 English |
|
|
|
|
|
|
|
| EP2AGX95EF29C6N Datasheet, PDF (347/380 Pages) Altera Corporation – Device Interfaces and Integration | |||
| |||
| ◁ |
Chapter 9: Configuration, Design Security, and Remote System Upgrades in Arria II Devices
Design Security
9â61
Design Security
This section provides an overview of the design security features and their
implementation on Arria II devices using AES. It also covers the new security modes
available in Arria II devices.
As Arria II devices continue to play roles in larger and more critical designs in
competitive commercial and military environments, it is increasingly important to
protect your designs from copying, reverse engineering, and tampering.
Arria II devices address these concerns with both volatile and non-volatile security
feature support. Arria II devices have the ability to decrypt configuration bitstreams
using the AES algorithm, an industry-standard encryption algorithm that is FIPS-197
certified. Arria II devices have a design security feature which uses a 256-bit security
key.
Arria II devices store configuration data in SRAM configuration cells during device
operation. Because SRAM memory is volatile, the SRAM cells must be loaded with
configuration data each time the device powers up. It is possible to intercept
configuration data when it is being transmitted from the memory source (flash
memory or a configuration device) to the device. The intercepted configuration data
could then be used to configure another device.
When using the Arria II design security feature, the security key is stored in the
Arria II device. Depending on the security mode, you can configure the Arria II
device using a configuration file that is encrypted with the same key, or for board
testing, configured with a normal configuration file.
The design security feature is available when configuring Arria II devices using FPP
configuration mode with an external host (such as a MAX II device or
microprocessor), or when using AS, fast AS, or PS configuration schemes. The design
security feature is also available in remote update mode with AS and fast AS
configuration mode.
1 The design security feature is not available when you are configuring your Arria II
device using JTAG-based configuration. For more information, refer to âSupported
Configuration Schemesâ on page 9â66.
1 When using a serial configuration scheme such as AS, fast AS, or PS, configuration
time is the same whether or not you enable the design security feature. If you use the
FPP scheme with the design security or decompression feature, a x4 DCLK is required.
This results in a slower configuration time when compared with the configuration
time of an Arria II device that has neither the design security nor the decompression
feature enabled.
July 2012 Altera Corporation
Arria II Device Handbook Volume 1: Device Interfaces and Integration
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese