CV-52007
2014.01.10
Security Modes
Table 7-10: Supported Security Modes
Security Mode
No key
Volatile Key
Volatile Key with
Tamper Protection Bit
Set
Non-volatile Key
Non-volatile Key with
Tamper Protection Bit
Set
The use of unencrypted configuration bitstream in the volatile key and non-volatile key security modes is
supported for board-level testing only.
Note:
For the volatile key with tamper protection bit set security mode, Cyclone V devices do not accept
the encrypted configuration file if the volatile key is erased. If the volatile key is erased and you want
to reprogram the key, you must use the volatile key security mode.
Enabling the tamper protection bit disables the test mode in Cyclone V devices and disables programming
through the JTAG interface. This process is irreversible and prevents Altera from carrying out failure analysis.
Design Security Implementation Steps
Figure 7-24: Design Security Implementation Steps
Configuration, Design Security, and Remote System Upgrades in Cyclone V Devices
Send Feedback
Tamper Protection
Device Accepts
Bit Setting
Unencrypted File
—
Yes
—
Yes
Set
No
—
Yes
Set
No
AES Key
Programming File
Quartus II Software
256-bit User-Defined
Key
AES Encryptor
Encrypted
Configuration
File
Device Accepts
Encrypted File
No
Yes
Yes
Yes
Yes
FPGA Device
Step 3
Key Storage
Step 1
AES Decryption
Step 4
Step 1
Step 2
Memory or
Configuration
Device
7-37
Security Modes
Security Level
—
Secure
Secure with tamper
resistant
Secure
Secure with tamper
resistant
Altera Corporation