With so many devices connected today, security design has gone from a “nice to have” to a set of hard requirements for all products with a digital element. Some industries have had security standards in place for some time, including industrial, automotive, medical, avionics, and government. Now the focus is turning toward all connected products, an example being the Cyber Resilience Act adopted by the EU in late 2024. Design engineers will have to spend valuable time learning how to protect their products rather than focusing all of their time on the design itself.
Fortunately for those using FPGAs, Altera has had industry-leading security capabilities built in for over a decade, and our customers achieve a high degree of security just by turning them on. For design engineers looking at an FPGA for their next design, even small Altera devices can help provide strong resistance to common threats.
Today’s security requirements are more than just support for encryption and can be grouped into three general categories: Design security, Data security, and Supply Chain security.
Design Security considers the requirement of maintaining full control of your product throughout its lifecycle. This takes the form of system security by design and often focuses on the most intelligent device in the system. At the system power on, an intelligent device must be able to securely startup and establish the root of trust (ROT), for itself and for the system around it. Altera devices have many design security capabilities, which become available after ROT is established. For example, Agilex™ devices include the latest version of our Secure Device Manager (SDM) – Our flexible security subsystem that is first to turn on establishing ROT and then provides security services for the greater system.
Figure 1 below shows a high-level block diagram of the SDM included in the Agilex 7 family. This highly capable sub-system utilizes redundant processors to run the FPGAs security capabilities from power on. The SDM has many responsibilities including secure configuration of the FPGA and HPS, safe handling of cryptographic keys and operations, tamper detection, single event upset monitoring, and much more.
For a closer look at the SDM’s capabilities, please refer to Altera’s Security Overview for SDM-Based FPGA Devices or consult the Configuration User Guide for specific product family technical details (Agilex 7 Configuration User Guide, section 1.2.1 and Agilex 5 Configuration User Guide, section 1.2.1).
Figure 1: Secure Device Manager (SDM) in Agilex 7 devices
Once your system is deployed; how can you be confident it has not been compromised? This is where another differentiating SDM capability is useful, Attestation. While authentication validates and approves an FPGA or software image to turn on, Attestation provides a related function where the system must prove its identity and state, to demonstrate it has not been altered. This can be invoked at any time as a ‘gate’ to enable system enhancements by the owner or as a test to launch a mitigation strategy if Attestation fails.
Data Security is the second requirement category that seeks to secure all data the system processes or transfers. As mentioned, the SDM has a cryptographic engine with multiple algorithms at its disposal, ready to help protect any ‘sensitive’ data touched by the FPGA fabric or the FPGA-embedded ARM hard processor system (HPS). These cryptographic services include Secure Data Object Storage (SDOS), which provides cryptography for data storage, and includes HMAC-based signature generation and verification for integrity and authentication. Similar functions are available that can operate on any data pointed to by the HPS or FPGA fabric and can utilize AES, HMAC, SHA-2, and ECDSA algorithms in the various cipher, integrity, and authentication functions needed.
Selected Agilex 7 devices1 also have a MACsec IP solution that can run at up to 200 Gbps per instance (half-duplex). This function uses the available AES hard accelerator block, which could be used in other IP solutions as well. With up to 4 instances, we support up to 800 Gbps of MACsec bandwidth in Agilex 7 devices.
Supply Chain Security requirements start with the components you choose for your design and continue through the manufacturing, delivery, maintenance, and End-of-Life of your product. Altera has extended security capabilities to address shortcomings in the electronics manufacturing ecosystem.
For example, a common concern is confidentiality when working with a third-party Original Design Manufacturer (ODM) who might be used for programming device keys. To address this scenario, Altera provides support for black key provisioning, which, when combined with the SDM, safely hides your device keys wherever they are programmed. Another feature that helps secure your device from within the device itself is our physically unclonable function (PUF), much like a digital fingerprint. Our highly secure manufacturing process ensures the internal PUF key can never actually leave the device, ensuring it remains safe to protect important assets. As a bonus , the PUF key provides proof you have a genuine Altera product, not a counterfeit device.
Additional Supply Chain Security features include:
- Secure remote update – IP that enables the secure updating of your FPGA and software images after your system has been deployed to customers.
- Secure debug – Gather data from your system for debugging purposes without giving access to internal IP, data, or system control.
- Ownership transfer – Set up multi-tenant ownership, or transfer ownership to another party.
- End-of-life Decommissioning – Cryptographically erase the device’s unique secrets and prevent the devices from being configured again.
Summary and Conclusion
Altera devices have included security features for over a decade and have been adding increasingly advanced features since the introduction of the Secure Device Manager (SDM) in 20162. With its flexibility, robustness, and updateability, the SDM has enabled our customers to build much more secure products. The security features highlighted today are summarized in Table 1 below.
| Agilex 7 | Agilex 5 | Agilex 3 | Stratix 103 |
Bitstream Encryption | ✔ | ✔ | ✔ | ✔ |
SDM | ✔ | ✔ | ✔ | ✔ |
Updateable Security | ✔ | ✔ | ✔ | ✔ |
Black Key Provisioning | ✔ | ✔ | ✔ | ✔ |
Attestation | ✔ | ✔ | ✔4 |
|
Vendor authorized boot | ✔ | ✔ | ✔ |
|
100 Gbps AES accelerator | ✔1 |
|
|
|
Table 1: Security capabilities matrix for recent Altera Product families.
Notes:
1-Only available in selected Agilex 7 device variants.
2-Altera’s Security Methodology User Guide (RDC ID# 724441) covers additional capabilities that require disclosure under a Non-Disclosure Agreement (NDA). This includes methods of utilizing these features to their full capabilities for addressing threat environments. Please contact Altera Sales to gain access to this and other confidential Security-related documents.
3-The Secure Device Manager circuitry and IP were first implemented in this product architecture.
4-Only available in selected Agilex 3 device variants.
