Intel Agilex 7 Device Security User Manual

June 16, 2024
Intel

Intel Agilex 7 Device Security

Intel-Agilex-7-Device-Security-image

Product Information

Specifications

  • Model Number: UG-20335
  • Release Date: 2023.05.23

Product Usage Instructions

1. Commitment to Product Security

Intel is committed to product security and recommends users to familiarize themselves with the product security resources provided. These resources should be utilized throughout the life of the Intel product.

2. Planned Security Features

The following security features are planned for a future release of Intel Quartus Prime Pro Edition software:

  • Partial Reconfiguration Bitstream Security Verification: Provides additional assurance that Partial Reconfiguration (PR) bitstreams cannot access or interfere with other PR persona bitstreams.
  • Device Self-Kill for Physical Anti-Tamper: Performs a device wipe or device zeroization response and programs eFuses to prevent the device from configuring again.

3. Available Security Documentation

The following table lists the available documentation for device security features on Intel FPGA and Structured ASIC devices:

Document Name Purpose

Security Methodology for Intel FPGAs and Structured ASICs User
Guide| Top-level document that provides detailed descriptions of
security features and technologies in Intel Programmable Solutions
Products. Helps users select the necessary security features to
meet their security objectives.
Intel Stratix 10 Device Security User Guide| Instructions for users of Intel Stratix 10 devices to implement
the security features identified using the Security Methodology
User Guide.
Intel Agilex 7 Device Security User Guide| Instructions for users of Intel Agilex 7 devices to implement
the security features identified using the Security Methodology
User Guide.
Intel eASIC N5X Device Security User Guide| Instructions for users of Intel eASIC N5X devices to implement
the security features identified using the Security Methodology
User Guide.
Intel Agilex 7 and Intel eASIC N5X HPS Cryptographic Services
User Guide| Information for HPS software engineers on the implementation
and use of HPS software libraries to access cryptographic services
provided by the SDM.
AN-968 Black Key Provisioning Service Quick Start Guide| Complete set of steps to set up the Black Key Provisioning
service.

Frequently Asked Questions

Q: What is the purpose of the Security Methodology User Guide?

A: The Security Methodology User Guide provides detailed descriptions of security features and technologies in Intel Programmable Solutions Products. It helps users select the necessary security features to meet their security objectives.

Q: Where can I find the Intel Agilex 7 Device Security User Guide?

A: The Intel Agilex 7 Device Security User Guide can be found on the Intel Resource and Design Center website.

Q: What is the Black Key Provisioning service?

A: The Black Key Provisioning service is a service that provides a complete set of steps to set up key provisioning for secure operations.

Intel Agilex® 7 Device Security User Guide
Updated for Intel® Quartus® Prime Design Suite: 23.1

Online Version Send Feedback

UG-20335

683823 2023.05.23

Intel Agilex® 7 Device Security User Guide 2

Send Feedback

Intel Agilex® 7 Device Security User Guide 3

683823 | 2023.05.23 Send Feedback
1. Intel Agilex® 7

Device Security Overview

Intel® designs the Intel Agilex® 7 devices with dedicated, highly-configurable security hardware and firmware.
This document contains instructions to help you use Intel Quartus® Prime Pro Edition software to implement security features on your Intel Agilex 7 devices.
Additionally, the Security Methodology for Intel FPGAs and Structured ASICs User Guide is available on the Intel Resource & Design Center. This document contains detailed descriptions of the security features and technologies that are available through Intel Programmable Solutions products to help you select the security features necessary to meet your security objectives. Contact Intel Support with reference number 14014613136 to access the Security Methodology for Intel FPGAs and Structured ASICs User Guide.
The document is organized as follows: · Authentication and Authorization: Provides instructions to create
authentication keys and signature chains, apply permissions and revocations, sign objects, and program authentication features on Intel Agilex 7 devices. · AES Bitstream Encryption: Provides instructions to create an AES root key, encrypt configuration bitstreams, and provision the AES root key to Intel Agilex 7 devices. · Device Provisioning: Provides instructions to use the Intel Quartus Prime Programmer and Secure Device Manager (SDM) provision firmware to program security features on Intel Agilex 7 devices. · Advanced Features: Provides instructions to enable advanced security features, including secure debug authorization, Hard Processor System (HPS) debug, and remote system update.
1.1. Commitment to Product Security
Intel’s long-lasting commitment to security has never been stronger. Intel strongly recommends that you become familiar with our product security resources and plan to utilize them throughout the life of your Intel product.
Related Information · Product Security at Intel · Intel Product Security Center Advisories

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

1. Intel Agilex® 7 Device Security Overview 683823 | 2023.05.23

1.2. Planned Security Features

Features mentioned in this section are planned for a future release of Intel Quartus Prime Pro Edition software.

Note:

The information in this section is preliminary.

1.2.1. Partial Reconfiguration Bitstream Security Verification
Partial reconfiguration (PR) bitstream security validation helps provide additional assurance that PR persona bitstreams cannot access or interfere with other PR persona bitstreams.

1.2.2. Device Self-Kill for Physical Anti-Tamper
Device self-kill performs a device wipe or device zeroization response and additionally programs eFuses to prevent the device from configuring again.

1.3. Available Security Documentation

The following table enumerates the available documentation for device security features on Intel FPGA and Structured ASIC devices:

Table 1.

Available Device Security Documentation

Document Name
Security Methodology for Intel FPGAs and Structured ASICs User Guide

Purpose
Top-level document that contains detailed descriptions of security features and technologies in Intel Programmable Solutions Products. Intended to help you select the security features necessary to meet your security objectives.

