Manualshelf

Specifications

ManualsBrandsAltera ManualsComputer equipmentEthernet Blaster Communications Cable
12345678910
Overview of the Design Security Feature Page 3
Using the Design Security Features in Altera FPGAsJune 2012 Altera Corporation
Security Encryption Algorithm
FPGAs have a dedicated decryption block that uses the AES algorithm to decrypt
configuration data using a user-defined 256-bit key. Prior to receiving the encrypted
data, you must write the user-defined 256-bit key into the device.
The AES algorithm is a symmetrical block cipher that encrypts and decrypts data in
blocks of 256 bits. The encrypted data is subject to a series of transformations that
includes byte substitutions, data mixing, data shifting, and key additions.
FPGAs contain an AES decryptor block that uses the AES algorithm to decrypt the
configuration data prior to configuring the FPGA device. If the security feature is not
used, the AES decryptor is bypassed. The FPGAs AES implementation is validated as
conforming to the Federal Information Processing Standards FIPS-197.
f For more information about the AES algorithm, refer to the Federal Information
Processing Standards Publication FIPS-197 or the AES Algorithm (Rijndael) Information at
http://csrc.nist.gov.
f For more information about the AES validation for FPGAs, refer to the Advanced
Encryption Standard Algorithm Validation List published by the National Institute of
Standards and Technology (NIST) at http://csrc.nist.gov.
Non-Volatile and Volatile Key Storage
FPGAs offer both volatile and non-volatile key storage. The volatile key storage
requires battery backup to allow the key to be updated, while the non-volatile key
storage allows only one key to be programmed but does not require a battery.
1 Examples of lithium coin-cell type batteries that are used for volatile key storage
purposes are BR1220 (–30°C to +80°C) and BR2477A (–40°C to +125°C).
Table 3 lists a comparison of volatile and non-volatile key storage.
Table 3. Volatile and Non-Volatile Key Comparison
Option Volatile Key Non-Volatile Key
Key Length 256 bits 256 bits
Key Programmability Reprogrammable and erasable key One-time programmable key
External Battery Required Not required
Key Programming Method
(1)
On-board Both on-board and off-board
Design Protection
(2)
Secure against copying, reverse engineering, and tampering
(3)
Notes to Table 3:
(1) Key programming is carried out through JTAG interface.
(2) The volatile key tamper-protection is only available for Arria II GX, Stratix V, Arria V, and Cyclone V devices.
(3) Tampering is prevented only when the volatile key tamper-protection bit is set, thus preventing configuration with unencrypted Programmer
Object Files (.pof) files.