Intel® Stratix® 10 Secure Device Manager Provides five
Configuration processIntel Stratix 10 FPGAs and the SDM block provide the most
robust, secure, and authenticated device confguration
process in the industry. Some customization is also available
in the confguration processes and IP protection for each user
design. The degree of flexibility can be better understood
by showing the high-level confguration data flow shown in
Figure 3.
Figure 3 starts with a basic block diagram of the
confguration data for a Intel Stratix 10 FPGA or SoC design.
The confguration block data is the same whether in flash
memory, SD card, or over a hard PCI Express connection
(confguration via protocol). This confguration data is divided
into several logical pieces, starting with the confguration
data and code for the SDM itself. Other portions of the
confguration data are logically divided into FPGA sectors
and code blocks for the hard processor system in the Intel
Stratix 10 SoC.
Loading and authenticating the configuration image
The frst confguration step loads the SDM data. Because
this stage manages all other security and keys for the Intel
Stratix 10 FPGA, the SDM image is 100% authenticated
against an Intel signature and verifed with an on-chip Intel
public encryption key. Other confguration options allow the
designer to provide their own SDM image signature using
a private encryption key and then verify this signature in
confguration with a user-installed public encryption key.
Variables managed by the SDM
Based on designer decisions enabled in the Intel Quartus
Prime software, the SDM decides how to ingest, process, and
confgure the remainder of the user design. These decisions
include the confguration order of the Intel Stratix 10 device
(e.g., FPGA frst or HPS frst, and the specifc order of FPGA
sector confguration). SDM instructions can also indicate
thresholds and responses for environmental monitors.
Licensable functions like the PUF are optionally included
in SDM code based on Intel Quartus Prime licenses. Finally,
SDM instructions defne the encryption key security by
sector.
Authenticating, decrypting, and configuring by sector
A key, flexible feature of the Intel Stratix 10 SDM block is the
ability to make separate encryption and source encryption
key decisions for the FPGA design on a logical sector basis.
In this case, the designer can select different encryption keys
for each sector or use a variety of encryption keys based on
the sector sensitivity level. Different encryption key handling
procedures can be designed for keys at different security
or sensitivity levels. An encryption key can be used across
multiple sectors or a single sector, to reduce the attack
surface of that design sector. All encryption keys used for
device decryption are protected by the device’s root key.
Addressing side channel leakage through
programmability
One of the most common, documented attacks on existing
programmable logic devices are side channel leaks on
the confguration process, primarily targeting power. Intel
Stratix 10 devices use a variety of methods to limit side
channel leakage and attack surfaces. These methods include the pre-authentication of all sector-based data blocks by the
SDM before encryption, dynamic encryption key updates, and encryption key diversity across sectors. The SDM itself is a key
tool for reducing side channel leakage, as well as the many confguration methods available to the user. The confguration
process can be specifc to a design and can scramble or randomize the confguration data processing order. Additional
techniques will be described in later user documentation.
The SDM controls the confguration scheme for each design. If a particular confguration process is found effective against the
threat profle of your user environment, you can update the confguration process and re-authenticate it in the feld.
页:
[1]