Document ID 721596

Intel Stratix 10 Device Security User Guide
Intel Agilex 7 Device Security User Guide

For users of Intel Stratix 10 devices, this guide contains instructions to use Intel Quartus Prime Pro Edition software to implement the security features identified using the Security Methodology User Guide.
For users of Intel Agilex 7 devices, this guide contains instructions to use Intel Quartus Prime Pro Edition software to implement the security features identified using the Security Methodology User Guide.

683642 683823

Intel eASIC N5X Device Security User Guide

For users of Intel eASIC N5X devices, this guide contains instructions to use Intel Quartus Prime Pro Edition software to implement the security features identified using the Security Methodology User Guide.

626836

Intel Agilex 7 and Intel eASIC N5X HPS Cryptographic Services User Guide

This guide contains information to assist HPS software engineers in the implementation and use of HPS software libraries to access cryptographic services provided by the SDM.

713026

AN-968 Black Key Provisioning Service Quick Start Guide

This guide contains complete set of steps to set up the Black Key Provisioning service.

739071

Location Intel Resource and
Design Center
Intel.com
Intel.com
Intel Resource and Design Center
Intel Resource and Design Center
Intel Resource and Design Center

Send Feedback

Intel Agilex® 7 Device Security User Guide 5

683823 | 2023.05.23 Send Feedback

Authentication and Authorization

To enable the authentication features of an Intel Agilex 7 device, you begin by using the Intel Quartus Prime Pro Edition software and associated tools to build a signature chain. A signature chain consists of a root key, one or more signing keys, and applicable authorizations. You apply the signature chain to your Intel Quartus Prime Pro Edition project and compiled programming files. Use the instructions in Device Provisioning to program your root key into Intel Agilex 7 devices.
Related Information
Device Provisioning on page 25

2.1. Creating a Signature Chain
You may use the quartus_sign tool or the agilex_sign.py reference implementation to perform signature chain operations. This document provides examples using quartus_sign.
To use the reference implementation, you substitute a call to the Python interpreter included with Intel Quartus Prime software and omit the –family=agilex option; all other options are equivalent. For example, the quartus_sign command found later in this section
quartus_sign –family=agilex –operation=make_root root_public.pem root.qky can be converted into the equivalent call to the reference implementation as follows
pgm_py agilex_sign.py –operation=make_root root_public.pem root.qky

Intel Quartus Prime Pro Edition software includes the quartus_sign, pgm_py, and agilex_sign.py tools. You may use the Nios® II command shell tool, which automatically sets appropriate environment variables to access the tools.

Follow these instructions to bring up a Nios II command shell. 1. Bring up a Nios II command shell.

Option Windows
Linux

Description
On the Start menu, point to Programs Intel FPGA Nios II EDS and click Nios II Command Shell.
In a command shell change to the /nios2eds and run the following command:
./nios2_command_shell.sh

The examples in this section assume signature chain and configuration bitstream files are located in the current working directory. If you choose to follow the examples where key files are kept on the file system, those examples assume the key files are

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

2. Authentication and Authorization 683823 | 2023.05.23
located in the current working directory. You may choose which directories to use, and the tools support relative file paths. If you choose to keep key files on the file system, you must carefully manage access permissions to those files.
Intel recommends that a commercially available Hardware Security Module (HSM) be used to store cryptographic keys and perform cryptographic operations. The quartus_sign tool and reference implementation include a Public Key Cryptography Standard #11 (PKCS #11) Application Programming Interface (API) to interact with an HSM while performing signature chain operations. The agilex_sign.py reference implementation includes an interface abstract as well as an example interface to SoftHSM.
You may use these example interfaces to implement an interface to your HSM. Refer to the documentation from your HSM vendor for more information about implementing an interface to and operating your HSM.
SoftHSM is a software implementation of a generic cryptographic device with a PKCS #11 interface that is made available by the OpenDNSSEC® project. You may find more information, including instructions on how to download, build, and install OpenHSM, at the OpenDNSSEC project. The examples in this section utilize SoftHSM version 2.6.1. The examples in this section additionally use the pkcs11-tool utility from OpenSC to perform additional PKCS #11 operations with a SoftHSM token. You may find more information, including instructions on how to download, build, and install pkcs11tool from OpenSC.
Related Information
· The OpenDNSSEC project Policy-based zone signer for automating the process of DNSSEC keys tracking.
· SoftHSM Information about the implementation of a cryptographic store accessible through a PKCS #11 interface.
· OpenSC Provides set of libraries and utilities able to work with smart cards.
2.1.1. Creating Authentication Key Pairs on the Local File System
You use the quartus_sign tool to create authentication key pairs on the local file system using the make_private_pem and make_public_pem tool operations. You first generate a private key with the make_private_pem operation. You specify the elliptic curve to use, the private key filename, and optionally whether to protect the private key with a passphrase. Intel recommends the use of the secp384r1 curve and following industry best practices to create a strong, random passphrase on all private key files. Intel also recommends restricting the file system permissions on the private key .pem files to read by owner only. You derive the public key from the private key with the make_public_pem operation. It is helpful to name the key .pem files descriptively. This document uses the convention

_.pem in the following examples. 1\. In the Nios II command shell, run the following command to create a private key. The private key, shown below, is used as the root key in later examples that create a signature chain. Intel Agilex 7 devices support multiple root keys, so you

Send Feedback

Intel Agilex® 7 Device Security User Guide 7

2. Authentication and Authorization 683823 | 2023.05.23

repeat this step to create your required number of root keys. Examples in this document all refer to the first root key, though you may build signature chains in a similar fashion with any root key.

Option With passphrase

Description
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem Enter the passphrase when prompted to do so.

