I wan to use the encryption feature at A10 and had review the encryption methods described at AN556.
I succeed to program a non-volatile key to the FPGA and confirmed that it prevents the loading of bitstream that was encrypted by different encryption key.
However, loading of non-encrypted bitstream is still enabled.
So, actually although I use the feature the FPGA is still not protected from tampering. Anyone else can load the FPGA with non-encrypted bitstream.
When I talked with FAE he told me that I should activate the Tamper Protection bit. (AN556 describes how to do it ).
According to AN556 if you activate the Tamper Protection bit - it allows only the correct encrypted bitstream to be loaded but the problem is:
It prevents to use the SFL (Serial Flash Loader) so we can't use the JTAG and FPGA SFL to program the Flash!
At the bottom line if we use Tamper Protection the FPGA can be loaded only single time by the JTAG: first you load the SFL, second you load the encrypted bitstream to the FLASH and last step - you program the non-volatile encryption key directly to the FPGA.
I am looking for a solution that will allow me to protect the FPGA from loading non-encrypted bitstream (or different-encrypted bitstream) but that I will still be able to load the FPGA with legal encrypted bitstream whenever I want.
I appreciate if someone have encountered such issue and can give advise.
The only way to avoid the unencrypted configuration stream is enable the tamper protection bit.
However, tamper protection basically disabled JTAG programming.
I have checked AN556 and consulted more experts, but I am afraid your requirements still couldn't be accomplished by our device if you can only use JTAG.