More Security Options Dialog Box

Table 1. More Security Options Dialog Box. For Intel® Stratix® 10 and Intel® Agilex™ devices, specifies additional configuration bitsream security settings that you can enable or disable using device eFuses. To access these settings, click Assignments > Device > Device and Pin Options > Security > More Settings button. Disabled options are unavailable for the current device or configuration mode.
Option Description
Disable JTAG Disables JTAG command and configuration of the device. Setting this eliminates JTAG as mode of attack, but also eliminates boundary scan functionality.
Force SDM clock to internal ocillator Disables an external clock source for the SDM. The SDM must use the internal oscillator. Using an internal oscillator is more secure than allowing an external clock source for configuration.
Force encryption key update Specifies that the encyption key must update by the frequency that you specify for the Encryption update ratio option. The default ration value is 31:1.
Disable virtual eFuses Disables the eFuse virtual programming capability.
Lock security eFuses Causes eFuse failure if the eFuse CRC does not match the calculated value.
Disable HPS debug Disables debugging through the JTAG interface to access the HPS.
Disable encryption key in eFuses Specifies that the device does not use an AES key stored in eFuses. Rather, you can provides an extra level of security by storing the AES key in BBRAM.
Disable encryption key in BBRAM Specifies that the device does not use AES key stored in BBRAM. Rather, you can provides an extra level of security when you store the AES key in eFuses.