Select the family name for complete details about a specific family's design security features.
Secure Configuration Flow
SRAM-based FPGAs are volatile and require a configuration bitstream sent from a flash memory or configuration device to the FPGA at power-up. To prevent the configuration bitstream from being intercepted during transmission and to provide design security, Altera's FPGAs use the advanced encryption standard (AES) and a 128-bit or 256-bit key for configuration bitstream encryption. The secure configuration flow is carried out in three steps:
The user-defined AES key is programmed into the volatile or non-volatile key storage.
Quartus® II design software uses the same AES key to generate an encrypted configuration file, which is then stored in an external flash memory or configuration device.
At power-up, the flash memory or configuration device sends the encrypted configuration file to the Altera® FPGA, which then uses the stored AES key to decrypt the file and configure itself.
AES is a Federal Information Processing Standard (FIPS) and has been approved to be used by United States government organizations to protect sensitive, unclassified information. It is also widely adopted both commercially and globally. The AES implementation provided by Altera has been validated as conforming to the FIPS-197 (PDF) standard.
To provide you with more choices, Stratix series and Arria series FPGAs offer both volatile and non-volatile encryption key storage. Cyclone III LS FPGAs offer only volatile encryption key storage, and are targeted to high-volume applications with stringent power consumption limits. The volatile encryption key storage provides more flexibility, while the non-volatile encryption key storage saves board space. Table 2 shows a comparison of volatile and non-volatile key storage.