1.21. Device Configuration and Secure Device Manager (SDM)
All Intel® Stratix® 10 MX devices contain a Secure Device Manager (SDM), which is a dedicated triple-redundant processor that serves as the point of entry into the device for all JTAG and configuration commands. The SDM also bootstraps the HPS in SoC devices ensuring that the HPS can boot using the same security features that the FPGA devices have.
During configuration, Intel® Stratix® 10 MX devices are divided into logical sectors, each of which is managed by a local sector manager (LSM). The SDM passes configuration data to each of the LSMs across the on-chip configuration network. This allows the sectors to be configured independently, one at a time, or in parallel. This approach achieves simplified sector configuration and reconfiguration, as well as reduced overall configuration time due to the inherent parallelism. The same sector-based approach is used to respond to single-event upsets and security attacks.
While the sectors provide a logical separation for device configuration and reconfiguration, they overlay the normal rows and columns of FPGA logic and routing. This means there is no impact to the Intel® Quartus® Prime software place and route, and no impact to the timing of logic signals that cross the sector boundaries.
The SDM enables robust, secure, fully-authenticated device configuration. It also allows for customization of the configuration scheme, which can enhance device security. For configuration and reconfiguration, this approach offers a variety of advantages:
- Dedicated secure configuration manager
- Reduced device configuration time, because sectors are configured in parallel
- Updateable configuration process
- Reconfiguration of one or more sectors independent of all other sectors
- Zeroization of individual sectors or the complete device