MACsec Intel FPGA System Design User Guide

ID 767516
Date 3/03/2023

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents Design with HOST

The figure below shows the CLI debug application diagram which can be used for debugging, key generation, and configuring the MACsec IP. This information is passed onto the MACsec IP Driver and then to McDMA driver to do the MACsec HW configuration.

The HW FPGA has the MACsec IP and Soft/Hard Crypto logic. This HW does the encryption/decryption and insertion/deletion of MACsec Header to packet data as per the configuration from MACSEC IP driver. The MACsec can be enabled/disabled from driver. If enabled, it uses the controlled port to transmit/receive the data otherwise uses the uncontrolled port.
Figure 43. CLI Implementation Stack

In MACsec IP driver is a kernel mode driver and uses a netlink interface to communicate with above layer. The driver exposes 4 APIs to set/get the port attributes OR set/get the SC/SA attributes. In the MACsec IP driver, the management/AXI-Lite interface is used to read/write the CSR registers.

In the FPGA, encryption/decryption are controlled from the SADB registers which are updated from the MACsec IP driver.