Intel® Stratix® 10 Secure Device Manager Provides four
Sector-based configurationOne of the primary Intel Stratix 10 architectural features
that enables these SDM use cases is the logical separation
of the device into confguration sectors. Dividing FPGA
confguration into logical sectors helps manage confguration
times and bottlenecks when confguring very large devices.
After confguration data is authenticated and decrypted
using the high-performance encryption accelerator cores,
confguration data blocks are distributed to the various
sectors in parallel on a confguration network. This
sectorization and data distribution network provides distinct
flexibility advantages.
Sector layout
Figure 2 shows the division of logic element confguration by
sector across a confguration network. FPGA confguration
sectors are a fxed size across the Intel Stratix 10 family,
allowing for natural design boundaries for IP re-use, security,
and reconfguration. The sectors are logical for confguration
purposes, but otherwise overlay the normal rows and
columns of routing logic; i.e., there is no impact to Intel
Quartus Prime software place and route or logical timing
from logic and data paths that cross sector boundaries.
Local sector manager
Within each sector is another microprocessor called the Local
Sector Manager (LSM). The LSM parses sector confguration
block data and confgures the logic elements for each sector.
After confguration, these microprocessors monitor for single
event upsets at the sector level, process scripted responses
to these SEUs, and can perform hashing or integrity checks
in real time (out of band of the user design) for real-time
confguration integrity.
Sector-based reconfiguration
Because the device is divided into logical sectors, you can
quickly reconfgure a portion of the Intel Stratix 10 FPGA
design. Because you confgure the FPGA by logical sector, you
can use a subset of this confguration process to reconfgure
a subset of the sectors. The SDM can command and execute
this sector-based reconfguration, out of band from the user
design.
Zeroing design information by sector or in parallel
Zeroing encryption keys or data is a common response
mechanism when device sensors or I/O detect common
signatures of an attack or attempt to probe the FPGA or SoC
for sensitive data.
Because Intel Stratix 10 confguration occurs by logical
sector, overwriting, erasing, or zeroing confguration data can
occur by logical sector. For highly sensitive or secure design
zeroing by sector simplifes and reduces the zeroization time
of a design if the sensitive information is isolated to, and
contained within, a limited number of sectors. Designers may
want to sanitize or zero the entire design anyway, but zeroing
sectors can take place on a priority basis based on the sector
sensitivity. The zeroization process (overwriting patterns and
verifcation) are scripted in the SDM
页:
[1]