Without passphrase

quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 –no_passphrase root0_private.pem

2. Run the following command to create a public key using the private key generated in the previous step. You do not need to protect the confidentiality of a public key.
quartus_sign –family=agilex –operation=make_public_pem root0_private.pem root0_public.pem
3. Run the commands again to create a key pair used as the design signing key in the signature chain.
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 design0_sign_private.pem

quartus_sign –family=agilex –operation=make_public_pem design0_sign_private.pem design0_sign_public.pem

2.1.2. Creating Authentication Key Pairs in SoftHSM
The SoftHSM examples in this chapter are self-consistent. Certain parameters depend on your SoftHSM installation and a token initialization within SoftHSM.
The quartus_sign tool depends on the PKCS #11 API library from your HSM.
The examples in this section assume that the SoftHSM library is installed to one of the following locations: · /usr/local/lib/softhsm2.so on Linux · C:SoftHSM2libsofthsm2.dll on 32-bit version of Windows · C:SoftHSM2libsofthsm2-x64.dll on 64-bit version of Windows.
Initialize a token within SoftHSM using the softhsm2-util tool:
softhsm2-util –init-token –label agilex-token –pin agilex-token-pin –so-pin agilex-so-pin –free
The option parameters, particularly the token label and token pin are examples used throughout this chapter. Intel recommends that you follow instructions from your HSM vendor to create and manage tokens and keys.
You create authentication key pairs using the pkcs11-tool utility to interact with the token in SoftHSM. Instead of explicitly referring to the private and public key .pem files in the file system examples, you refer to the key pair by its label and the tool selects the appropriate key automatically.

Intel Agilex® 7 Device Security User Guide 8

Send Feedback

2. Authentication and Authorization 683823 | 2023.05.23

Run the following commands to create a key pair used as the root key in later examples as well as a key pair used as a design signing key in the signature chain:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex- token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC:secp384r1 –usage-sign –label root0 –id 0
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex- token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC:secp384r1 –usage-sign –label design0_sign –id 1

Note:

The ID option in this step must be unique to each key, but it is used only by the HSM. This ID option is unrelated to the key cancellation ID assigned in the signature chain.

2.1.3. Creating the Signature Chain Root Entry
Convert the root public key into a signature chain root entry, stored on the local file system in the Intel Quartus Prime key (.qky) format file, with the make_root operation. Repeat this step for each root key you generate.
Run the following command to create a signature chain with a root entry, using a root public key from the file system:
quartus_sign –family=agilex –operation=make_root –key_type=owner root0_public.pem root0.qky
Run the following command to create a signature chain with a root entry, using the root key from the SoftHSM token established in the prior section:
quartus_sign –family=agilex –operation=make_root –key_type=owner –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex- token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” root0 root0.qky

2.1.4. Creating a Signature Chain Public Key Entry
Create a new public key entry for a signature chain with the append_key operation. You specify the prior signature chain, the private key for the last entry in the prior signature chain, the next level public key, the permissions and cancellation ID you assign to the next level public key, and the new signature chain file.
Notice that the softHSM library is not available with Quartus installation and instead needs to be installed separately. For more information about softHSM refer to Section Creating a Signature Chain above.

Send Feedback

Intel Agilex® 7 Device Security User Guide 9

2. Authentication and Authorization 683823 | 2023.05.23
Depending on your use of keys on the file system or in an HSM, you use one of the following example commands to append the design0_sign public key to the root signature chain created in the prior section:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=6 –cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=root0 –previous_qky=root0.qky –permission=6 –cancel=0 –input_keyname=design0_sign design0_sign_chain.qky
You may repeat the append_key operation up to two more times for a maximum of three public key entries between the root entry and header block entry in any one signature chain.
The following example assumes you created another authentication public key with the same permissions and assigned cancellation ID 1 called design1_sign_public.pem, and are appending this key to the signature chain from the previous example:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –permission=6 –cancel=1 –input_pem=design1_sign_public.pem design1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=design0_sign –previous_qky=design0_sign_chain.qky –permission=6 –cancel=1 –input_keyname=design1_sign design1_sign_chain.qky
Intel Agilex 7 devices include an additional key cancellation counter to facilitate the use of a key that may change periodically throughout the life of a given device. You may select this key cancellation counter by changing the argument of the –cancel option to pts:pts_value.
2.2. Signing a Configuration Bitstream
Intel Agilex 7 devices support Security Version Number (SVN) counters, which allow you to revoke the authorization of an object without canceling a key. You assign the SVN counter and the appropriate SVN counter value during the signing of any object, such as a bitstream section, firmware .zip file, or compact certificate. You assign the SVN counter and SVN value using the –cancel option and svn_counter:svn_value as the argument. Valid values for svn_counter are svnA, svnB, svnC, and svnD. The svn_value is an integer within the range [0,63].

Intel Agilex® 7 Device Security User Guide 10

Send Feedback

2. Authentication and Authorization 683823 | 2023.05.23
2.2.1. Quartus Key File Assignment
You specify a signature chain in your Intel Quartus Prime software project to enable the authentication feature for that design. From the Assignments menu, select Device Device and Pin Options Security Quartus Key File, then browse to the signature chain .qky file you created to sign this design.
Figure 1. Enable Configuration Bitstream Setting

Alternatively, you may add the following assignment statement to your Intel Quartus Prime Settings file (.qsf):
set_global_assignment -name QKY_FILE design0_sign_chain.qky
To generate a .sof file from a previously compiled design, that includes this setting, from the Processing menu, select Start Start Assembler. The new output .sof file includes the assignments to enable authentication with the provided signature chain.

