Agilex™ 7 FPGAs and SoCs Device Overview

ID 683458
Date 4/01/2024
Document Table of Contents

1.19. Device Configuration and Secure Device Manager (SDM)

All Intel® Agilex™ devices contain a Secure Device Manager (SDM), which is a dedicated triple-redundant processor that serves as the point of entry into the device for all JTAG and configuration commands. The latest SDM also supports clients wanting to certify their systems to meet the layer 2 standard compliance.33.

The SDM bootstraps the HPS in SoC devices ensuring that the HPS can boot using the same security features that the FPGA devices have.

Figure 15. SDM Block Diagram

During configuration, Intel® Agilex™ devices are divided into logical sectors, each of which is managed by a local sector manager (LSM). The SDM passes configuration data to each of the LSMs across the on-chip configuration network. This allows the sectors to be configured independently, one at a time, or in parallel. This approach achieves simplified sector configuration and reconfiguration, as well as reduced overall configuration time due to the inherent parallelism. The same sector-based approach is used to respond to single-event upsets and security attacks.

While the sectors provide a logical separation for device configuration and reconfiguration, they overlay the normal rows and columns of FPGA logic and routing. This means there is no impact to the Intel® Quartus® Prime software place and route, and no impact to the timing of logic signals that cross the sector boundaries.

The SDM enables robust, secure, fully-authenticated device configuration. It also allows for customization of the configuration scheme, which can enhance device security. For configuration and reconfiguration, this approach offers a variety of advantages:

  • Dedicated secure configuration manager
  • Reduced device configuration time, because sectors are configured in parallel
  • Update-able configuration process
  • Partial Reconfiguration
  • Remote System Update
  • Zeroization of individual sectors or the complete device

The SDM also provides additional capabilities such as register state readback and writeback to support ASIC prototyping and other applications.

33 The following Intel® Agilex™ devices enable system certification to FIPS140-3 compliance: AGF 019, AGF 023, AGF 040, AGI 019, AGI 023, AGI 035, AGI 040, AGM 032, and AGM 039.