English
Language : 

EP2AGX95EF29C6N Datasheet, PDF (348/380 Pages) Altera Corporation – Device Interfaces and Integration
9–62
Chapter 9: Configuration, Design Security, and Remote System Upgrades in Arria II Devices
Design Security
Arria II Security Protection
Arria II device designs are protected from copying, reverse engineering, and
tampering using configuration bitstream encryption.
Security Against Copying
The security key is securely stored in the Arria II device and cannot be read out
through any interface. In addition, as configuration file read-back is not supported in
Arria II devices, your design information cannot be copied.
Security Against Reverse Engineering
Reverse engineering from an encrypted configuration file is very difficult and time
consuming because the Arria II configuration file formats are proprietary and the file
contains millions of bits which require specific decryption. Reverse engineering the
Arria II device is just as difficult because the device is manufactured on the most
advanced 40-nm process technology.
Security Against Tampering
After the Tamper Protection bit is set in the key programming file generated by the
Quartus II software, the Arria II device can only be configured with configuration
files encrypted with the same key. Tampering is prevented using both volatile and
non-volatile keys.
AES Decryption Block
The main purpose of the AES decryption block is to decrypt the configuration
bitstream prior to entering data decompression or configuration.
Prior to receiving encrypted data, you must enter and store the 256-bit security key in
the device. You can choose between a non-volatile security key and a volatile security
key with battery backup.
The security key is scrambled prior to storing it in the key storage to make it more
difficult for anyone to retrieve the stored key using de-capsulation of the device.
Arria II Device Handbook Volume 1: Device Interfaces and Integration
July 2012 Altera Corporation