Hello,
Kindly see my replies provided below for your reference:
- Engineering sample, it's code is MK-A5E065BB32AES1, when you look at the doc I attached (here is the link https://cdrdv2-public.intel.com/820978/ug-820977-820978.pdf) in the Table 1 you see that for the following engineering sample MK-A5E065BB32AES1, the device part number is A5ED065BB32AE6SR0. Decoding the 4tf digit of the ordering number and looking at the part number decoder we have A5ED, with D implying Quad HPS and Cryptographic Services. Where can I find the information that Cryptographic Services are disabled on ES?
>> All the engineering sample devices are non-security enabled. The Agilex5 device security user guide used this R0 for demo only. This will be updated with a production OPN. - As for the A5EC065BB32AE6S, looking at the 4th digit and part number decoder it seems that this variant does not feature Cryptographic Services am I right?
>> Yes, you are right. - As for the Terasic board (https://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=123&No=1384&PartNo=2#contents) with FPGA: A5EB013BB23BE4SCS and again looking at the 4th digit and product table code it seems that this product should have HPS as well as Cryptographic services, yes?
>> Yes, you are right.
For production devices, the available security features depend on the specific device variant. In general, bitstream authentication and encryption are supported. If CryptoServices are not available, it indicates that the corresponding cryptographic primitives are not supported on that particular device. For full security functionality, you should select a device variant that includes CryptoServices.
Regarding HPS secure boot, all production devices support authentication of the complete HPS software stack. This includes the FSBL (as part of bitstream authentication), followed by the SSBL (U‑Boot), the Linux kernel image, and the Device Tree (DTB file).
Occasional Contributor
