5.1.13. Security Design Considerations

AN 763: Intel® Arria® 10 SoC Device Design Guidelines

Download PDF

ID 683192

Date 5/17/2022

Version 18.1

Public

Visible to Intel only — GUID: pde1458167311697

Ixiasoft

View Details

Document Table of Contents

Document Table of Contents x

1. Overview of Design Guidelines for Intel® Arria® 10 SoC FPGAs 2. Guidelines for Interconnecting the Intel® Arria® 10 HPS and FPGA 3. Design Guidelines for HPS Portion of Arria 10 SoC FPGAs 4. Board Design Guidelines for Arria 10 SoC FPGAs 5. Embedded Software Design Guidelines for Arria 10 SoC FPGAs

1. Overview of Design Guidelines for Intel® Arria® 10 SoC FPGAs x

1.1. SoC FPGA Designer's Checklist 1.2. Overview of HPS Design Guidelines for SoC FPGA design 1.3. Overview of Board Design Guidelines for SoC FPGA Design 1.4. Overview of Embedded Software Design Guidelines for SoC FPGA Design 1.5. Overview of Design Guidelines for Intel® Arria® 10 SoC FPGAs Revision History

2. Guidelines for Interconnecting the Intel® Arria® 10 HPS and FPGA x

2.1. Overview of HPS Memory-Mapped Interfaces 2.2. Recommended System Topologies 2.3. Guidelines for Interconnecting the Intel® Arria® 10 HPS and FPGA Revision History

2.1. Overview of HPS Memory-Mapped Interfaces x

2.1.1. HPS-to-FPGA Bridge 2.1.2. Lightweight HPS-to-FPGA Bridge 2.1.3. FPGA-to-HPS Bridge 2.1.4. FPGA-to-SDRAM Ports 2.1.5. Interface Bandwidths

2.2. Recommended System Topologies x

2.2.1. HPS Accesses to FPGA Fabric 2.2.2. Maintaining Cache Coherency 2.2.3. MPU Sharing Data with FPGA 2.2.4. Examples of Cacheable and Non-Cacheable Data Accesses From the FPGA

2.2.4. Examples of Cacheable and Non-Cacheable Data Accesses From the FPGA x

2.2.4.1. Example 1: FPGA Reading Data from HPS SDRAM Directly 2.2.4.2. Example 2: FPGA Writing Data into HPS SDRAM Directly 2.2.4.3. Example 3: FPGA Reading Cache Coherent Data from HPS 2.2.4.4. Example 4: FPGA Writing Cache Coherent Data to HPS

3. Design Guidelines for HPS Portion of Arria 10 SoC FPGAs x

3.1. Start your SoC FPGA design here 3.2. Design Considerations for Connecting Device I/O to HPS Peripherals and Memory 3.3. HPS Clocking and Reset Design Considerations 3.4. HPS EMIF Design Considerations 3.5. DMA Considerations 3.6. Design Guidelines for HPS Portion of Intel® Arria® 10 SoC FPGAs Revision History

3.1. Start your SoC FPGA design here x

3.1.1. Recommended Starting Point for HPS-to-FPGA Interface Designs 3.1.2. Determining your SoC FPGA Topology

3.2. Design Considerations for Connecting Device I/O to HPS Peripherals and Memory x

3.2.1. HPS Pin Multiplexing Design Considerations 3.2.2. HPS I/O Settings: Constraints and Drive Strengths

3.3. HPS Clocking and Reset Design Considerations x

3.3.1. HPS Clock Planning 3.3.2. Early Pin Planning and I/O Assignment Analysis 3.3.3. Pin Features and Connections for HPS Clocks, Reset and PoR 3.3.4. Internal Clocks 3.3.5. HPS Reset During FPGA Reconfiguration and FPGA Configuration Failures 3.3.6. HPS Peripheral Reset Management

3.4. HPS EMIF Design Considerations x

3.4.1. Considerations for Connecting HPS to SDRAM 3.4.2. HPS SDRAM I/O Locations 3.4.3. Integrating the Arria 10 HPS EMIF with the SoC FPGA Device 3.4.4. HPS Memory Debug

3.4.2. HPS SDRAM I/O Locations x

3.4.2.1. I/O Bank 2K, Lanes 0,1,2 (Addr/Cmd) 3.4.2.2. I/O Bank 2K, Lane 3 (ECC) 3.4.2.3. I/O Bank, 2J (Data) 3.4.2.4. I/O Bank, 2I (Data, 64-, 72-bit interfaces)

