Specifications
Page 2 Overview of the Design Security Feature
Using the Design Security Features in Altera FPGAs June 2012 Altera Corporation
During device operation, FPGAs store configuration data in SRAM configuration
cells. Because SRAM memory is volatile, the SRAM cells must be loaded with
configuration data each time the device powers up. Configuration data is typically
sent from an external memory source, such as a flash memory or a configuration
device, to the FPGA. It is possible to intercept the configuration data when it is being
sent from the memory source to the FPGA. You can use the intercepted configuration
data to configure another FPGA.
FPGAs offer both volatile and non-volatile key storage. The key is stored in FPGAs
when using the design security feature. Depending on the security mode, you can
configure the FPGAs with a configuration file that is encrypted with the same key, or
for board testing, configure with a normal configuration file.
The design security feature is available when configuring the FPGAs with the fast
passive parallel (FPP) configuration mode with an external host (such as a MAX
®
II or
MAX V device or microprocessor) or when using active serial (AS) or passive serial
(PS) configuration schemes.
f For more information, refer to the Configuration, Design Security, and Remote System
Upgrades chapter in the respective device handbook.
Overview of the Design Security Feature
The design security feature for FPGAs protects against unauthorized copying, reverse
engineering, and tampering.
Table 2 lists some of the design approaches to make the solution secure.
Table 2. Design Security Approach for FPGAs
Design Approach 40-nm FPGA 28-nm FPGA
Non-volatile key
The non-volatile key is stored in polyfuses under layers of metals among other
polyfuses; thus determining the functionality of a particular fuse by simple visual
inspection is difficult. Moreover, additional physical security is designed around the
polyfuses to provide further security.
Configuration file readback
support
FPGAs do not support configuration file readback. This prevents attempts to read back
the configuration file after it is decrypted.
256-bit sequence requirement
Two 256-bit sequences are required to
generate the 256-bit key and to program
the key into the 40-nm FPGAs. You cannot
copy the FPGA design by programming a
256-bit key into another FPGA and
configuring it with an encrypted
configuration file. It is virtually impossible
to generate the two 256-bit sequences
from the key.
Only one 256-bit key is generated and
programmed instead of the two 256-bit
sequences. The other 256 bits are hard
coded within the 28-nm FPGAs.
Non-volatile key with
tamper-protection bit set
For the non-volatile key with tamper-protection bit set, the polyfuses used to store the
key are non-volatile and one-time programmable. No battery is required. After the FPGAs
are programmed with the key, you can only configure the device with configuration files
encrypted with the same key. Attempts to configure the device with an unencrypted
configuration file or a configuration file encrypted with the wrong key results in
configuration failure. Therefore, tampering of the design file can be detected.