Specifications

ManualsBrandsAltera ManualsComputer equipmentEthernet Blaster Communications Cable

June 2012 Altera Corporation

AN-556-2.1 Application Notes

QUARTUS and STRATIX words and logos are trademarks of Altera Corporation and registered in the U.S. Patent and Trademark

Office and in other countries. All other words and logos identified as trademarks or service marks are the property of their

respective holders as described at www.altera.com/common/legal.html. Altera warrants performance of its semiconductor

products to current specifications in accordance with Altera's standard warranty, but reserves the right to make changes to any

products and services at any time without notice. Altera assumes no responsibility or liability arising out of the application or use

of any information, product, or service described herein except as expressly agreed to in writing by Altera. Altera customers are

advised to obtain the latest version of device specifications before relying on any published information and before placing orders

for products or services.

101 Innovation Drive

San Jose, CA 95134

www.altera.com

ISO

9001:2008

Registered

Using the Design Security Features in

Altera FPGAs

This application note describes how you can use the design security features in

Altera

40- and 28-nm FPGAs to protect your designs against unauthorized copying,

reverse engineering, and tampering of your configuration files. This application note

provides the hardware and software requirements for the 40- and 28-nm FPGAs

design security features. This application note also provides steps for implementing a

secure configuration flow.

1 This application note uses the term “40-nm” or “28-nm” FPGAs. Table 1 lists the

supported FPGAs and its applicable devices.

This application note covers the following topics:

■ “Overview of the Design Security Feature” on page 2

■ “Hardware and Software Requirements” on page 5

■ “Steps for Implementing a Secure Configuration Flow” on page 6

■ “Supported Configuration Schemes” on page 25

■ “Security Mode Verification” on page 27

■ “Serial FlashLoader Support with Encryption Enabled” on page 29

■ “JTAG Secure Mode for 28-nm FPGAs” on page 32

■ “US Export Controls” on page 32

In the highly competitive commercial and military environments, design security is

an important consideration for digital designers. As FPGAs start to play a role in

larger and more critical system components, it is ever more important to protect the

designs from unauthorized copying, reverse engineering, and tampering. FPGAs

address these concerns with the ability to decrypt a configuration bitstream using the

256-bit Advanced Encryption Standard (AES) algorithm, an industry standard

encryption algorithm.

Table 1. Supported FPGAs

FPGA Devices

40 nm Arria

II and Stratix

28 nm Stratix V, Arria V, and Cyclone

Summary of content (34 pages)

