A newer version of this document is available. Customers should click here to go to the newest version.
1. DisplayPort Intel® FPGA IP Design Example Quick Start Guide 2. Parallel Loopback Design Examples 3. HDCP Over DisplayPort Design Example for Intel® Stratix® 10 Devices 4. DisplayPort Intel® Stratix® 10 FPGA IP Design Example User Guide Archives 5. Revision History for the DisplayPort Intel® Stratix® 10 FPGA IP Design Example User Guide
2.1. Intel® Stratix® 10 DisplayPort SST Parallel Loopback Design Features 2.2. Creating RX-Only or TX-Only Designs 2.3. Design Components 2.4. Clocking Scheme 2.5. Interface Signals and Parameters 2.6. Hardware Setup 2.7. Simulation Testbench 2.8. DisplayPort Transceiver Reconfiguration Flow 2.9. Transceiver Lane Configurations
22.214.171.124. Store encrypted HDCP production keys in the external flash memory or EEPROM (Support HDCP Key Management = 1)
3.5. Protection of Encryption Key Embedded in FPGA Design
Many FPGA designs implement encryption, and there is often the need to embed secret keys in the FPGA bitstream. In newer device families, such as Intel® Stratix® 10 and Intel Agilex, there is a Secure Device Manager block that can securely provision and manage these secret keys. Where these features do not exist, you can secure the content of the FPGA bitstream, including any embedded secret user keys, with encryption.
You can keep the user keys secure within your design environment, and ideally add to the design using an automated secure process. The following steps show how you can implement such a process with Intel® Quartus® Prime tools.
- Develop and optimize the HDL in Intel® Quartus® Prime in a non-secure environment.
- Transfer the design to a secure environment and implement an automated process to update the secret key. The on-chip memory embed the key value. When the key is updated, the memory initialization file (.mif) can change and the “quartus_cdb --update_mif” assembler flow can change the HDCP protection key without re-compiling. This step is very quick to run and preserves the original timing.
- The Intel® Quartus® Prime bitstream would then encrypt with the FPGA key before transferring the encrypted bitstream back to the non-secure environment for final testing and deployment.
It is recommended to disable all debug access that can recover the secret key from the FPGA. You can disable the debug capabilities completely by disabling the JTAG port, or selectively disable and review that no debug features such as in-system memory editor or Signal Tap can recover the key. Refer to Intel Stratix 10 Device Security User Guide for further information on using FPGA security features including specific steps on how to encrypt the FPGA bitstream and configure security options such as disabling JTAG access.
Note: You can consider the additional step of obfuscation or encryption with another key of the secret key in the MIF storage.
Did you find the information on this page useful?