Intel® Stratix® 10 Device Security User Guide

ID 683642
Date 7/14/2023
Public
Document Table of Contents

1. Intel Stratix 10 Device Security Overview

Updated for:
Intel® Quartus® Prime Design Suite 23.1

Intel® designs the Intel Stratix 10 devices with dedicated, highly-configurable security hardware and firmware.

This document contains instructions to help you use Intel® Quartus® Prime Pro Edition software to implement security features on your Intel Stratix 10 devices.

Additionally, the Security Methodology for Intel FPGAs and Structured ASICs User Guide is available on the Intel® Resource & Design Center. This document contains detailed descriptions of the security features and technologies that are available through Intel Programmable Solutions products to help you select the security features necessary to meet your security objectives. Contact Intel Support with reference number 14014613136 to access the Security Methodology for Intel FPGAs and Structured ASICs User Guide.

The document is organized as follows:

  • Authentication and Authorization: Provides instructions to create authentication keys and signature chains, apply permissions and cancellation IDs, sign objects, and program authentication features on Intel Stratix 10 devices.

  • AES Bitstream Encryption: Provides instructions to create an AES root key, encrypt configuration bitstreams, and provision the AES root key to Intel Stratix 10 devices.

  • Device Provisioning: Provides instructions to use the Intel® Quartus® Prime Programmer and Secure Device Manager (SDM) provision firmware to program security features on Intel Stratix 10 devices.

  • Advanced Features: Provides instructions to enable advanced security features, including secure debug authorization, Hard Processor System (HPS) debug, platform attestation, physical anti-tamper, and remote system update.

The following table lists the security features for specified Intel® Stratix® 10 devices.

Table 1.   Intel® Stratix® 10 Device Support for Security Features Intel recommends using only devices with a -BK ordering part number (OPN) suffix for use with the black key provisioning feature.
Intel® Stratix® 10 Device Authentication Advanced Security Black Key Provisioning
GX Yes -AS suffix devices -BK suffix devices
GX 10M Yes No -BK suffix devices
SX Yes -AS suffix devices -BK suffix devices
MX Yes -AS suffix devices -BK suffix devices
TX Yes -AS suffix devices -BK suffix devices
DX Yes -AS suffix devices -BK suffix devices