3.5. DMA Considerations x

3.5.1. Choosing a DMA Controller 3.5.2. Optimizing DMA Master Bandwidth through HPS Interconnect

4. Board Design Guidelines for Arria 10 SoC FPGAs x

4.1. Power On Board Bring Up and Boot ROM/Boot Loader Debugging 4.2. FPGA Reconfiguration 4.3. HPS Power Design Considerations 4.4. Boundary Scan for HPS 4.5. Design Guidelines for HPS Interfaces 4.6. Connection Guidelines for Unused HPS Block 4.7. Board Design Guidelines for Intel® Arria® 10 SoC FPGAs Revision History

4.2. FPGA Reconfiguration x

4.2.1. Flash Update with HPS Reboot 4.2.2. Partial Reconfiguration of the SoC FPGA

4.3. HPS Power Design Considerations x

4.3.1. Early System and Board Planning 4.3.2. Design Considerations for HPS and FPGA Power Supplies for SoC FPGA devices 4.3.3. Pin Connection Considerations for Board Designs 4.3.4. Power Analysis 4.3.5. Power Optimization

4.3.1. Early System and Board Planning x

4.3.1.1. Early Power Estimation

4.3.1.1. Early Power Estimation x

4.3.1.1.1. Main Worksheet 4.3.1.1.2. IO Worksheet 4.3.1.1.3. IO-IP Worksheet 4.3.1.1.4. HPS Worksheet

4.3.2. Design Considerations for HPS and FPGA Power Supplies for SoC FPGA devices x

4.3.2.1. Consider Device Power Consumption and HPS Performance 4.3.2.2. Consider Desired HPS Boot Clock Frequency

4.3.3. Pin Connection Considerations for Board Designs x

4.3.3.1. Device Power-Up 4.3.3.2. Power Pin Connections and Power Supplies

4.3.5. Power Optimization x

4.3.5.1. Processor and Memory Clock Speeds 4.3.5.2. MPU Standby Modes and Dynamic Clock Gating 4.3.5.3. Managing Peripheral Power 4.3.5.4. Managing Power by Shutting Down Supplies

4.5. Design Guidelines for HPS Interfaces x

4.5.1. HPS EMAC PHY Interfaces 4.5.2. USB Interface Design Guidelines 4.5.3. QSPI Flash Interface Design Guidelines 4.5.4. SD/MMC and eMMC Card Interface Design Guidelines 4.5.5. Provide Flash Memory Reset for QSPI and SD/MMC/eMMC 4.5.6. NAND Flash Interface Design Guidelines 4.5.7. UART Interface Design Guidelines 4.5.8. I2C Interface Design Guidelines

4.5.1. HPS EMAC PHY Interfaces x

4.5.1.1. PHY Interfaces Connected Through Shared I/O 4.5.1.2. PHY Interfaces Connected Through FPGA I/O 4.5.1.3. MDIO 4.5.1.4. Common PHY Interface Design Considerations

4.5.1.1. PHY Interfaces Connected Through Shared I/O x

4.5.1.1.1. RMII 4.5.1.1.2. RGMII

4.5.1.2. PHY Interfaces Connected Through FPGA I/O x

4.5.1.2.1. GMII/MII 4.5.1.2.2. Adapting to RMII 4.5.1.2.3. Adapting to SGMII

4.5.1.4. Common PHY Interface Design Considerations x

4.5.1.4.1. Signal Integrity

5. Embedded Software Design Guidelines for Arria 10 SoC FPGAs x

5.1. Embedded Software for HPS Design Guidelines 5.2. Support and Documentation 5.3. Embedded Software Design Guidelines for Intel® Arria® 10 SoC FPGAs Revision History

5.1. Embedded Software for HPS Design Guidelines x

5.1.1. Purpose 5.1.2. Assembling the components of your Software Development Platform 5.1.3. Selecting an Operating System for your application 5.1.4. Assembling your Software Development Platform for Linux 5.1.5. Assembling your Software Development Platform for a Bare-Metal Application 5.1.6. Assembling your Software Development Platform for Partner OS or RTOS 5.1.7. Choosing Boot Loader Software 5.1.8. Selecting Software Tools for Development, Debug and Trace 5.1.9. Board Bring Up Considerations 5.1.10. Boot and Configuration Design Considerations 5.1.11. Flash Device Driver Design Considerations 5.1.12. HPS ECC Design Considerations 5.1.13. Security Design Considerations GUIDELINE: Determine which parts of your design must be encrypted. Determine which parts of your design must be authenticated. Secure Boot – Chain Of Trust and Image Authentication Securing the Design IP - AES Encryption Secured Boot and IP - Authentication and Encryption Anti-Tamper 5.1.14. Embedded Software Debugging and Trace