PAGE 1
Using the Design Security Features in Altera FPGAs AN-556-2.1 Application Notes This application note describes how you can use the design security features in Altera® 40- and 28-nm FPGAs to protect your designs against unauthorized copying, reverse engineering, and tampering of your configuration files. This application note provides the hardware and software requirements for the 40- and 28-nm FPGAs design security features.
PAGE 2
Page 2 Overview of the Design Security Feature During device operation, FPGAs store configuration data in SRAM configuration cells. Because SRAM memory is volatile, the SRAM cells must be loaded with configuration data each time the device powers up. Configuration data is typically sent from an external memory source, such as a flash memory or a configuration device, to the FPGA. It is possible to intercept the configuration data when it is being sent from the memory source to the FPGA.
PAGE 3
Overview of the Design Security Feature Page 3 Security Encryption Algorithm FPGAs have a dedicated decryption block that uses the AES algorithm to decrypt configuration data using a user-defined 256-bit key. Prior to receiving the encrypted data, you must write the user-defined 256-bit key into the device. The AES algorithm is a symmetrical block cipher that encrypts and decrypts data in blocks of 256 bits.
PAGE 4
Page 4 Overview of the Design Security Feature c Enabling the tamper-protection bit disables the test mode in FPGAs. Disabling the test mode is irreversible and prevents Altera from carrying out failure analysis. To enable the tamper-protection bit, contact Altera Technical Support. f For more information about the available security modes in the 40-nm and the 28-nm FPGAs, refer to the Configuration, Design Security, and Remote System Upgrades chapter of the respective device handbook.
PAGE 5
Hardware and Software Requirements Page 5 Hardware and Software Requirements This section provides the hardware and software requirements for the FPGAs design security feature. When using this feature, a volatile or non-volatile key is stored in the FPGAs. The key is programmed before the FPGAs is configured and enters user mode. Hardware Requirements Table 5 lists the voltage specifications that you must follow for a successful key programming. Table 5.
PAGE 6
Page 6 Steps for Implementing a Secure Configuration Flow Steps for Implementing a Secure Configuration Flow To implement a secure configuration flow, follow these steps, which are shown in Figure 1: 1. Generate the .ekp file and encrypt the configuration data. The Quartus II configuration software always uses the user-defined 256-bit key to generate a key programming file and an encrypted configuration file.
PAGE 7
Steps for Implementing a Secure Configuration Flow Page 7 The .ekp file has different formats, depending on the hardware and system used for programming. There are three file formats supported by the Quartus II software: ■ JAM Byte Code (.jbc) file ■ Jam™ Standard Test and Programming Language (STAPL) Format (.jam) file ■ Serial Vector Format (.svf) file 1 Only the .ekp file type is generated automatically from the Quartus II software. You must create the .jam and .
PAGE 8
Page 8 Steps for Implementing a Secure Configuration Flow 7. On the File menu, click Convert Programming Files. The Convert Programming Files dialog box appears (Figure 2). Figure 2.
PAGE 9
Steps for Implementing a Secure Configuration Flow Page 9 Figure 3. SOF File Properties: Bitstream Encryption Dialog Box List the path and file name for the.ekp file Agree and acknowledge the disclaimer 1 For 28-nm FPGA device, only one 256-bit key is generated and programmed instead of the two 256-bit sequence. Only one key file is required for the 256-bit key. Unlike the 40-nm FPGA device, the other 256-bits are hard coded within the 28-nm FPGAs. Using the .
PAGE 10
Page 10 Steps for Implementing a Secure Configuration Flow Each valid key line has the following format: <256-bit hexadecimal key>, as shown in Figure 5. Figure 5. Example of a .key File The key identity is an alphanumeric name that is used to identify the keys (similar to the key file entry). The key is also the text displayed when the Show entered keys button is turned off (Figure 6). It is displayed together with the full key when Show entered keys is turned on (Figure 7).
PAGE 11
Steps for Implementing a Secure Configuration Flow Page 11 Select the Key Entry Method to enter the encryption key either with the on-screen keypad or keyboard (Figure 8). Figure 8. Key Entry Method The on-screen keypad allows you to enter the keys using the keypad shown in Figure 9. Select a key and click on the on-screen keypad to enter values. You have the option of allowing the keys to be shown as they are entered; if this option is used, you do not need to confirm the keys. Figure 9.
