For the Stratix 10, I see there is an encryption feature where the SDM decrypts the bitstream. Is there any possibility of using the SDM to support an encrypted FSBL? I’m basically interested in encrypting the bootloader software, not just the FPGA bitstream.

Hi LowLevelGuy,Apologies for the delay. I was consulting with the internal team to get clarification on this matter.When we enabling bitstream encryption on HPS FSBL (included the hex file in the PFG tool), FSBL will be encrypted as well.Sorry for the confusion. Thank you for your patience.Regards,Fakhrul

SDM based encryption? | Altera Community

7 Replies

FakhrulA_altera
Regular Contributor
2 years ago
Hi LowLevelGuy,

Sorry for the delay, I may overlooked your post. The Secure Device Manager (SDM) on the Stratix 10 can decrypt the FPGA bitstream, but it does not support decrypting an encrypted First Stage Boot Loader (FSBL). The SDM's encryption features are designed specifically for the FPGA configuration bitstream and not for general-purpose software decryption. For more detailed information, please refer to the Stratix® 10 Configuration User Guide.

Regards,
Fakhrul
- LowLevelGuy
  New Contributor
  2 years ago
  Related to the FSBL part, just to make sure I understand your answer, does it mean that enabling "bitstream encryption" on -AS devices does not result in the FSBL being encrypted?
  
  By FSBL, I'm refering to the ".hex" file content specified using "-o hps_path" with quartus_pfg -- the first code executed by the HPS.
  
  Thanks
FakhrulA_altera
Regular Contributor
2 years ago
Hi LowLevelGuy,

From my understanding, yes, enabling bitstream encryption on -AS devices does not automatically encrypt the FSBL. The bitstream encryption specifically targets the FPGA configuration bitstream and does not extend to other software or bootloader code like the FSBL. The Stratix 10's SDM encryption focuses on protecting the FPGA configuration bitstream, not the FSBL or other HPS-related code.

Regards,
Fakhrul
FakhrulA_altera
Regular Contributor
2 years ago
As we haven't received a response to our previous notification, this thread will be transitioned to community support. We hope all your concerns have been addressed. If you have any new questions, please feel free to open a new thread to receive support from Intel experts. Otherwise, community users will continue to assist you here. Thank you.
LowLevelGuy
New Contributor
2 years ago
Sorry, I'm really having trouble accepting this answer and meant to reply earlier... Are you suggesting that the FSBL is not part of the bitstream? This seems highly counterintuitive given the way the Quartus tooling is used...
FakhrulA_altera
Regular Contributor
2 years ago
Hi LowLevelGuy,
Apologies for the delay. I was consulting with the internal team to get clarification on this matter.
When we enabling bitstream encryption on HPS FSBL (included the hex file in the PFG tool), FSBL will be encrypted as well.
Sorry for the confusion.

Thank you for your patience.
Regards,
Fakhrul
FakhrulA_altera
Regular Contributor
2 years ago
As we haven't received a response to our previous notification, this thread will be transitioned to community support. We hope all your concerns have been addressed. If you have any new questions, please feel free to open a new thread to receive support from Intel experts. Otherwise, community users will continue to assist you here. Thank you.

Forum Discussion

SDM based encryption?

7 Replies

Recent Discussions

Unique ID registers in Cyclone V

Audio interface with Agilex 5 A5ED065BB32AI4S

Operating system kernel-level FPGA bridge communication

Routing PL DDR to PS

Validating ECC Functionality on Custom Agilex 5 SOM in Linux Kernel