5.1.2. Assembling the components of your Software Development Platform x

5.1.2.1. Golden Hardware Reference Design (GHRD)

5.1.3. Selecting an Operating System for your application x

5.1.3.1. Using Linux or RTOS 5.1.3.2. Developing a Bare-Metal Application 5.1.3.3. Using the Bootloader as a Bare-Metal Framework 5.1.3.4. Using Symmetrical vs. Asymmetrical Multiprocessing (SMP vs. AMP) Modes

5.1.4. Assembling your Software Development Platform for Linux x

5.1.4.1. Golden System Reference Design (GSRD) for Linux 5.1.4.2. GSRD for Linux Build Flow 5.1.4.3. Source Code Management Considerations 5.1.4.4. Linux Device Tree Design Considerations

5.1.8. Selecting Software Tools for Development, Debug and Trace x

5.1.8.1. Selecting Software Build Tools 5.1.8.2. Selecting Software Debug Tools 5.1.8.3. Selecting Software Trace Tools

5.1.9. Board Bring Up Considerations x

5.1.9.1. Plan the SDRAM Initialization

5.1.10. Boot and Configuration Design Considerations x

5.1.10.1. Boot Design Considerations 5.1.10.2. Configuration

5.1.10.1. Boot Design Considerations x

5.1.10.1.1. Boot Source 5.1.10.1.2. Select Desired Flash Device 5.1.10.1.3. BSEL Options 5.1.10.1.4. Boot Clock 5.1.10.1.5. Determine Boot Fuses Usage 5.1.10.1.6. CSEL Options 5.1.10.1.7. Determine Flash Programming Method 5.1.10.1.8. Selecting NAND Flash Devices 5.1.10.1.9. Selecting QSPI Flash Devices 5.1.10.1.10. Reference Materials

5.1.10.2. Configuration x

5.1.10.2.1. Traditional Configuration 5.1.10.2.2. HPS-Initiated Configuration

5.1.12. HPS ECC Design Considerations x

5.1.12.1. General ECC Design Considerations 5.1.12.2. ECC for External SDRAM Interface 5.1.12.3. ECC for L2 Cache Data Memory 5.1.12.4. ECC for Flash Memory

