Owner Security Keys And Programming - Intel Stratix 10 User Manual

The following side channel mitigation features are available in Intel Stratix 10 devices:
• Authentication first: The device authenticates the bitstream before decrypting it.
Attackers cannot perform differential attacks on the AES encrypted data without
breaking authentication.
• Key update: Limits the amount of encrypted data per key to 1024 bytes.
• Direct key loading: Uses a 256-bit point-to-point key bus to reduce emissions.
• Data scrambling: Scrambles data on long wires within the configuration network
on a chip (NoC).

1.3. Owner Security Keys and Programming

Intel Stratix 10 devices support two types of security keys:
• Owner root public key hash: Programming this key enables the owner
configuration bitstream authentication. Configuration bitstream authentication is
the fundamental security feature. You must enable configuration bitstream
authentication before you can enable other security features. The Intel Stratix 10
device stores the SHA-256 or SHA-384 hash of this key in physical eFuses or
virtual eFuses. This hash validates the integrity of the root public key, which is the
first step in the process to authenticate the configuration bitstream.
• Owner AES key: This optional key decrypts the encrypted owner image during the
configuration process. You can store the AES key in virtual eFuses, physical
eFuses, or a BBRAM. PUF support for AES key handling is planned for a future
release.
In contrast to eFuse (non-volatile) storage, BBRAM storage is reprogrammable.
The BBRAM key vault holds a single key. Programming a new key deletes the
previously programmed key. The BBRAM key vault includes a built-in function to
perform periodic key flipping to prevent key imprinting. The BBRAM has its own
power supply. V
1.8V. For more information about required voltage ranges refer to the Intel Stratix
10 Device Family Pin Connection Guidelines.
You program both the root public key hash and the AES key using JTAG. The
configuration bitstream specifies the owner AES key location. For extra security,
you can program fuses to disable some of the key storage locations. For example,
if your design stores the AES key in eFuses, you can program the BBRAM root key
disable fuse for additional security.
Intel Stratix 10 devices support both red key (unencrypted) and black key
(encrypted) provisioning (transport). JTAG transmits keys in an unencrypted
format. Encrypting the AES key reduces the risk of disclosing the key during the
manufacturing process. Refer to
information about programming an encrypted AES key.
Note: You program or blow eFuses by flowing a large current for a specific amount of time.
This process is irreversible.
Related Information
• Recommended Operating Conditions for V
• Intel Stratix 10 Device Family Pin Connection Guidelines
® ®
Intel Stratix 10 Device Security User Guide
8
powers the BBRAM AES key. The voltage range is 1.2V -
CCBAT
Black Key Provisioning
® ®
1. Intel Stratix 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
on page 10 for more
in Stratix 10 Device Datasheet
CCBAT
Send Feedback