Intel® Stratix® 10 Device Design Guidelines

Download PDF
ID 683738
Date 8/24/2022
Public
Document Table of Contents
Document Table of Contents x
Intel® Stratix® 10 Device Design Guidelines
Intel® Stratix® 10 Device Design Guidelines x
Design Flow System Specification Device Selection Early System and Board Planning Pin Connection Considerations for Board Design I/O and Clock Planning Security Considerations Design Entry Design Implementation, Analysis, Optimization, and Verification Document Revision History for Intel® Stratix® 10 Device Design Guidelines
System Specification x
Design Specifications IP Selection Platform Designer
Device Selection x
Device Variant PLLs and Clock Routing Logic, Memory, and Multiplier Density I/O Pin Count, LVDS Channels, and Package Offering Speed Grade Vertical Device Migration
Early System and Board Planning x
Power and Thermal Estimation Thermal Management and Design Temperature Sensing for Thermal Management Voltage Sensor Planning for Device Configuration Planning for On-Chip Debugging
Planning for Device Configuration x
Device Power Cycling and Reconfiguration Configuration Scheme Selection Configuration Features Intel® Quartus® Prime Configuration Settings
Configuration Scheme Selection x
Serial Configuration Devices Download Cables
Intel® Quartus® Prime Configuration Settings x
Optional Configuration Pins Dual Purpose Configuration Pins
Planning for On-Chip Debugging x
On-Chip Debugging Tools Planning Guidelines for Debugging Tools
Pin Connection Considerations for Board Design x
Device Power-Up Power Pin Connections and Power Supplies Configuration Pin Connections Board-Related Intel® Quartus® Prime Settings Signal Integrity Considerations Board-Level Simulation and Advanced I/O Timing Analysis
Power Pin Connections and Power Supplies x
Decoupling Capacitors PLL Board Design Guidelines Transceiver Board Design Guidelines
Configuration Pin Connections x
Configuration Pin Voltage Level Clock Trace Signal Integrity JTAG Pins MSEL Configuration Mode Pins Other Configuration Pins
JTAG Pins x
JTAG Pin Connections Download Cable Operating Voltage JTAG Signal Buffering
Board-Related Intel® Quartus® Prime Settings x
Unused Pins
Signal Integrity Considerations x
High-Speed Board Design Voltage Reference Pins Simultaneous Switching Noise I/O Termination
I/O and Clock Planning x
Making FPGA Pin Assignments Early Pin Planning and I/O Assignment Analysis I/O Features and Pin Connections Clock and PLL Selection PLL Feature Guidelines Clock Control Features I/O Simultaneous Switching Noise
I/O Features and Pin Connections x
I/O Signaling Type Selectable Standards and Flexible I/O Banks Memory Interfaces Dual-Purpose and Special Pin Connections Intel® Stratix® 10 I/O Features
PLL Feature Guidelines x
Clock Feedback Mode Clock Outputs
Design Entry x
Design Recommendations Using IP Cores Reconfiguration Recommended HDL Coding Styles
Design Implementation, Analysis, Optimization, and Verification x
Selecting a Synthesis Tool Device Resource Utilization Reports Intel® Quartus® Prime Messages Timing Constraints and Analysis Area and Timing Optimization Preserving Performance and Reducing Compilation Time Designing with Intel® Hyperflex™ Simulation Power Analysis Power Optimization
Timing Constraints and Analysis x
Recommended Timing Optimization and Analysis Assignments
Power Optimization x
Device and Design Power Optimization Techniques Intel® Quartus® Prime Power Optimization Techniques
Device and Design Power Optimization Techniques x
Device Speed Grade Clock Power Management Memory Power Reduction I/O Power Guidelines
Intel® Quartus® Prime Power Optimization Techniques x
Power Optimization Advisor
Intel® Stratix® 10 Device Design Guidelines

Security Considerations

Table 60.  Security Considerations Checklist
Number Done? Checklist Item
1   Consider whether your design requires device security features to be enabled. If so, you must provide power to the VCCFUSEWR_SDM rail for authentication fuse management.
2   Consider whether your design requires bitstream encryption, and whether the encryption keys are stored in Battery-Backed RAM (BBRAM). If so, plan to provide power to the VCCBAT pin using a battery on the board.
3   Consider licensing terms that best suit your requirements for the available device variants.

Intel® Stratix® 10 devices provide flexible and robust security features to help protect sensitive data, intellectual property, and the device itself under both remote and physical attacks. Intel® Stratix® 10 devices provide two main categories of security features:

  • Authentication—Authentication helps ensure that the device firmware and optionally the configuration bitstream are from a trusted source. Device firmware authentication is always performed. Owner bitstream authentication must be enabled to use any other security features available on Intel® Stratix® 10 devices.
  • Encryption—Encryption helps protect confidential information in the owner configuration bitstream and reduces the threat of intellectual property theft.

When designing a system with an Intel® Stratix® 10 device that utilizes device security features, you must consider provisions for enabling and managing the features throughout the expected operating lifetime of the device. To enable owner bitstream authentication, you must program an owner root key hash into eFuses. For devices with design security features enabled, Intel strongly recommends updating to the latest available device firmware and canceling old firmware IDs as necessary. Cancellation of firmware and device design IDs are managed in eFuses. Therefore, you must provide appropriate power to the VCCFUSEWR_SDM pin if you enable device security features. Devices with design security features enabled are not able to respond to security vulnerabilities if they cannot blow fuses. For more information about powering on VCCFUSEWR_SDM, refer to the Intel® Stratix® 10 Device Family Pin Connection Guidelines. For more information about cancellation of firmware IDs, refer to the Intel® Stratix® 10 Device Security User Guide.

You may also need to consider encryption key storage and management. If bitstream encryption is enabled on the Intel® Stratix® 10 device, you need to store the encryption key on the device. The encryption key may be stored in Battery-Backed RAM (BBRAM) or eFuses. Storing the encryption key in eFuses is permanent, while storing the encryption key in BBRAM allows for key wipe or reprovisioning. If the design requires encryption key storage in BBRAM, a non-volatile battery must be connected to the VCCBAT pin. For more information about connecting a battery to the VCCBAT pin, refer to the Intel® Stratix® 10 Device Family Pin Connection Guidelines. Intel® Stratix® 10 devices with -BK suffix support black key provisioning which helps protect the confidentiality of the Advanced Encryption Standard (AES) root key during the provisioning process.

Table 61.  Authentication and Advanced Security Features Support for Intel® Stratix® 10 Devices

Security features are available in Intel® Stratix® 10 devices that support advanced security. Devices with advanced security enabled can only load firmware using the Intel® Quartus® Prime Pro Edition software.

Contact your Intel Sales representatives for more information about Intel® Stratix® 10 device security features.

Intel® Stratix® 10 Device Variant Authentication Advanced Security (Includes Encryption)
GX Yes -AS suffix devices
GX 10M Yes No
SX Yes -AS suffix devices
MX Yes -AS suffix devices
TX Yes -AS suffix devices
DX Yes Yes
Related Information
Level Two Title