PAGE 12
Page 12 Steps for Implementing a Secure Configuration Flow 1 While the on-screen keypad is being used, any attempt to use the keyboard to enter the keys generates a pop-up notification and the key press is ignored. Alternatively, you can enter the encryption key from the keyboard (Figure 10). Figure 10. Keyboard Enter the encryption key from the keyboard a. Read the design security feature disclaimer.
PAGE 13
Steps for Implementing a Secure Configuration Flow Page 13 9. On the Tools menu, click Programmer. The Programmer dialog box appears (Figure 12). Figure 12. Programmer Dialog Box 10. In the Mode list, select JTAG as the programming mode. 11. Click Hardware Setup. The Hardware Setup dialog box appears. a. In the currently selected hardware list, select EthernetBlaster as the programming hardware. b. Click Done. 12. Click Add File. The Select Programmer File dialog box appears. a. Type .
PAGE 14
Page 14 Steps for Implementing a Secure Configuration Flow 14. On the File menu, point to Create/Update and click Create JAM, SVF, or ISC File. The Create JAM, SVF or ISC File dialog box appears (Figure 13). Figure 13. Create .jam File from Single-Device .ekp File List the file name for the .jam file Select the .jam file format 15. Select the file format required (JEDEC STAPL Format [.jam]), for the .ekp file in the File format field. 16.
PAGE 15
Steps for Implementing a Secure Configuration Flow Page 15 19. Click OK. 20. Repeat Steps 15–17 to generate a .svf file of the .ekp file. Use the default setting in the Create JAM, SVF, or ISC File dialog box when generating a .svf file of the .ekp file (Figure 15). Figure 15. Create .svf From Single-Device .ekp File List the file name for the .svf file Select the .svf file format How to Generate the Single-Device .
PAGE 16
Page 16 Steps for Implementing a Secure Configuration Flow Example 2 shows two sets of keys that are stored in the same key file: key1 and key2 in key12.key. Example 2. quartus_cpf --key D:\SIV_DS\key12.key:key1:key2 D:\SIV_DS\test.sof D:\SIV_DS\test.ekp How to Generate the Multi-Device .ekp File and Encrypt the Configuration File using Quartus II Software Perform the following steps to generate a multi-device .ekp file and encrypt your configuration file: 1. Start the Quartus II software. 2.
PAGE 17
Steps for Implementing a Secure Configuration Flow Page 17 6. On the File menu, point to Create/Update and click Create JAM, SVF, or ISC File. The Create JAM, SVF, or ISC File dialog box appears (Figure 16). Figure 16. Multi-Device Key Programming: .jam File Generation Example of two Stratix IV devices in one JTAG chain Select the .jam file format 7. Select the required file format (.jam), for all the .ekp files in the File format field. 8.
PAGE 18
Page 18 Steps for Implementing a Secure Configuration Flow 12. Repeat Steps 7–9 to generate a .svf file for all the .ekp files. Use the default setting in the Create JAM, SVF, or ISC File dialog box when generating a .svf file of the .ekp file (Figure 17). Figure 17. Multi-Device Key Programming: .
PAGE 19
Steps for Implementing a Secure Configuration Flow Page 19 Step 2b: Program the Non-Volatile Key into the FPGAs Before programming the non-volatile key into the devices, ensure that you can successfully configure the FPGA with an unencrypted configuration file. The non-volatile key is one-time programmable through the JTAG interface. You can program the non-volatile key into the devices without an external battery.
PAGE 20
Page 20 Steps for Implementing a Secure Configuration Flow How to Perform Single-Device Volatile or Non-Volatile Key Programming Using Quartus II Software To perform single-device volatile or non-volatile key programming using the Quartus II software through the EthernetBlaster, perform the following steps: 1. Check the firmware version of the EthernetBlaster. Verify that the JTAG firmware build number is 101 or greater. If the version precedes build number 101, apply the firmware upgrade.
PAGE 21
Steps for Implementing a Secure Configuration Flow Page 21 5. Click Hardware Setup. The Hardware Setup dialog box appears. a. In the Currently selected hardware list, select EthernetBlaster as the programming hardware. b. Click Done. 6. Click Add File. The Select Programmer File dialog box appears. a. Type .ekp in the File name field. b. Click Open. 7. Highlight the .ekp file you added and click Program/Configure (Figure 20). Figure 20.
PAGE 22
Page 22 Steps for Implementing a Secure Configuration Flow 12. The Quartus II software message window provides information about the success or failure of the key programming operation. Figure 21.
PAGE 23
