AN 763: Intel® Arria® 10 SoC Device Design Guidelines

ID 683192
Date 5/17/2022
Document Table of Contents
Give Feedback

5.1.13. Security Design Considerations

The Intel® Arria® 10 SoC provides a framework for implementing secure systems through a layered hardware and software solution. When designing a secure system, you can implement several security levels depending on your system's security requirements.

GUIDELINE: Determine which parts of your design must be encrypted. Determine which parts of your design must be authenticated.

Secure Boot – Chain Of Trust and Image Authentication

Secure Boot ensures that a Chain of Trust is established for all boot stages. Each boot stage must authenticate subsequent stages prior to loading and executing by verifying the image's signed certificate.

The boot stages can span from the initial Second Stage Bootloader to the final application loaded by the OS.

Figure 22. Secure Boot - Chain of Trust and Image Authentication

For more information, refer to the Intel® Arria® 10 SoC Secure Boot User Guide.

Securing the Design IP - AES Encryption

To secure the FPGA design IP, use AES encryption. Encrypt the design IP before storing it on the intended boot device storage area. If the AES security keys are verified by the SoC, then the image is decrypted during configuration load time.

Figure 23. AES Encryption

Secured Boot and IP - Authentication and Encryption

This level offers the most security because all runtime SW and Data IP is authenticated and successfully decrypted during system bring up.


This Security Level uses a defined logic to post notification when an attempt to tamper the device has been detected.