FPGA Intellectual Property
PCI Express*, Networking and Connectivity, Memory Interfaces, DSP IP, and Video IP
6262 Discussions

MAX10 Design Security

CPete12
Beginner
‎06-25-2020 03:23 AM
416 Views

Dear forum members,

I have three questions regarding MAX10

Question 1: Allow encrypted POF only

If I enable encrypted POF, I am able to re-programm the FPGA at a later stage with a non-encrypted POF. This does not make sense to me, can you please comment on this issue.

Question 2: Enable JTAG Security

It is my understanding that enabling JTAG security means that I cannot reprogram the FPGA. The exception would be if I were to use JTAG Secure Unlock via internal JTAG WYSIWYG. However, I have not installed this feature. My question is: Is internal JTAG WYSIWIG is disabled by default or do I need to disable it?

Question 3: Verification of JTAG Secure 

Is there an easy way to test if JTAG secure is applied? 

Many thanks for clarifying,

Christian 

0 Kudos

Link Copied

4 Replies
YuanLi_S_Intel
Employee
‎06-26-2020 02:02 AM
404 Views

Hi,


Please find my response below:

Question 1: Allow encrypted POF only


If I enable encrypted POF, I am able to re-programm the FPGA at a later

stage with a non-encrypted POF. This does not make sense to me, can you

please comment on this issue.


Nope, this is wrong. You cannot program non-encrypted POF once JTAG Secure is enabled.


Question 2: Enable JTAG Security


It is my understanding that enabling JTAG security means that I cannot

reprogram the FPGA. The exception would be if I were to use JTAG Secure

Unlock via internal JTAG WYSIWYG. However, I have not installed this

feature. My question is: Is internal JTAG WYSIWIG is disabled by default

or do I need to disable it?


Nope, this is not enabled by default. You may refer to user guide below for the method to enable it:

https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/an/an556.pdf (Page 36)


Question 3: Verification of JTAG Secure 


Is there an easy way to test if JTAG secure is applied? 


If you have the external header to connect with JTAG. The easiest way is to try to access using that. It will not be able to access if JTAG secure is enabled.


Thank You.


Bruce


0 Kudos
Copy link
CPete12
Beginner
‎06-29-2020 05:43 AM
399 Views
In response to YuanLi_S_Intel

Dear Bruce,

 

Thank you very much for getting back to me. Everything clear, except one misunderstanding:

For questions 1: I can select "Allow encrypted POF only" and NOT "Enable JTAG security". (see attachment) I was able to later program with a non-encrypted file. Therefore, I do not see any effect of chosing "Allow encrypted POF only". Can you please elaborate on this.

 

Cheers,

Christian

In response to YuanLi_S_Intel
Preview file
55 KB
0 Kudos
Copy link
CPete12
Beginner
‎07-01-2020 12:43 AM
392 Views
In response to YuanLi_S_Intel

Dear Bruce,

 

Did you receive my later response / question?

 

Cheers,

Christian

In response to YuanLi_S_Intel
0 Kudos
Copy link
YuanLi_S_Intel
Employee
‎07-02-2020 01:21 AM
383 Views

Hi,


If you have enabled this option, that means to say the encrypted POF can only be configured into internal flash. However, programming the CRAM is still posssible. Thus i am assuming you are programming the CRAM instead of the internal flash with unencrypted POF.


Thank You.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.