AN 759: Using Secure Boot in Intel® Arria® 10 SoC Devices

ID 683060
Date 3/29/2021
Document Table of Contents

How can I configure the Intel® Arria® 10 SoC device so that it always performs authentication or authentication and decryption?

You can ensure that the Intel® Arria® 10 SoC device always performs a signed authentication check or an authentication check with runtime decryption by programming the device fuses for these features and by using the required security keys. Specifically, you must:
  • Program the aes_en_f fuse so that an AES decryption of a flash image is always performed.
  • Program the kak_src_f fuse to indicate where the key authorization key (KAK) resides.
  • Program the kak_len_f fuse to configure the length of the KAK.
  • Program the authen_en_f fuse so that HPS authentication is required for all flash images prior to execution.
  • Program the security authorization key in the location you have selected.