MAX® 10 FPGA Configuration User Guide

Download PDF
ID 683865
Date 5/14/2025
Public
Document Table of Contents
Document Table of Contents x
1. MAX® 10 FPGA Configuration Overview 2. MAX® 10 FPGA Configuration Schemes and Features 3. MAX® 10 FPGA Configuration Design Guidelines 4. MAX® 10 FPGA Configuration IP Core Implementation Guides 5. Dual Configuration Intel® FPGA IP Core References 6. Unique Chip ID Intel® FPGA IP Core References 7. Document Revision History for the MAX® 10 FPGA Configuration User Guide
2. MAX® 10 FPGA Configuration Schemes and Features x
2.1. Configuration Schemes 2.2. Configuration Features 2.3. Configuration Details
2.1. Configuration Schemes x
2.1.1. JTAG Configuration 2.1.2. Internal Configuration
2.1.1. JTAG Configuration x
2.1.1.1. JTAG Pins
2.1.2. Internal Configuration x
2.1.2.1. Internal Configuration Modes 2.1.2.2. Configuration Flash Memory 2.1.2.3. In-System Programming 2.1.2.4. Initialization Configuration Bits 2.1.2.5. Internal Configuration Time
2.1.2.2. Configuration Flash Memory x
2.1.2.2.1. Configuration Flash Memory Sectors 2.1.2.2.2. Configuration Flash Memory Programming Time
2.1.2.3. In-System Programming x
2.1.2.3.1. ISP Clamp 2.1.2.3.2. Real-Time ISP 2.1.2.3.3. ISP and Real-Time ISP Instructions
2.2. Configuration Features x
2.2.1. Remote System Upgrade 2.2.2. Configuration Design Security 2.2.3. SEU Mitigation and Configuration Error Detection 2.2.4. Configuration Data Compression
2.2.1. Remote System Upgrade x
2.2.1.1. Remote System Upgrade Flow 2.2.1.2. Remote System Upgrade Circuitry 2.2.1.3. User Watchdog Timer 2.2.1.4. Dual Configuration Intel® FPGA IP Core
2.2.1.2. Remote System Upgrade Circuitry x
2.2.1.2.1. Remote System Upgrade Circuitry Signals 2.2.1.2.2. Remote System Upgrade Circuitry Input Control 2.2.1.2.3. Remote System Upgrade Input Register 2.2.1.2.4. Remote System Upgrade Status Registers 2.2.1.2.5. Master State Machine
2.2.2. Configuration Design Security x
2.2.2.1. AES Encryption Protection 2.2.2.2. Unique Chip ID 2.2.2.3. JTAG Secure Mode 2.2.2.4. Verify Protect 2.2.2.5. JTAG Instruction Availability 2.2.2.6. Configuration Flash Memory Permissions
2.2.2.1. AES Encryption Protection x
2.2.2.1.1. Encryption and Decryption
2.2.2.2. Unique Chip ID x
2.2.2.2.1. Unique Chip ID Intel® FPGA IP Core
2.2.2.3. JTAG Secure Mode x
2.2.2.3.1. JTAG Secure Mode Instructions
2.2.2.6. Configuration Flash Memory Permissions x
2.2.2.6.1. Flash Region Access Control and Immutability
2.2.3. SEU Mitigation and Configuration Error Detection x
2.2.3.1. Configuration Error Detection 2.2.3.2. User Mode Error Detection 2.2.3.3. Error Detection Timing 2.2.3.4. Recovering from CRC Errors
2.2.3.2. User Mode Error Detection x
2.2.3.2.1. Error Detection Block 2.2.3.2.2. CHANGE_EDREG JTAG Instruction
2.2.3.3. Error Detection Timing x
2.2.3.3.1. Error Detection Frequency 2.2.3.3.2. Cyclic Redundancy Check Calculation Timing
2.3. Configuration Details x
2.3.1. Configuration Sequence 2.3.2. MAX® 10 Configuration Pins
2.3.1. Configuration Sequence x
2.3.1.1. Power-up 2.3.1.2. Configuration 2.3.1.3. Configuration Error Handling 2.3.1.4. Initialization 2.3.1.5. User Mode
2.3.1.1. Power-up x
2.3.1.1.1. POR Monitored Voltage Rails for Single-supply and Dual-supply MAX® 10 Devices 2.3.1.1.2. Monitored Power Supplies Ramp Time Requirement for MAX® 10 Devices
3. MAX® 10 FPGA Configuration Design Guidelines x
3.1. Dual-Purpose Configuration Pins 3.2. Configuring MAX® 10 Devices using JTAG Configuration 3.3. Configuring MAX® 10 Devices using Internal Configuration 3.4. Implementing ISP Clamp in Quartus® Prime Software 3.5. Accessing Remote System Upgrade through User Logic 3.6. Error Detection 3.7. Enabling Data Compression 3.8. AES Encryption 3.9. MAX® 10 JTAG Secure Design Example
3.1. Dual-Purpose Configuration Pins x
3.1.1. Guidelines: Dual-Purpose Configuration Pin 3.1.2. Enabling Dual-Purpose Pin
3.1.1. Guidelines: Dual-Purpose Configuration Pin x
3.1.1.1. JTAG Pin Sharing Behavior
3.2. Configuring MAX® 10 Devices using JTAG Configuration x
3.2.1. Auto-Generating Configuration Files for Third-Party Programming Tools 3.2.2. Generating Third-Party Programming Files 3.2.3. JTAG Configuration Setup 3.2.4. ICB Settings in JTAG Configuration
