Cyclone® V Device Handbook: Volume 1: Device Interfaces and Integration

ID 683375
Date 10/18/2023
Document Table of Contents

7.13. Design Security

The Cyclone® V design security feature supports the following capabilities:

  • Enhanced built-in advanced encryption standard (AES) decryption block to support 256-bit key industry-standard design security algorithm (FIPS-197 Certified)
  • Volatile and non-volatile key programming support
  • Secure operation mode for both volatile and non-volatile key through tamper protection bit setting
  • Limited accessible JTAG instruction during power-up in the JTAG secure mode
  • Supports board-level testing
  • Supports in-socket key programming for non-volatile key
  • Available in all configuration schemes except JTAG
  • Supports both remote system upgrades and compression features

The Cyclone® V design security feature provides the following security protection for your designs:

  • Security against copying—the security key is securely stored in the Cyclone® V device and cannot be read out through any interface. In addition, as configuration file read-back is not supported in Cyclone® V devices, your design information cannot be copied.
  • Security against reverse engineering—reverse engineering from an encrypted configuration file is very difficult and time consuming because the Cyclone® V configuration file formats are proprietary and the file contains millions of bits that require specific decryption.
  • Security against tampering—After you set the tamper protection bit, the Cyclone® V device can only accept configuration files encrypted with the same key. Additionally, programming through the JTAG interface and configuration interface is blocked.

When you use compression with the design security feature, the configuration file is first compressed and then encrypted using the Intel® Quartus® Prime software. During configuration, the device first decrypts and then decompresses the configuration file.

When you use design security with Cyclone® V devices in an FPP configuration scheme, it requires a different DCLK-to-DATA[] ratio.