5.2. Support and Documentation x

5.2.1. Support 5.2.2. Hardware Documentation 5.2.3. Software Documentation

5.2.3. Software Documentation x

5.2.3.1. Example of Prebuilt Bootloaders for the Intel® Arria® 10 SoC Development Kit

1. Overview of Design Guidelines for Intel® Arria® 10 SoC FPGAs

1.1. SoC FPGA Designer's Checklist

1.2. Overview of HPS Design Guidelines for SoC FPGA design

1.3. Overview of Board Design Guidelines for SoC FPGA Design

1.4. Overview of Embedded Software Design Guidelines for SoC FPGA Design

1.5. Overview of Design Guidelines for Intel® Arria® 10 SoC FPGAs Revision History

2. Guidelines for Interconnecting the Intel® Arria® 10 HPS and FPGA

2.1. Overview of HPS Memory-Mapped Interfaces

2.1.1. HPS-to-FPGA Bridge

2.1.2. Lightweight HPS-to-FPGA Bridge

2.1.3. FPGA-to-HPS Bridge

2.1.4. FPGA-to-SDRAM Ports

2.1.5. Interface Bandwidths

2.2. Recommended System Topologies

2.2.1. HPS Accesses to FPGA Fabric

2.2.2. Maintaining Cache Coherency

2.2.3. MPU Sharing Data with FPGA

2.2.4. Examples of Cacheable and Non-Cacheable Data Accesses From the FPGA

2.2.4.1. Example 1: FPGA Reading Data from HPS SDRAM Directly

2.2.4.2. Example 2: FPGA Writing Data into HPS SDRAM Directly

2.2.4.3. Example 3: FPGA Reading Cache Coherent Data from HPS

2.2.4.4. Example 4: FPGA Writing Cache Coherent Data to HPS

2.3. Guidelines for Interconnecting the Intel® Arria® 10 HPS and FPGA Revision History

3. Design Guidelines for HPS Portion of Arria 10 SoC FPGAs

3.1. Start your SoC FPGA design here

3.1.1. Recommended Starting Point for HPS-to-FPGA Interface Designs

3.1.2. Determining your SoC FPGA Topology

3.2. Design Considerations for Connecting Device I/O to HPS Peripherals and Memory

3.2.1. HPS Pin Multiplexing Design Considerations

3.2.2. HPS I/O Settings: Constraints and Drive Strengths

3.3. HPS Clocking and Reset Design Considerations

3.3.1. HPS Clock Planning

3.3.2. Early Pin Planning and I/O Assignment Analysis

3.3.3. Pin Features and Connections for HPS Clocks, Reset and PoR

3.3.4. Internal Clocks

3.3.5. HPS Reset During FPGA Reconfiguration and FPGA Configuration Failures

3.3.6. HPS Peripheral Reset Management

3.4. HPS EMIF Design Considerations

3.4.1. Considerations for Connecting HPS to SDRAM

3.4.2. HPS SDRAM I/O Locations

3.4.2.1. I/O Bank 2K, Lanes 0,1,2 (Addr/Cmd)

3.4.2.2. I/O Bank 2K, Lane 3 (ECC)

3.4.2.3. I/O Bank, 2J (Data)

3.4.2.4. I/O Bank, 2I (Data, 64-, 72-bit interfaces)

3.4.3. Integrating the Arria 10 HPS EMIF with the SoC FPGA Device

3.4.4. HPS Memory Debug

3.5. DMA Considerations

3.5.1. Choosing a DMA Controller

3.5.2. Optimizing DMA Master Bandwidth through HPS Interconnect

3.6. Design Guidelines for HPS Portion of Intel® Arria® 10 SoC FPGAs Revision History

4. Board Design Guidelines for Arria 10 SoC FPGAs

4.1. Power On Board Bring Up and Boot ROM/Boot Loader Debugging

4.2. FPGA Reconfiguration

4.2.1. Flash Update with HPS Reboot

4.2.2. Partial Reconfiguration of the SoC FPGA

4.3. HPS Power Design Considerations

4.3.1. Early System and Board Planning

4.3.1.1. Early Power Estimation

4.3.1.1.1. Main Worksheet

4.3.1.1.2. IO Worksheet

4.3.1.1.3. IO-IP Worksheet

4.3.1.1.4. HPS Worksheet

4.3.2. Design Considerations for HPS and FPGA Power Supplies for SoC FPGA devices

4.3.2.1. Consider Device Power Consumption and HPS Performance

4.3.2.2. Consider Desired HPS Boot Clock Frequency

4.3.3. Pin Connection Considerations for Board Designs

4.3.3.1. Device Power-Up

4.3.3.2. Power Pin Connections and Power Supplies

4.3.4. Power Analysis

4.3.5. Power Optimization

4.3.5.1. Processor and Memory Clock Speeds

4.3.5.2. MPU Standby Modes and Dynamic Clock Gating

4.3.5.3. Managing Peripheral Power

4.3.5.4. Managing Power by Shutting Down Supplies

4.4. Boundary Scan for HPS

4.5. Design Guidelines for HPS Interfaces

4.5.1. HPS EMAC PHY Interfaces

4.5.1.1. PHY Interfaces Connected Through Shared I/O

4.5.1.1.1. RMII

4.5.1.1.2. RGMII

4.5.1.2. PHY Interfaces Connected Through FPGA I/O

4.5.1.2.1. GMII/MII

4.5.1.2.2. Adapting to RMII

4.5.1.2.3. Adapting to SGMII

4.5.1.3. MDIO

4.5.1.4. Common PHY Interface Design Considerations

4.5.1.4.1. Signal Integrity

4.5.2. USB Interface Design Guidelines

4.5.3. QSPI Flash Interface Design Guidelines

4.5.4. SD/MMC and eMMC Card Interface Design Guidelines

4.5.5. Provide Flash Memory Reset for QSPI and SD/MMC/eMMC

4.5.6. NAND Flash Interface Design Guidelines

4.5.7. UART Interface Design Guidelines

4.5.8. I2C Interface Design Guidelines

4.6. Connection Guidelines for Unused HPS Block

4.7. Board Design Guidelines for Intel® Arria® 10 SoC FPGAs Revision History

5. Embedded Software Design Guidelines for Arria 10 SoC FPGAs

5.1. Embedded Software for HPS Design Guidelines

5.1.1. Purpose

