Robust Full-Lifecycle Security with Altera FPGAs
In today's world of interconnected devices, security design has become a critical requirement across all industries. Altera's FPGAs offer built-in, industry-leading security features that allow design engineers to easily protect their products without sacrificing valuable design time.
Clarification on Agilex 3 W vs Y Device Variants and Security Feature Mapping
Hi support team, I hope you are doing well. I am currently evaluating Agilex™ 3 devices for a design and would like to clarify the detailed differences between the W and Y device variants, particularly regarding their security capabilities. After reviewing several official documents, I found that the description is not entirely aligned, and I would appreciate your clarification with references to the official definitions. I have mainly referred to the following documents: Security Overview for SDM-Based FPGA Devices Agilex™ 3 FPGAs and SoCs C‑Series Product Table Agilex™ 3 FPGAs and SoCs Device Data Sheet Questions and points needing clarification In the Agilex 3 product table, the W/Y/Z variants are differentiated by a “C-r-y-p-t-o” field. Could you please clarify: What exactly is included in “C-r-y-p-t-o”? Does this explicitly include: ECDSA authentication SHA‑384 integrity verification Secure boot / authenticated configuration Or does it also include lower-level cryptographic primitives (AES, SHA engines, etc.)? 2, In the Security Overview document, it states that: SDM contains cryptographic engines (AES, SHA, ECC) and key management hardware, and these can also be accessed by user logic. From this description, it appears that: Cryptographic primitives exist in the platform (even for Y devices) So the question is: Are cryptographic engines available in both Y and W variants? If yes, is the difference that: W enables secure system-level usage (authentication / secure boot) while Y only exposes these engines for user application use? 3,From the product table and security overview: PUF SPDM attestation Physical anti‑tamper monitoring appear to be available beyond just W variants. Could you confirm: Are these features available on both Y and W devices? If so, what is the functional difference in how they are used? For example: Monitoring vs enforcement Reporting vs blocking 4,In the document: Security Overview for SDM-Based FPGA Devices Table 1 seems to indicate that Agilex 3 devices generally support both encryption and authentication, without distinguishing between W and Y variants. This creates confusion when compared with the product table. Could you please clarify: Is Table 1 describing platform-level capability (architecture-based) rather than specific device configurations? And is the correct interpretation that: Only W variants enable full cryptographic security flows (e.g. authenticated configuration / root-of-trust) while Y variants provide only partial or application-level capabilities? My design really care the security and low power consumption rather than performance or high speed tranceivers. we only nee 30KLE, 300Kbit RAM, 2 PLL,200GPIO, no tranceiver ,no high speed needed so smaller density A3CY025BB18AI7S of Agilex3 might suitable but security W is not available in that small density, so I would like to know if we choose Code Y then what security features is missing from W. Regard JLAddressing PQC and CRA with Crypto-Agile Security in Agilex™ Devices
A look at today’s evolving security requirements affecting the semiconductor industry, including post-quantum cryptography (PQC) and the Cyber Resilience Act (CRA), and how Altera’s latest capabilities in Agilex™ 3 and Agilex™ 5 FPGAs and SoCs are helping to enable future-proof security functions today.
