Forum Discussion

JimL's avatar
JimL
Icon for New Contributor rankNew Contributor
1 month ago

Clarification on Agilex 3 W vs Y Device Variants and Security Feature Mapping

Hi  support team,

I hope you are doing well.

I am currently evaluating Agilex™ 3 devices for a  design and would like to clarify the detailed differences between the W and Y device variants, particularly regarding their security capabilities.

After reviewing several official documents, I found that the description is not entirely aligned, and I would appreciate your clarification with references to the official definitions.

I have mainly referred to the following documents:

  • Security Overview for SDM-Based FPGA Devices
  • Agilex™ 3 FPGAs and SoCs C‑Series Product Table
  • Agilex™ 3 FPGAs and SoCs Device Data Sheet

Questions and points needing clarification

  1. In the Agilex 3 product table, the W/Y/Z variants are differentiated by a “C-r-y-p-t-o” field.

Could you please clarify:

  • What exactly is included in “C-r-y-p-t-o”?
  • Does this explicitly include:
      • ECDSA authentication
      • SHA‑384 integrity verification
      • Secure boot / authenticated configuration
  • Or does it also include lower-level cryptographic primitives (AES, SHA engines, etc.)?

2, In the Security Overview document, it states that: SDM contains cryptographic engines (AES, SHA, ECC) and key management hardware, and these can also be accessed by user logic. From this description, it appears that: Cryptographic primitives exist in the platform (even for Y devices)

So the question is:

  • Are cryptographic engines available in both Y and W variants?
  • If yes, is the difference that:
    • W enables secure system-level usage (authentication / secure boot)
    • while Y only exposes these engines for user application use?

3,From the product table and security overview:

  • PUF
  • SPDM attestation
  • Physical anti‑tamper monitoring

appear to be available beyond just W variants.

Could you confirm:

  • Are these features available on both Y and W devices?
  • If so, what is the functional difference in how they are used?
  • For example:
      • Monitoring vs enforcement
      • Reporting vs blocking

4,In the document: Security Overview for SDM-Based FPGA Devices

Table 1 seems to indicate that Agilex 3 devices generally support both encryption and authentication, without distinguishing between W and Y variants.

This creates confusion when compared with the product table.

Could you please clarify:

  • Is Table 1 describing platform-level capability (architecture-based) rather than specific device configurations?
  • And is the correct interpretation that:
    • Only W variants enable full cryptographic security flows (e.g. authenticated configuration / root-of-trust)
    • while Y variants provide only partial or application-level capabilities?

My design really care the security and low power consumption rather than performance or high speed tranceivers.

we only nee 30KLE, 300Kbit RAM, 2 PLL,200GPIO, no tranceiver ,no high speed needed so smaller density A3CY025BB18AI7S of Agilex3 might suitable but security W is not available in that small density, so I would like to know if we choose Code Y then what security features is missing from W.

Regard

JL

Security
No RepliesBe the first to reply

Recent Discussions