Intel® Quartus® Prime Pro Edition User Guide: Partial Reconfiguration

ID 683834
Date 10/04/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

1.11.3. PR Bitstream Encryption ( Intel® Stratix® 10 Designs)

PR bitstream encryption helps protect the bitstream. You can configure each PR region with multiple PR bitstream files. Any of these files may contain sensitive or valuable data that encryption can protect. PR bitstream encryption allows you to encrypt the static region and all associated bitstreams using the same AES root key.
Note: PR bitstream authentication is a prerequisite of PR bitstream encryption use. You must enable PR bitstream authentication before using PR bitstream encryption.

In PR bitstream encryption, you must first configure the device with the encrypted base bitstream. Next, you configure one or more partial reconfiguration regions with the encrypted PR bitstream. The encrypted PR bitstream must match the configured static region.

You also can configure the signed PR bitstream after the first encrypted base bitstream configuration. For all subsequent partial reconfigurations, both the signed and encrypted PR bitstreams are supported.

PR bitstream encryption requires the following prerequisite conditions:

  • The Base and PR designs must share the same authentication key.
  • The Base and PR designs must share the same encryption key.
  • All PR regions must be encrypted or none. A combination of encrypted and non-encrypted designs is unsupported.
  • When you enable authentication, both the base and the PR design must be authenticated. This requirement ensures that only authorized users can provide the full or PR bitstream to the owned FPGA device.
  • When you enable authentication or encryption, the Intel® Quartus® Prime Assembler skips the auto-generation of .rbf files for PR designs, and only generates the .pmsf file.
Note: For bitstream encryption details, refer to the Intel® Stratix® 10 Device Security User Guide.