Send Feedback

Intel Agilex® 7 Device Security User Guide 11

2. Authentication and Authorization 683823 | 2023.05.23
2.2.2. Co-Signing SDM Firmware
You use the quartus_sign tool to extract, sign, and install the applicable SDM firmware .zip file. The co-signed firmware is then included by the programming file generator tool when you convert .sof file into a configuration bitstream .rbf file. You use the following commands to create a new signature chain and sign SDM firmware.
1. Create a new signing key pair.
a. Create a new signing key pair on the file system:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 firmware1_private.pem
quartus_sign –family=agilex –operation=make_public_pem firmware1_private.pem firmware1_public.pem
b. Create a new signing key pair in the HSM:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex- token –login –pin agilex-token-pin –keypairgen -­mechanism ECDSA-KEY-PAIR-GEN –key-type EC:secp384r1 –usage-sign –label firmware1 –id 1
2. Create a new signature chain containing the new public key:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x1 –cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=root0 –previous_qky=root0.qky –permission=1 –cancel=1 –input_keyname=firmware1 firmware1_sign_chain.qky
3. Copy the firmware .zip file from your Intel Quartus Prime Pro Edition software installation directory (/devices/programmer/firmware/ agilex.zip) to the current working directory.
quartus_sign –family=agilex –get_firmware=.
4. Sign the firmware .zip file. The tool automatically unpacks the .zip file and individually signs all firmware .cmf files, then rebuilds the .zip file for use by the tools in the following sections:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip signed_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Intel Agilex® 7 Device Security User Guide 12

Send Feedback

2. Authentication and Authorization 683823 | 2023.05.23

–keyname=firmware1 –cancel=svnA:0 –qky=firmware1_sign_chain.qky agilex.zip signed_agilex.zip

2.2.3. Signing Configuration Bitstream Using the quartus_sign Command
To sign a configuration bitstream using the quartus_sign command, you first convert the .sof file to the unsigned raw binary file (.rbf) format. You may optionally specify co-signed firmware using the fw_source option during the conversion step.
You can generate the unsigned raw bitstream in .rbf format using the following command:
quartus_pfg ­c ­o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
Run one of the following commands to sign the bitstream using the quartus_sign tool depending on the location of your keys:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf signed_bitstream.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf signed_bitstream.rbf
You may convert signed .rbf files to other configuration bitstream file formats.
For example, if you are using the Jam* Standard Test and Programming Language (STAPL) Player to program a bitstream over JTAG, you use the following command to convert an .rbf file to the .jam format that the Jam STAPL Player requires:
quartus_pfg -c signed_bitstream.rbf signed_bitstream.jam

2.2.4. Partial Reconfiguration Multi-Authority Support

Intel Agilex 7 devices support partial reconfiguration multi-authority authentication, where the device owner creates and signs the static bitstream, and a separate PR owner creates and signs PR persona bitstreams. Intel Agilex 7 devices implement multi-authority support by assigning the first authentication root key slots to the device or static bitstream owner and assigning the final authentication root key slot to the partial reconfiguration persona bitstream owner.
If the authentication feature is enabled, then all PR persona images must be signed, including nested PR persona images. PR persona images may be signed by either the device owner or by the PR owner; however, static region bitstreams must be signed by the device owner.

Note:

Partial Reconfiguration static and persona bitstream encryption when multi- authority support is enabled is planned in a future release.

Send Feedback

Intel Agilex® 7 Device Security User Guide 13

2. Authentication and Authorization 683823 | 2023.05.23

Figure 2.

Implementing partial reconfiguration multi-authority support requires several steps:
1. The device or static bitstream owner generates one or more authentication root keys as described in Creating Authentication Key Pairs in SoftHSM on page 8, where the –key_type option has value owner.
2. The partial reconfiguration bitstream owner generates an authentication root key but changes the –key_type option value to secondary_owner.
3. Both the static bitstream and partial reconfiguration design owners ensure that the Enable Multi-Authority support checkbox is enabled in the Assignments Device Device and Pin Options Security tab.
Intel Quartus Prime Enable Multi-Authority Option Settings

4. Both the static bitstream and partial reconfiguration design owners create signature chains based on their respective root keys as described in Creating a Signature Chain on page 6.
5. Both the static bitstream and partial reconfiguration design owners convert their compiled designs to .rbf format files and sign the .rbf files.
6. The device or static bitstream owner generates and signs a PR public key program authorization compact certificate.
quartus_pfg –ccert ­o ccert_type=PR_PUBKEY_PROG_AUTH ­o owner_qky_file=”root0.qky;root1.qky” unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=s10-token –user_pin=s10-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert

Intel Agilex® 7 Device Security User Guide 14

Send Feedback

2. Authentication and Authorization 683823 | 2023.05.23

7. The device or static bitstream owner provisions their authentication root key hashes to the device, then programs the PR public key program authorization compact certificate, and finally provisions the partial reconfiguration bitstream owner root key to the device. The Device Provisioning section describes this provisioning process.
8. Intel Agilex 7 device is configured with the static region .rbf file.
9. Intel Agilex 7 device is partially reconfigured with the persona design .rbf file.
Related Information
· Creating a Signature Chain on page 6
· Creating Authentication Key Pairs in SoftHSM on page 8
· Device Provisioning on page 25

2.2.5. Verifying Configuration Bitstream Signature Chains
After you create signature chains and signed bitstreams, you may verify that a signed bitstream correctly configures a device programmed with a given root key. You first use the fuse_info operation of the quartus_sign command to print the hash of the root public key to a text file:
quartus_sign –family=agilex –operation=fuse_info root0.qky hash_fuse.txt

You then use the check_integrity option of the quartus_pfg command to inspect the signature chain on each section of a signed bitstream in .rbf format. The check_integrity option prints the following information:
· Status of the overall bitstream integrity check
· Contents of each entry in each signature chain attached to each section in the bitstream .rbf file,
· Expected fuse value for the hash of the root public key for each signature chain.
The value from the fuse_info output should match the Fuse lines in the check_integrity output.
quartus_pfg –check_integrity signed_bitstream.rbf

