Chapter 9: Configuration, Design Security, and Remote System Upgrades in the Cyclone III Device Family
9–73
Design Security
The Cyclone III LS design security feature provides routing architecture optimization
for design separation flow with the Quartus II software. Design separation flow
achieves both physical and functional isolation between design partitions.
f
For more information about the design separation flow, refer to AN 567: Quartus II
Design Separation Flow.
You can carry out secure configuration in Steps 1–3, as shown in Figure 9–31:
1. Generate the encryption key programming file and encrypt the configuration data.
The Quartus II configuration software uses the user-defined 256-bit volatile keys
to generate a key programming file and an encrypted configuration file. The
encrypted configuration file is stored in an external memory, such as a flash
memory or a configuration device.
2. Program the volatile key into the Cyclone III LS device.
Program the user-defined 256-bit volatile keys into the Cyclone III LS device
through the JTAG interface.
3. Configure the Cyclone III LS device.
At system power-up, the external memory device sends the encrypted
configuration file to the Cyclone III LS device.
(1)
Figure 9–31. Cyclone III LS Secure Configuration Flow
Step 1. Generate the Encryption Key Programming File
Encrypt Configuration Data and Store in External Memory
Step 3. Configure the Cyclone III LS Device
Using Encrypted Configuration Data
Encrypted
Configuration
Data
FPGA
Encrypted
Configuration
Data
AES
Decryptor
Quartus II
Memory
Storage
Configuration
Data
AES
Encrypted
Configuration
Data
Encryptor
Encryption Key
Programming File
Volatile
Key Storage
Volatile Key
Volatile Key
Step 2. Program Volatile Key into
Cyclone III LS Device
Note to Figure 9–31:
(1) Step 1, Step 2, and Step 3 correspond to the procedure detailed in “Cyclone III LS Design Security Solution”.
Available Security Modes
There are several security modes available on Cyclone III LS devices, they are:
Volatile Key
No Key Operation
FACTORYMode
■
■
■
Volatile Key
Secure operation with volatile key programmed and required external battery—this
mode accepts both encrypted and unencrypted configuration bitstreams. Use the
unencrypted configuration bitstream support for board-level testing only.
August 2012 Altera Corporation
Cyclone III Device Handbook
Volume 1