Intel® MAX® 10 FPGA Configuration User Guide

ID 683865
Date 3/27/2023
Public
Document Table of Contents
Give Feedback

2.2.2. Configuration Design Security

Security Notice: Intel® MAX® 10 devices do not include an internal mechanism to authenticate bitstreams. Intel® recommends implementing system-level controls external to the Intel® MAX® 10 devices via additional components or via soft IP within the Intel® MAX® 10 devices to incorporate bitstream authentication. Alternatively, you may select a device that includes internal bitstream authentication such as Intel® Stratix® 10 or Intel Agilex® 7 devices.

The Intel® MAX® 10 design security feature supports the following capabilities:

  • Encryption—Built-in encryption standard (AES) to support 128-bit key industry-standard design security algorithm
  • Chip ID—Unique device identification
  • JTAG secure mode—limits access to JTAG instructions
  • Verify Protect—allows optional disabling of CFM content read-back
  • Flash region access control and immutability—enable immutability of the flash region CFM0 when configured from CFM1. You can leverage this feature to implement a Device Identifier Composition Engine (DICE) compliant design.
    Note: The flash region access control and immutability feature is only available in Intel® MAX® 10 devices with DD feature options (10M40DD and 10M50DD).