Here is an example of the check_integrity command output:

Info: Command: quartus_pfg –check_integrity signed_bitstream.rbf Integrity status: OK

Section

Type: CMF

Signature Descriptor …

Signature chain #0 (entries: -1, offset: 96)

Entry #0

Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79

72978B22 0731B082 6F596899 40F32048 AD766A24

Generate key …

Curve : secp384r1

X

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

456FF53F5DBB3A69E48A042C62AB6B0

Y

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Generate key …

Curve : secp384r1

X

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

Send Feedback

Intel Agilex® 7 Device Security User Guide 15

2. Authentication and Authorization 683823 | 2023.05.23

456FF53F5DBB3A69E48A042C62AB6B0

Y

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Entry #1

Generate key …

Curve : secp384r1

X

: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B

C120C7E7A744C357346B424D52100A9

Y

: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5

08A80F3FE7F156DEF0AE5FD95BDFE05

Entry #2 Keychain permission: SIGN_CODE Keychain can be cancelled by ID: 3 Signature chain #1 (entries: -1, offset: 648)

Entry #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Entry #1

Generate key …

Curve : secp384r1

X

: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D

74D982BC20A4772ABCD0A1848E9DC96

Y

: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D

0DA7C6B53D83CF8A775A8340BD5A5DB

Entry #2

Generate key …

Curve : secp384r1

X

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

Y

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Entry #3 Keychain permission: SIGN_CODE Keychain can be cancelled by ID: 15 Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)

Section Type: IO Signature Descriptor … Signature chain #0 (entries: -1, offset: 96)

Entry #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Intel Agilex® 7 Device Security User Guide 16

Send Feedback

2. Authentication and Authorization 683823 | 2023.05.23

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Entry #1

Generate key …

Curve : secp384r1

X

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

Y

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Entry #2

Generate key …

Curve : secp384r1

X

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

Y

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Entry #3 Keychain permission: SIGN_CORE Keychain can be cancelled by ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)

Section

Type: HPS

Signature Descriptor …

Signature chain #0 (entries: -1, offset: 96)

Entry #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Entry #1

Generate key …

Curve : secp384r1

X

: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30

09CE3F486200940E81D02E2F385D150

Y

: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E

5AC33EE6D388B1A895AC07B86155E9D

Entry #2

Generate key …

Curve : secp384r1

X

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

Y

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Send Feedback

Intel Agilex® 7 Device Security User Guide 17

2. Authentication and Authorization 683823 | 2023.05.23

Entry #3 Keychain permission: SIGN_HPS Keychain can be cancelled by ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)

Section Type: CORE Signature Descriptor … Signature chain #0 (entries: -1, offset: 96)

Entry #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Generate key …

Curve : secp384r1

X

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Y

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Entry #1

Generate key …

Curve : secp384r1

X

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

Y

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Entry #2

Generate key …

Curve : secp384r1

X

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

Y

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Entry #3 Keychain permission: SIGN_CORE Keychain can be cancelled by ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)

Intel Agilex® 7 Device Security User Guide 18

Send Feedback

683823 | 2023.05.23 Send Feedback

AES Bitstream Encryption

Advanced Encryption Standard (AES) bitstream encryption is a feature that enables a device owner to protect the confidentiality of intellectual property in a configuration bitstream.
To help protect the confidentiality of keys, configuration bitstream encryption uses a chain of AES keys. These keys are used to encrypt owner data in the configuration bitstream, where the first intermediate key is encrypted with the AES root key.

3.1. Creating the AES Root Key

You may use the quartus_encrypt tool or stratix10_encrypt.py reference implementation to create an AES root key in the Intel Quartus Prime software encryption key (.qek) format file.

Note:

The stratix10_encrypt.py file is used for Intel Stratix® 10, and Intel Agilex 7 devices.

You may optionally specify the base key used to derive the AES root key and key derivation key, the value for the AES root key directly, the number of intermediate keys, and the maximum use per intermediate key.

You must specify the device family, output .qek file location, and passphrase when prompted.
Run the following command to generate the AES root key using random data for the base key and default values for number of intermediate keys and maximum key use.
To use the reference implementation, you substitute a call to the Python interpreter included with Intel Quartus Prime software and omit the –family=agilex option; all other options are equivalent. For example, the quartus_encrypt command found later in the section

quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek

can be converted into the equivalent call to the reference implementation as follows pgm_py stratix10_encrypt.py –operation=MAKE_AES_KEY aes_root.qek

3.2. Quartus Encryption Settings
To enable bitstream encryption for a design, you must specify the appropriate options using the Assignments Device Device and Pin Options Security panel. You select the Enable configuration bitstream encryption checkbox, and the desired Encryption key storage location from the dropdown menu.

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

Figure 3. Intel Quartus Prime Encryption Settings

3. AES Bitstream Encryption 683823 | 2023.05.23

Alternatively, you may add the following assignment statement to your Intel Quartus Prime settings file .qsf:
set_global_assignment -name ENCRYPT_PROGRAMMING_BITSTREAM on set_global_assignment -name PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
If you want to enable additional mitigations against side-channel attack vectors, you may enable the Encryption update ratio dropdown and Enable scrambling checkbox.

Intel Agilex® 7 Device Security User Guide 20

Send Feedback

3. AES Bitstream Encryption 683823 | 2023.05.23

The corresponding changes in the .qsf are:
set_global_assignment -name PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING on set_global_assignment -name PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31

3.3. Encrypting a Configuration Bitstream
You encrypt a configuration bitstream prior to signing the bitstream. The Intel Quartus Prime Programming File Generator tool can automatically encrypt and sign a configuration bitstream using the graphical user interface or command line.
You may optionally create a partially encrypted bitstream for use with the quartus_encrypt and quartus_sign tools or reference implementation equivalents.

