AN 556: Using the Design Security Features in Intel FPGAs

ID 683269
Date 5/21/2021
Document Table of Contents

Steps to Enable Tamper-Protection Bit Programming

The default .ekp file generated in the Steps for Implementing a Secure Configuration Flow section contains only volatile or non-volatile key programming. To enable the tamper-protection bit programming, follow these steps:

  1. Create a quartus.ini file using the text editor, with this key-value pair: PGM_GEN_KEY_SECURE_EKP=ON.
  2. Save the quartus.ini in one of the following folders:
    • Project folder
    • <Quartus installation folder>\bin64 folder for Windows OS
    • <Quartus installation folder>/linux64 folder for Linux OS
  3. When the Intel® Quartus® Prime Convert Programming File tool read the quartus.ini during .ekp file generation process, the additional tamper-protection bit programming instruction is inserted into the generated .ekp file.
    The .ekp file generated with this quartus.ini contain tamper-protection bit programming. When the .ekp file is used to program into the devices, the tamper-protection bit is programmed, and this programming is not reversible. You need to manage the .ekp file to avoid unintentional programming of tamper-protection bit into your device.
    As the .ekp file contains the tamper bit programming instruction, therefore if you generate .jam or .svf files from this .ekp file for key programming, the .jam or .svf files program the tamper-protection bit without the need for the quartus.ini with the specified key-value pair.

Did you find the information on this page useful?

Characters remaining:

Feedback Message