com account and non-disclosure agreement
  • Secure (confidential) documents and resources are available on the Secure Asset Access – Developer Zone Premium (DZP) and require a confidential non-disclosure agreement and a Developer Zone Premium My Intel account. To request access, visit:
  • Design examples are available through rocketboards.com

The primary resource is the Security Methodology User Guide. This document contains detailed descriptions of device security features and their implementations. This document is intended to help all parties understand the various aspects of device security features and be successful in their role. For example, security and FPGA platform architects should review this document to select the security features necessary to meet the security objectives of your end solution. Design engineers can find specific and useful information about processes and data formats. Other resources described below depend on and assume knowledge of the content in this document.

Individual device family Device Security User Guides contain instructions to help use Quartus® Prime Pro Edition software to implement security features on your Altera® FPGA or structured ASIC devices.

Several application-specific user guides include information about features that may be relevant across device families or primarily useful to different kinds of development teams:
  • The Agilex™ 7 and eASIC™ N5X HPS Cryptographic Services User Guide contains information to assist HPS software engineers in the implementation and use of HPS software libraries to access cryptographic services provided by the SDM.
  • The Black Key Provisioning Service User Guide contains detailed steps to set up the Black Key Provisioning service.
Table 1.  Available Device Security Documentation
Document Name Document ID Location
Security Methodology for Intel FPGAs and Structured ASICs User Guide 724441 Resource and Documentation Center
Stratix® 10 Device Security User Guide 794313 Resource and Documentation Center
Agilex™ 7 Device Security User Guide 794315 Resource and Documentation Center
eASIC™ N5X Device Security User Guide 626836 Resource and Documentation Center
Device Security User Guide for Agilex™ 5 FPGAs and SoCs 815428 Resource and Documentation Center
Agilex™ 5, Agilex™ 7, and eASIC™ N5X HPS Cryptographic Services User Guide 728838 Resource and Documentation Center
AN-968: Black Key Provisioning Service Quick Start Guide 739071 Resource and Documentation Center
For some device families, a Security Tutorial is available to help you walk through a beginning-to-end example. In these tutorials, you learn how to create an Quartus® Prime Pro Edition project, apply security settings within Quartus, build secured bitstreams, and provision keys and other security settings to your device.
Table 2.  Available Device Security Tutorials
Document Name Document ID Location
Stratix® 10 Device Security Tutorial 792304 Resource and Documentation Center
Design examples are intended to demonstrate the use of Altera® device security features. You must carefully consider your security objectives and recommendations in Security Methodology while implementing your solution.
  • The FPGA-First HPS Secure Boot design example demonstrates the use of the SDM to authenticate subsequent stages of the HPS software boot chain.
  • The HPS-First HPS Secure Boot design example is similar, but securely boots the HPS software before configuring the FPGA fabric.
Table 3.  Available Device Security Design Examples
Example Name Location
   
Stratix® 10 SoC Secure Boot Demo Design (HPS First) Rocketboards.org
Agilex™ 7 SoC Secure Boot Demo Design (FPGA First) Rocketboards.org
Agilex™ 7 SoC Secure Boot Demo Design (HPS First) Rocketboards.org