Chapter 9: Configuration, Design Security, and Remote System Upgrades in the Cyclone III Device Family
9–71
Design Security
Security Against Copying
The volatile key is securely stored in the Cyclone III LS device and cannot be read out
through any interfaces. The information of your design cannot be copied because the
configuration file read-back feature is not supported in Cyclone III LS devices.
Security Against Reverse Engineering
Reverse engineering from an encrypted configuration file is very difficult and time
consuming because Cyclone III LS configuration file formats are proprietary and the
file contains million of bits which require specific decryption. Reverse engineering the
Cyclone III LS device is just as difficult because the device is manufactured on the
advanced 60-nm process technology.
Security Against Tampering
Cyclone III LS devices support the following anti-tamper features:
■
■
■
Ability to limit JTAG instruction set and provides protection against configuration
data readback over the JTAG port
Ability to clear contents of FPGA logic, configuration memory, user memory, and
volatile key
Error detection (ED) cycle indicator to core Cyclone III LS devices provide a pass
or fail indicator at every ED cycle and visibility over intentional or unintentional
change of CRAM bits.
f
f
For more information about anti-tamper protection for Cyclone III LS devices, refer to
AN 593: Anti-Tamper Protection for Cyclone III LS Devices.
For more information about the implementation of secure configuration flow in
Quartus II, refer to AN 589: Using Design Security Feature in Cyclone III LS Devices.
AES Decryption Block
The main purpose of the AES decryption block is to decrypt the configuration
bitstream prior to entering configuration. Prior to receiving encrypted data, you must
enter and store the 256-bit volatile key in the device with battery backup. The key is
scrambled prior to storing it in the key storage to make it more difficult for anyone to
retrieve the stored key using de-capsulation of the device.
Key Storage
Cyclone III LS devices support volatile key programming. Table 9–24 lists the volatile
key features.
Table 9–24. Security Key Features (Part 1 of 2)
Volatile Key Features
Key programmability
Description
Reprogrammable and erasable
Required
External battery
(1)
Key programming method
On-board
August 2012 Altera Corporation
Cyclone III Device Handbook
Volume 1