AN 556: Using the Design Security Features in Intel FPGAs

ID 683269
Date 5/21/2021
Document Table of Contents
Give Feedback

Security Levels of Qcrypt Tool Security Option

The Qcrypt tool allows the flexibility to determine the security level of the security options in Table 8. You can choose the minimum or maximum requirement by specifying the level of security from 0 to 3.

Table 9.  Qcrypt Tool Security Option Security Levels
Security Level Descriptions
0 The security feature is not enabled unless by the corresponding OTP fuse.
1 The security feature is enabled from the start of the current full- or partial-reconfiguration until the start of the next full configuration.
2 The security feature is enabled until the next power-on-reset. Additionally, configuration does not proceed if any action normally prevented by the security feature has taken place since the last power-on-reset.
3 Configuration does not proceed unless the security feature has been permanently enabled by blowing the corresponding fuses in the device.

The security level of 2 provides a level of security almost as powerful as setting the corresponding OTP security fuse, but with some flexibility. For example, the use of JTAG may be required for manufacturing test or debug, but you may want to totally disable JTAG while a secured (encrypted) bit-stream is loaded in the device. Furthermore, you may not want to load a secured bit-stream into a device that had previously been probed with any kind of JTAG command.

Intel® recommends that you use the strictest security level for each option that is consistent with your design requirements.

Note: You can find information on the Qcrypt tool by using the --help option.