Specifications
Security LevelDevice Accepts
Encrypted File
Device Accepts
Unencrypted File
Tamper Protection
Bit Setting
Security Mode
Secure with tamper
resistant
YesNoSetVolatile Key with
Tamper Protection Bit
Set
SecureYesYes—Non-volatile Key
Secure with tamper
resistant
YesNoSetNon-volatile Key with
Tamper Protection Bit
Set
The use of unencrypted configuration bitstream in the volatile key and non-volatile key security modes is
supported for board-level testing only.
For the volatile key with tamper protection bit set security mode, Cyclone V devices do not accept
the encrypted configuration file if the volatile key is erased. If the volatile key is erased and you want
to reprogram the key, you must use the volatile key security mode.
Note:
Enabling the tamper protection bit disables the test mode in Cyclone V devices and disables programming
through the JTAG interface. This process is irreversible and prevents Altera from carrying out failure analysis.
Design Security Implementation Steps
Figure 7-24: Design Security Implementation Steps
AES Key
Programming File
Key Storage
Encrypted
Configuration
File
AES Encryptor
Quartus II Software
Memory or
Configuration
Device
FPGA Device
AES Decryption
Step 3
Step 1
Step 1
Step 2
256-bit User-Defined
Key
Step 4
To carry out secure configuration, follow these steps:
1. The Quartus II software generates the design security key programming file and encrypts the configuration
data using the user-defined 256-bit security key.
2. Store the encrypted configuration file in the external memory.
3. Program the AES key programming file into the Cyclone V device through a JTAG interface.
4. Configure the Cyclone V device. At the system power-up, the external memory device sends the encrypted
configuration file to the Cyclone V device.
Configuration, Design Security, and Remote System Upgrades in Cyclone V Devices
Altera Corporation
Send Feedback
CV-52007
Design Security Implementation Steps
7-36
2013.06.11