I've tried to develop a secure FPGA environment with master key (8.ekp) and encrypted ROM image (*.pof). The idea is to program the master key once before the FPGA left to the customer and the (*.pof) should be field up-gradable multiple times in the overseas customer.
However, by following Intel documentation of MAX 10 Configuration: https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/hb/max-10/ug_m10_config.pdf section 3.8, I have a problem that the ekp key will also be erased if I do the bulk erase. This might cause a problem in the field in the FPGA CFM is erased.
Second problem is, I found out that downloading encrypted pof multiple times causes a problem of: Error (209014): CONF_DONE pin failed to go high in device 1. Which according to this: https://www.intel.com/content/www/us/en/programmable/support/support-resources/knowledge-base/soluti..., means that each time the encrypted pof needs to be flashed, CFM needs to be erased which then the erased ekp needs to be reprogrammed.
I tried to use JTAG secure, this makes the ekp persistent on the device since the JTAG connection is not there for programming afterwards.
My question is:
Hi @JohnT_Intel ,
Thanks for your suggestion.
Unfortunately, the only interface that our customer have is JTAG. So using UART communication means a significant redesign is required, thus we don't prefer.
My further question is:
Yes. You can either write or erase. No read is possible.
Max 10 does not support this.