3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface
You can use the Programming File Generator to encrypt and sign the owner image.

Figure 4.

1. On the Intel Quartus Prime File menu select Programming File Generator. 2. On the Output Files tab, specify the output file type for your configuration
scheme.
Output File Specification

Configuration scheme Output file tab
Output file type

3. On the Input Files tab, click Add Bitstream and browse to your .sof. 4. To specify encryption and authentication options select the .sof and click
Properties. a. Turn Enable signing tool on. b. For Private key file select your signing key private .pem file. c. Turn Finalize encryption on.

Send Feedback

Intel Agilex® 7 Device Security User Guide 21

3. AES Bitstream Encryption 683823 | 2023.05.23

Figure 5.

d. For Encryption key file, select your AES .qek file. Input (.sof) File Properties for Authentication and Encryption

Enable authentication Specify private root .pem
Enable encryption Specify encryption key
5. To generate the signed and encrypted bitstream, on the Input Files tab, click Generate. Password dialog boxes appear for you to input your passphrase for your AES key .qek file and signing private key .pem file. The programming file generator creates the encrypted and signed output_file.rbf.
3.3.2. Configuration Bitstream Encryption Using the Programming File Generator Command Line Interface
Generate an encrypted and signed configuration bitstream in .rbf format with the quartus_pfg command line interface:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o signing=ON -o pem_file=design0_sign_private.pem
You may convert an encrypted and signed configuration bitstream in .rbf format to other configuration bitstream file formats.
3.3.3. Partially Encrypted Configuration Bitstream Generation Using the Command Line Interface
You may generate a partially encrypted programming file to finalize encryption and sign the image later. Generate the partially encrypted programming file in the .rbf format with thequartus_pfgcommand line interface: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf

Intel Agilex® 7 Device Security User Guide 22

Send Feedback

3. AES Bitstream Encryption 683823 | 2023.05.23
You use the quartus_encrypt command line tool to finalize bitstream encryption:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
You use the quartus_sign command line tool to sign the encrypted configuration bitstream:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf signed_encrypted_top.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf signed_encrypted_top.rbf
3.3.4. Partial Reconfiguration Bitstream Encryption
You can enable bitstream encryption on someIntel Agilex 7 FPGA designs that use partial reconfiguration.
Partial reconfiguration designs utilizing the Hierarchical Partial Reconfiguration (HPR), or Static Update Partial Reconfiguration (SUPR) do not support the bitstream encryption. If your design contains multiple PR regions, you must encrypt all personas.
To enable partial reconfiguration bitstream encryption, follow the same procedure in all design revisions. 1. On the Intel Quartus Prime File menu, select Assignments Device Device
and Pin Options Security. 2. Select the desired encryption key storage location.
Figure 6. Partial Reconfiguration Bitstream Encryption Setting

Send Feedback

Intel Agilex® 7 Device Security User Guide 23

3. AES Bitstream Encryption 683823 | 2023.05.23
Alternatively, you may add the following assignment statement in the Quartus Prime settings file .qsf:
set_global_assignment -name –ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION on
After you compile your base design and revisions, the software generates a.soffile and one or more.pmsffiles, representing the personas. 3. Create encrypted and signed programming files from.sof and.pmsf files in a similar fashion to designs with no partial reconfiguration enabled. 4. Convert the compiled persona.pmsf file to a partially encrypted.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. Finalize bitstream encryption using the quartus_encrypt command line tool:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. Sign the encrypted configuration bitstream using the quartus_sign command line tool:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbf signed_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –qky=design0_sign_chain.qky –cancel=svnA:0 –keyname=design0_sign encrypted_persona1.rbf signed_encrypted_persona1.rbf

Intel Agilex® 7 Device Security User Guide 24

Send Feedback

683823 | 2023.05.23 Send Feedback

Device Provisioning

Initial security feature provisioning is only supported in the SDM provision firmware. Use the Intel Quartus Prime Programmer to load the SDM provision firmware and perform provisioning operations.
You may use any type of JTAG download cable to connect the Quartus Programmer to an Intel Agilex 7 device to perform provisioning operations.
4.1. Using SDM Provision Firmware
The Intel Quartus Prime Programmer automatically creates and loads a factory default helper image when you select the initialize operation and a command to program something other than a configuration bitstream.
Depending on the programming command specified, the factory default helper image is one of two types:
· Provisioning helper image–consists of one bitstream section containing the SDM provisioning firmware.
· QSPI helper image–consists of two bitstream sections, one containing the SDM main firmware and one I/O section.
You may create a factory default helper image file to load into your device prior to performing any programming command. After programming an authentication root key hash, you must create and sign a QSPI factory default helper image because of the included I/O section. If you additionally program the co-signed firmware security setting eFuse, you must create provisioning and QSPI factory default helper images with co-signed firmware. You may use a co-signed factory default helper image on an unprovisioned device as the unprovisioned device ignores non-Intel signature chains over SDM firmware. Refer to Using QSPI Factory Default Helper Image on Owned Devices on page 26 for more details about creating, signing, and using the QSPI factory default helper image.
The provisioning factory default helper image performs a provisioning action, such as programming the authentication root key hash, security setting fuses, PUF enrollment, or black key provisioning. You use the Intel Quartus Prime Programming File Generator command line tool to create the provisioning helper image, specifying the helper_image option, your helper_device name, the provision helper image subtype, and optionally a co-signed firmware .zip file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o fw_source=signed_agilex.zip signed_provision_helper_image.rbf
Program the helper image using the Intel Quartus Prime Programmer tool:
quartus_pgm -c 1 -m jtag -o “p;signed_provision_helper_image.rbf” –force

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

4. Device Provisioning 683823 | 2023.05.23

Note:

You may omit the initialize operation from commands, including examples provided in this chapter, after either programming a provision helper image or using a command that contains the initialize operation.