Steps for Implementing a Secure Configuration Flow Page 23 How to Perform Multi-Device Volatile or Non-Volatile Key Programming Using Quartus II Software To perform multi-device volatile or non-volatile key programming using the Quartus II software through the EthernetBlaster, perform the following steps: 1. Repeat Steps 1–5 in “How to Perform Single-Device Volatile or Non-Volatile Key Programming Using Quartus II Software” on page 20. 2. Click Add File.
PAGE 24
Page 24 Steps for Implementing a Secure Configuration Flow 4. Click Start to program the key (Figure 23). 1 The Quartus II software message window provides information about the success or failure of the key programming operation. Figure 23. Multi-Device Key Programming with .
PAGE 25
Supported Configuration Schemes Page 25 Key Programming Using JTAG Technologies The key programming for your design is performed using a .svf file (.ekp file in .svf format) and a JT 37xx boundary scan controller in combination with a JT 2147 QuadPod system. f Procedures for JTAG programming are found on the JTAG Technologies website at www.jtag.com. Information about creating a .svf file to support multi-device programming is described in “How to Generate the Multi-Device .
PAGE 26
Page 26 Supported Configuration Schemes Table 6. Availability of Security Configuration Schemes (Part 2 of 2) Configuration Scheme JTAG Configuration Method Download cable Design Security — (3) Notes to Table 6: (1) In this mode, the host system must send a DCLK signal that is 4x the data rate. (2) The MicroBlaster™ tool is required to execute encrypted PS configuration using a .rbf through ByteBlaster II or ByteBlasterMV™ download cable.
PAGE 27
Security Mode Verification Page 27 Security Mode Verification FPGAs support the KEY_VERIFY JTAG instruction that allows you to verify the existing security mode of the device. To check if you have successfully programmed the volatile key, use the .jam files to automate the security mode verification steps.
PAGE 28
Page 28 Security Mode Verification Table 9. Security Mode Verification for 28-nm FPGAs (Part 2 of 2) Security Mode Bit 0 Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Bit 6 Bit 7 Bit 8 Non-volatile key 0 1 1 1 0 1 0 0 0 Non-volatile key with tamper protection bit 0 1 1 1 0 1 0 0 0 Example 3, Example 4, and Example 5 show the .jam files to verify the FPGAs security modes. Example 3.
PAGE 29
Serial FlashLoader Support with Encryption Enabled Page 29 Serial FlashLoader Support with Encryption Enabled Altera provides an in-system programming solution for serial configuration devices called Serial FlashLoader (SFL). The SFL megafunction is available with the Quartus II software version 6.0 SP1 or later.
PAGE 30
Page 30 Serial FlashLoader Support with Encryption Enabled 4. Follow these steps to convert a .sof to a .jic file: a. On the File menu, choose Convert Programming Files. b. In the Convert Programming Files dialog box, scroll to the JTAG Indirect Configuration File (.jic) from the Programming file type field. c. In the Configuration device field, specify the serial configuration device. d. In the File name field, browse to the target directory and specify an output file name. e. Highlight the .
PAGE 31
Serial FlashLoader Support with Encryption Enabled Page 31 To encrypt the .sof file, refer to Step 7 in “How to Generate the Single-Device .ekp File and Encrypt the Configuration File using Quartus II Software” on page 7. j. Highlight FlashLoader and click Add Device (Figure 25). Figure 25. FlashLoader Add the FlashLoader bridge of the required FPGA k. Click OK. The Select Devices page appears. l. Select the target FPGA that you are using to program the serial configuration device. m. Click OK. 5.
PAGE 32
Page 32 JTAG Secure Mode for 28-nm FPGAs 7. The encrypted FPGA is then configured by the programmed serial configuration device. 1 To program the key with a .jam file, you must convert the .jic file to a .jam file. f For more information about converting a .jic file to a .jam file, refer to the Converting JIC Files to JAM Files in the Quartus II Software section in AN 370: Using the Serial FlashLoader With the Quartus II Software.
PAGE 33
Document Revision History Page 33 Document Revision History Table 10 lists the revision history for this application note. Table 10. Document Revision History Date June 2012 June 2011 June 2009 March 2009 Version 2.1 2.0 1.1 1.0 June 2012 Altera Corporation Changes ■ Updated Table 1 and Table 3. ■ Updated .ekp file verification error information. ■ Updated “Hardware Requirements” section. ■ Updated application note for the Quartus II software version 11.0 release.
PAGE 34
Page 34 Using the Design Security Features in Altera FPGAs Document Revision History June 2012 Altera Corporation