3.2.2. Generating Third-Party Programming Files x
3.2.2.1. Generating Third-Party Programming Files using Quartus® Prime Programmer 3.2.2.2. Generating Third-Party Programming Files using Command Line
3.3. Configuring MAX® 10 Devices using Internal Configuration x
3.3.1. Selecting Internal Configuration Modes 3.3.2. .pof and ICB Settings 3.3.3. Programming .pof into Internal Flash
3.3.2. .pof and ICB Settings x
3.3.2.1. Auto-Generated .pof 3.3.2.2. Generating .pof using Convert Programming Files 3.3.2.3. Generating Third-Party Programming Files
3.4. Implementing ISP Clamp in Quartus® Prime Software x
3.4.1. Creating IPS File 3.4.2. Executing IPS File
3.6. Error Detection x
3.6.1. Verifying Error Detection Functionality 3.6.2. Enabling Error Detection 3.6.3. Accessing Error Detection Block Through User Logic
3.7. Enabling Data Compression x
3.7.1. Enabling Compression Before Design Compilation 3.7.2. Enabling Compression After Design Compilation
3.8. AES Encryption x
3.8.1. Generating .ekp File and Encrypt Configuration File 3.8.2. Generating .jam/.jbc/.svf file from .ekp file 3.8.3. Programming .ekp File and Encrypted POF File 3.8.4. Encryption in Internal Configuration
3.8.3. Programming .ekp File and Encrypted POF File x
3.8.3.1. Programming .ekp File and Encrypted .pof Separately 3.8.3.2. Integrate the .ekp into .pof Programming
3.9. MAX® 10 JTAG Secure Design Example x
3.9.1. Internal and External JTAG Interfaces 3.9.2. JTAG WYSIWYG Atom for JTAG Control Block Access Using Internal JTAG Interface 3.9.3. Executing LOCK and UNLOCK JTAG Instructions 3.9.4. Verifying the JTAG Secure Mode
4. MAX® 10 FPGA Configuration IP Core Implementation Guides x
4.1. Unique Chip ID Intel® FPGA IP Core 4.2. Dual Configuration Intel® FPGA IP Core
4.1. Unique Chip ID Intel® FPGA IP Core x
4.1.1. Instantiating the Unique Chip ID Intel® FPGA IP Core 4.1.2. Resetting the Unique Chip ID Intel® FPGA IP Core
4.2. Dual Configuration Intel® FPGA IP Core x
4.2.1. Instantiating the Dual Configuration Intel® FPGA IP Core
5. Dual Configuration Intel® FPGA IP Core References x
5.1. Dual Configuration Intel® FPGA IP Core Avalon® Memory-Mapped Address Map 5.2. Dual Configuration Intel® FPGA IP Core Parameters
6. Unique Chip ID Intel® FPGA IP Core References x
6.1. Unique Chip ID Intel® FPGA IP Core Ports
1. MAX® 10 FPGA Configuration Overview
2. MAX® 10 FPGA Configuration Schemes and Features
3. MAX® 10 FPGA Configuration Design Guidelines
4. MAX® 10 FPGA Configuration IP Core Implementation Guides
5. Dual Configuration Intel® FPGA IP Core References
6. Unique Chip ID Intel® FPGA IP Core References
7. Document Revision History for the MAX® 10 FPGA Configuration User Guide

3.8. AES Encryption

Security Notice: The MAX® 10 devices use 128-bit encryption keys. For higher levels of security, Altera recommends that you select devices using longer key lengths such as Stratix® 10 or Agilex™ 7 devices, which use 256-bit encryption keys.

This section covers detailed guidelines on applying AES Encryption for design security.

There are two main steps in applying design security in MAX® 10 devices. First is to generate the encryption key programming (.ekp) file and second is to program the .ekp file into the device.

The .ekp file has other different formats, depending on the hardware and system used for programming. There are three file formats supported by the Quartus® Prime software:

  • JAM Byte Code (.jbc) file
  • JAM™ Standard Test and Programming Language (STAPL) Format (.jam) file
  • Serial Vector Format (.svf) file

Only the .ekp file type generated automatically from the Quartus® Prime software. You must create the .jbc, .jam, and .svf files using the Quartus® Prime software if these files are required in the key programming.

Note: Altera recommends that you keep the .ekp file confidential.

Section Content
Generating .ekp File and Encrypt Configuration File
Generating .jam/.jbc/.svf file from .ekp file
Programming .ekp File and Encrypted POF File
Encryption in Internal Configuration

Level Two Title