5.1.2. Assembling the components of your Software Development Platform

5.1.2.1. Golden Hardware Reference Design (GHRD)

5.1.3. Selecting an Operating System for your application

5.1.3.1. Using Linux or RTOS

5.1.3.2. Developing a Bare-Metal Application

5.1.3.3. Using the Bootloader as a Bare-Metal Framework

5.1.3.4. Using Symmetrical vs. Asymmetrical Multiprocessing (SMP vs. AMP) Modes

5.1.4. Assembling your Software Development Platform for Linux

5.1.4.1. Golden System Reference Design (GSRD) for Linux

5.1.4.2. GSRD for Linux Build Flow

5.1.4.3. Source Code Management Considerations

5.1.4.4. Linux Device Tree Design Considerations

5.1.5. Assembling your Software Development Platform for a Bare-Metal Application

5.1.6. Assembling your Software Development Platform for Partner OS or RTOS

5.1.7. Choosing Boot Loader Software

5.1.8. Selecting Software Tools for Development, Debug and Trace

5.1.8.1. Selecting Software Build Tools

5.1.8.2. Selecting Software Debug Tools

5.1.8.3. Selecting Software Trace Tools

5.1.9. Board Bring Up Considerations

5.1.9.1. Plan the SDRAM Initialization

5.1.10. Boot and Configuration Design Considerations

5.1.10.1. Boot Design Considerations

5.1.10.1.1. Boot Source

5.1.10.1.2. Select Desired Flash Device

5.1.10.1.3. BSEL Options

5.1.10.1.4. Boot Clock

5.1.10.1.5. Determine Boot Fuses Usage

5.1.10.1.6. CSEL Options

5.1.10.1.7. Determine Flash Programming Method

5.1.10.1.8. Selecting NAND Flash Devices

5.1.10.1.9. Selecting QSPI Flash Devices

5.1.10.1.10. Reference Materials

5.1.10.2. Configuration

5.1.10.2.1. Traditional Configuration

5.1.10.2.2. HPS-Initiated Configuration

5.1.11. Flash Device Driver Design Considerations

5.1.12. HPS ECC Design Considerations

5.1.12.1. General ECC Design Considerations

5.1.12.2. ECC for External SDRAM Interface

5.1.12.3. ECC for L2 Cache Data Memory

5.1.12.4. ECC for Flash Memory

5.1.13. Security Design Considerations

GUIDELINE: Determine which parts of your design must be encrypted. Determine which parts of your design must be authenticated.
Secure Boot – Chain Of Trust and Image Authentication
Securing the Design IP - AES Encryption
Secured Boot and IP - Authentication and Encryption
Anti-Tamper

5.1.14. Embedded Software Debugging and Trace

5.2. Support and Documentation

5.2.1. Support

5.2.2. Hardware Documentation

5.2.3. Software Documentation

5.2.3.1. Example of Prebuilt Bootloaders for the Intel® Arria® 10 SoC Development Kit

5.3. Embedded Software Design Guidelines for Intel® Arria® 10 SoC FPGAs Revision History

Visible to Intel only — GUID: pde1458167311697

Ixiasoft

View Details

5.1.13. Security Design Considerations

The Intel® Arria® 10 SoC provides a framework for implementing secure systems through a layered hardware and software solution. When designing a secure system, you can implement several security levels depending on your system's security requirements.

GUIDELINE: Determine which parts of your design must be encrypted. Determine which parts of your design must be authenticated.

Secure Boot – Chain Of Trust and Image Authentication

Secure Boot ensures that a Chain of Trust is established for all boot stages. Each boot stage must authenticate subsequent stages prior to loading and executing by verifying the image's signed certificate.

The boot stages can span from the initial Second Stage Bootloader to the final application loaded by the OS.

Figure 22. Secure Boot - Chain of Trust and Image Authentication

For more information, refer to the Intel® Arria® 10 SoC Secure Boot User Guide.

Securing the Design IP - AES Encryption

To secure the FPGA design IP, use AES encryption. Encrypt the design IP before storing it on the intended boot device storage area. If the AES security keys are verified by the SoC, then the image is decrypted during configuration load time.

Figure 23. AES Encryption

Secured Boot and IP - Authentication and Encryption

This level offers the most security because all runtime SW and Data IP is authenticated and successfully decrypted during system bring up.

Anti-Tamper

This Security Level uses a defined logic to post notification when an attempt to tamper the device has been detected.

Related Information

Intel® Arria® 10 SoC Secure Boot User Guide

Level Two Title

Select Your Language

Using Intel.com Search

Quick Links

Recent Searches

Advanced Search

Only search in

AN 763: Intel® Arria® 10 SoC Device Design Guidelines

5.1.13. Security Design Considerations

GUIDELINE: Determine which parts of your design must be encrypted. Determine which parts of your design must be authenticated.

Secure Boot – Chain Of Trust and Image Authentication

Securing the Design IP - AES Encryption

Secured Boot and IP - Authentication and Encryption

Anti-Tamper