Programmable Devices
CPLDs, FPGAs, SoC FPGAs, Configuration, and Transceivers
20688 Discussions

How can I prevent AES key being overwritten by hacker in MAX10

YutaWakasugi
Novice
‎07-28-2021 03:10 AM
707 Views
Solved Jump to solution

Hi,

I'm referring Intel® MAX® 10 FPGA Configuration User Guide.
In my understanding, once we program AES key and turn on "Allow encrypted POF only" option, configuring CRAM through JTAG will be prevented, and configuration can be done only from the encrypted(by correct key) config image programmed in CFM.
However, can we still erase and re-program the AES key (AES key is not OTP) without knowing currently programmed AES key, correct?
If so, how can we prevent hackers from replacing AES key by their own key? Do we need to turn on "JTAG secure" option to disable JTAG itself?

Thank you

0 Kudos
1 Solution
YutaWakasugi
Novice
‎07-29-2021 01:09 AM
670 Views
Solved Jump to solution

I see, Thank you.

View solution in original post

0 Kudos
Copy link

Link Copied

4 Replies
YuanLi_S_Intel
Employee
‎07-29-2021 12:22 AM
684 Views
Solved Jump to solution

Hi,


Yes, you need to turn on jtag secure mode to prevent the access of JTAG by third party to do full erase on the device.


Regards,

Bruce


0 Kudos
Copy link
YutaWakasugi
Novice
‎07-29-2021 12:41 AM
676 Views
Solved Jump to solution
In response to YuanLi_S_Intel

Hi, 

Thank you for the quick response. Let me confirm.

Once JTAG secure mode is enabled, even the internal developer who knows AES key can't update CFM.
And if we want to update CFM, we need to implement internal logic to issue UNLOCK instruction to JTAG core like below
MAX10 JTAG Secure Unlock | Design Store for Intel® FPGAs
Is my understanding correct?

Thank you,
Wakasugi 

In response to YuanLi_S_Intel
0 Kudos
Copy link
YuanLi_S_Intel
Employee
‎07-29-2021 12:54 AM
675 Views
Solved Jump to solution

Hi,


Yes, you are right.


Regards,

Bruce


0 Kudos
Copy link
YutaWakasugi
Novice
‎07-29-2021 01:09 AM
671 Views
Solved Jump to solution

I see, Thank you.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.