6. Encryption and Decryption Overview
UG-S10SECURITY | 2019.05.10
Figure 12.
Bitstream Decryption
Section Key of Header
Block decrypts
Keys Block 0
Keys in Keys
Block 0 decrypt the
adjacent blocks
including Keys Block N
The initialization vector (IV) is unencrypted data that is an input to the decryption
function.
6.1. Using the Encryption Feature
Encrypting the owner image includes the following three steps:
•
Step 1: Preparing the owner image and AES key files
•
Step 2: Generating the programming files
•
Step 3: Programming the AES key and configuring the encrypted owner image
The following flow diagram shows the processes required for each step.
Send Feedback
Header Block
IVs & Intermediate Keys
IV & Section Key
Signature Block
Initialization Vector (IV) for Keys Block 0
Keys Block 0 (up to 128 keys)
IVs for Subsequence Encrypted Data
Encrypted Data 1
Encrypted Data 2
Encrypted Data 126
IV for Keys Block N
Keys Block N(Up to 128 keys)
Intel Stratix 10
Owner AES Root Key
Owner AES Root Key decrypts first
Intermediate Key that decrypts
next Intermediate Key. The last
Intermediate Key decrypts
the Section Key.
Total of 128 items decrypted
by keys stored in Keys
Block 0
®
®
Intel
Stratix
10 Device Security User Guide
35