Programmable Devices
CPLDs, FPGAs, SoC FPGAs, Configuration, and Transceivers
20261 Discussions

Can you use the non-volatile key from the FPGA (Cyclone V) in a design?

TMayd
Novice
‎01-15-2019 07:44 PM
1,768 Views
Solved Jump to solution

So we would like to use the fused non-volatile key in the Cyclone V to provide our application with a seed for an SHA-256 algorithm. It's not clear to me if you can set this fuse and then access the value internally in the FPGA design? Primarily it would be nice to have a permanent secret key so that when we update the devices it doesn't need a specific bitstream file for each FPGA. Or am I misunderstanding the encrypted FPGA programming?

0 Kudos
1 Solution
Nooraini_Y_Intel
Employee
‎01-17-2019 03:07 AM
477 Views
Solved Jump to solution
Hi TMayd, Yes, the programmed non-volatile key is use to decrypt the configuration bitstream during the configuration process. The general process flow is shown in figure 1 from AN556. Once you program the non-volatile key, is it OTP, there is no way to repogram with a different value. You can generate multiple key files and encrypted image files . However once you program the non-volatile key into Cyclone V, the decryption engine can only decrypt the matching encrypted image. Regards, Nooraini

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
Nooraini_Y_Intel
Employee
‎01-16-2019 01:28 PM
477 Views
Solved Jump to solution
Hi TMayd, Yes, you can program a non-volatile key into the Cyclone V device. However the programmed key information cannot be read out since it is program into the polyfuse and not a register. For detials, you can refer to AN556:Using the Design Security Features in Intel® FPGAs document in the following link: https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/an/an556.pdf Regards, Nooraini
0 Kudos
Copy link
TMayd
Novice
‎01-16-2019 02:13 PM
477 Views
Solved Jump to solution
In response to Nooraini_Y_Intel

Hi, so since the value is not a register it's only primary use is de-encrypting the bit file? I can't use this value in a design to have a fixed value that won't change with a new bit file?

In response to Nooraini_Y_Intel
0 Kudos
Copy link
Nooraini_Y_Intel
Employee
‎01-17-2019 03:07 AM
478 Views
Solved Jump to solution
Hi TMayd, Yes, the programmed non-volatile key is use to decrypt the configuration bitstream during the configuration process. The general process flow is shown in figure 1 from AN556. Once you program the non-volatile key, is it OTP, there is no way to repogram with a different value. You can generate multiple key files and encrypted image files . However once you program the non-volatile key into Cyclone V, the decryption engine can only decrypt the matching encrypted image. Regards, Nooraini
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.