The manual for the design security feature states that it is possible to program an AES key into the FPGA in order to be able to decrypt encrypted bitfiles. When looking at the manual I see the following command line example to generate the .ekp file that is used to program the key into the device.
This example takes the .sof file as an input in the generation of the .ekp file. Does that mean that the programmed key only works for that specific design or can I generate a new design and do encryption/decription using the same key?
Yes, the programmed key only work for specific design.
If you generate a new design, you need to create new key.
For more details regarding Intel Design Security, please refer to the following AN:
Thanks for the initial explanation. An556 was the manual I was referring to and from which I took the command line example.
What makes a design 'specific' or 'new'? if I add an inverter somewhere in the design and regenerate configuration data (.sof) . Is that already different? So if I write the key to the fuses I can only ever decrypt that precise configuration down to the delays/routing etc?
Your answer already seems to indicate so. But hopefully I am mistaken. Because I would like to encrypt my bitfiles and be able to decrypt them. But hardware in the field should be able to decrypt possible future updates to the design if new functionality is added or possible bugfixes are made.
Any changes in design (small changes or big changes) cause the bitstream in sof change. This make new sof file (new changes in design) different to previous sof file.
Usually, design security features is used when your design is in the final stage (final design and ready for production).
If any bug/error in future, decrypt the previous design. Generate a new key and program the new design.
I think the design security features is straight forward and not complicated.
I hope this will make you much clear.
But if you program a non-volatile key it cannot be changed anymore. So generating a new key is not an option for boards with the key already programmed into the fpga. To be 100% clear. Assume the following steps:
- Create .sof file
- Create .ekp and encrypted .sof (.rbf) by supplying KEY and .sof file
- Program non-volatile key into fuse on fpga using .ekp file
- FPGA can now decrypt the encrypted design (.rbf) using the programmed key.
- Decide a small change in design is needed
- Generate a new .sof file with design changes.
- Encrypt the new .sof file with original KEY
- FPGA cannot decrypt the new encrypted configuration (.rbf)?
This would make it completely impossible to do an upgrade in the field.