4.2. Using QSPI Factory Default Helper Image on Owned Devices
The Intel Quartus Prime Programmer automatically creates and loads a QSPI factory default helper image when you select the initialize operation for a QSPI flash programming file. After programming an authentication root key hash, you must create and sign the QSPI factory default helper image, and program the signed QSPI factory helper image separately prior to programming the QSPI flash. 1. You use the Intel Quartus Prime Programming File Generator command line tool to
create the QSPI helper image, specifying the helper_image option, your helper_device type, the QSPI helper image subtype, and optionally a cosigned firmware .zip file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. You sign the QSPI factory default helper image:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf signed_qspi_helper_image.rbf
3. You may use any QSPI flash programming file format. The following examples use a configuration bitstream converted to the .jic file format:
quartus_pfg -c signed_bitstream.rbf signed_flash.jic -o device=MT25QU128 -o flash_loader=AGFB014R24A -o mode=ASX4
4. You program the signed helper image using the Intel Quartus Prime Programmer tool:
quartus_pgm -c 1 -m jtag -o “p;signed_qspi_helper_image.rbf” –force
5. You program the .jic image to flash using the Intel Quartus Prime Programmer tool:
quartus_pgm -c 1 -m jtag -o “p;signed_flash.jic”

4.3. Authentication Root Key Provisioning
To program the owner root key hashes to physical fuses, first you must load the provision firmware, next program the owner root key hashes, and then immediately perform a power-on reset. A power-on reset is not required if programming root key hashes to virtual fuses.

Intel Agilex® 7 Device Security User Guide 26

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
To program authentication root key hashes, you program the provision firmware helper image and run one of the following commands to program the root key .qky files.
// For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o “p;root0.qky;root1.qky;root2.qky” –non_volatile_key
// For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o “p;root0.qky;root1.qky;root2.qky”
4.3.1. Partial Reconfiguration Multi-Authority Root Key Programming
After provisioning the device or static region bitstream owner root keys, you again load the device provision helper image, program the signed PR public key program authorization compact certificate, and then provision the PR persona bitstream owner root key.
// For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o “p;root_pr.qky” –pr_pubkey –non_volatile_key
// For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o “p;p;root_pr.qky” –pr_pubkey
4.4. Programming Key Cancellation ID Fuses
Starting with Intel Quartus Prime Pro Edition software version 21.1, programming Intel and owner key cancellation ID fuses requires the use of a signed compact certificate. You may sign the key cancellation ID compact certificate with a signature chain that has FPGA section signing permissions. You create the compact certificate with the programming file generator command line tool. You sign the unsigned certificate using the quartus_sign tool or reference implementation.
Intel Agilex 7 devices support separate banks of owner key cancellation IDs for each root key. When an owner key cancellation ID compact certificate is programmed into an Intel Agilex 7 FPGA, the SDM determines which root key signed the compact certificate and blows the key cancellation ID fuse that corresponds to that root key.
The following examples create an Intel key cancellation certificate for Intel key ID 7. You may replace 7 with the applicable Intel key cancellation ID from 0-31.
Run the following command to create an unsigned Intel key cancellation ID compact certificate:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 unsigned_cancel_intel7.ccert
Run one of the following commands to sign the unsigned Intel key cancellation ID compact certificate:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Send Feedback

Intel Agilex® 7 Device Security User Guide 27

4. Device Provisioning 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
Run the following command to create an unsigned owner key cancellation ID compact certificate:
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 unsigned_cancel_owner2.ccert
Run one of the following commands to sign the unsigned owner key cancellation ID compact certificate:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
After you have created a signed key cancellation ID compact certificate, you use the Intel Quartus Prime Programmer to program the compact certificate to the device via JTAG.
//For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o “pi;signed_cancel_intel7.ccert” –non_volatile_key quartus_pgm -c 1 -m jtag -o “pi;signed_cancel_owner2.ccert” –non_volatile_key
//For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o “pi;signed_cancel_intel7.ccert” quartus_pgm -c 1 -m jtag -o “pi;signed_cancel_owner2.ccert”
You may additionally send the compact certificate to the SDM using the FPGA or HPS mailbox interface.
4.5. Canceling Root Keys
Intel Agilex 7 devices let you cancel the root key hashes when another uncanceled root key hash is present. You cancel a root key hash by first configuring the device with a design whose signature chain is rooted in a different root key hash, then program a signed root key hash cancellation compact certificate. You must sign the root key hash cancellation compact certificate with a signature chain rooted in the root key to be canceled.
Run the following command to generate an unsigned root key hash cancellation compact certificate:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert

Intel Agilex® 7 Device Security User Guide 28

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Run one of the following commands to sign the unsigned root key hash cancellation compact certificate:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
You may program a root key hash cancellation compact certificate via JTAG, FPGA, or HPS mailboxes.

4.6. Programming Counter Fuses
You update the Security Version Number (SVN) and Pseudo Time Stamp (PTS) counter fuses using signed compact certificates.

Note:

The SDM keeps track of the minimum counter value seen during a given configuration and does not accept counter increment certificates when the counter value is smaller than the minimum value. You must update all objects assigned to a counter and reconfigure the device prior to programming a counter increment compact certificate.

Run one of the following commands that corresponds to the counter increment certificate you want to generate.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert

A counter value of ­1 creates a counter increment authorization certificate. Programming a counter increment authorization compact certificate enables you to program further unsigned counter increment certificates to update the respective counter. You use the quartus_sign tool to sign the counter compact certificates in a similar fashion to key cancellation ID compact certificates.
You may program a root key hash cancellation compact certificate via JTAG, FPGA, or HPS mailboxes.

Send Feedback

Intel Agilex® 7 Device Security User Guide 29

4. Device Provisioning 683823 | 2023.05.23

4.7. Secure Data Object Service Root Key Provisioning
You use the Intel Quartus Prime Programmer to provision the Secure Data Object Service (SDOS) root key. The Programmer automatically loads the provision firmware helper image to provision the SDOS root key.
quartus_pgm ­c 1 ­m jtag –service_root_key –non_volatile_key

4.8. Security Setting Fuse Provisioning
Use the Intel Quartus Prime Programmer to examine device security setting fuses and write them to a text-based .fuse file as follows:
quartus_pgm -c 1 -m jtag -o “ei;programming_file.fuse;AGFB014R24B”

Options · i: The Programmer loads the provision firmware helper image to the device. · e: The Programmer reads the fuse from the device and stores it in a .fuse file.

The .fuse file contains a list of fuse name-value pairs. The value specifies whether a fuse has been blown or the contents of the fuse field.

The following example shows the format of the .fuse file:

Co-signed firmware

= “Not blown”

Device Permit Kill

= “Not blown”

Device not secure

= “Not blown”

Disable HPS debug

= “Not blown”

Disable Intrinsic ID PUF enrollment

= “Not blown”

Disable JTAG

= “Not blown”

Disable PUF-wrapped encryption key

= “Not blown”

Disable owner encryption key in BBRAM = “Not blown”

Disable owner encryption key in eFuses = “Not blown”

Disable owner root public key hash 0

= “Not blown”

Disable owner root public key hash 1

= “Not blown”

Disable owner root public key hash 2

= “Not blown”

Disable virtual eFuses

= “Not blown”

Force SDM clock to internal oscillator = “Not blown”

Force encryption key update

= “Not blown”

Intel explicit key cancellation

= “0”

Lock security eFuses

= “Not blown”

Owner encryption key program done

= “Not blown”

Owner encryption key program start

= “Not blown”

Owner explicit key cancellation 0

= “”

Owner explicit key cancellation 1

= “”

Owner explicit key cancellation 2

= “”

Owner fuses

=

“0x00000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000

0000000000000000000000”

Owner root public key hash 0

=

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

Owner root public key hash 1

=

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

Owner root public key hash 2

=

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

Owner root public key size

= “None”

PTS counter

= “0”

PTS counter base

= “0”

Intel Agilex® 7 Device Security User Guide 30

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

QSPI start up delay # RMA Counter # SDMIO0 is I2C # SVN counter A # SVN

counter B # SVN counter C # SVN counter D

= “10ms” = “0” = “Not blown” = “0” = “0” = “0” = “0”

Modify the .fuse file to set your desired security setting fuses. A line that begins with # is treated as a comment line. To program a security setting fuse, remove the leading # and set the value to Blown. For example, to enable the Co-signed Firmware security setting fuse, modify the first line of the fuse file to the following:
Co-signed firmware = “Blown”

You may also allocate and program the Owner Fuses based on your requirements.
You may use the following command to perform a blank check, program, and verify the owner root public key:
quartus_pgm -c 1 -m jtag -o “ibpv;root0.qky”

Options · i: Loads the provision firmware helper image to the device. · b: Performs a blank check to verify the desired security setting fuses are not
already blown. · p: Programs the fuse. · v: Verifies the programmed key on the device.
After programming the .qky file, you may examine the fuse info by checking the fuse info again to ensure both the owner public key hash and the owner public key size have non-zero values.
While the following fields are not writable through the .fuse file method, they are included during the examine operation output for verification: · Device not secure · Device permit kill · Disable owner root public key hash 0 · Disable owner root public key hash 1 · Disable owner root public key hash 2 · Intel key cancellation · Owner encryption key program start · Owner encryption key program done · Owner key cancellation · Owner public key hash · Owner public key size · Owner root public key hash 0 · Owner root public key hash 1 · Owner root public key hash 2

Send Feedback

Intel Agilex® 7 Device Security User Guide 31

4. Device Provisioning 683823 | 2023.05.23
· PTS counter · PTS counter base · QSPI start up delay · RMA counter · SDMIO0 is I2C · SVN counter A · SVN counter B · SVN counter C · SVN counter D
Use the Intel Quartus Prime Programmer to program the .fuse file back to the device. If you add the i option, the Programmer automatically loads the provision firmware to program the security setting fuses.
//For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o “pi;programming_file.fuse” –non_volatile_key
//For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o “pi;programming_file.fuse”
You may use the following command to verify if the device root key hash is the same as the .qky provided in the command:
quartus_pgm -c 1 -m jtag -o “v;root0_another.qky”
If the keys don’t match, the Programmer fails with an Operation failed error message.
4.9. AES Root Key Provisioning
You must use a signed AES root key compact certificate to program an AES root key to an Intel Agilex 7 device.
4.9.1. AES Root Key Compact Certificate
You use the quartus_pfg command line tool to convert your AES root key .qek file into the compact certificate .ccert format. You specify the key storage location while creating the compact certificate. You may use the quartus_pfg tool to create an unsigned certificate for later signing. You must use a signature chain with the AES root key certificate signing permission, permission bit 6, enabled in order to successfully sign an AES root key compact certificate.

Intel Agilex® 7 Device Security User Guide 32

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
1. Create an additional key pair used to sign AES key compact certificate using one of the following command examples:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 aesccert1_private.pem
quartus_sign –family=agilex –operation=make_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex- token –login –pin agilex-token-pin –keypairgen ­mechanism ECDSA-KEY-PAIR-GEN –key-type EC:secp384r1 –usage-sign –label aesccert1 –id 2
2. Create a signature chain with the correct permission bit set using one of the following commands:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccert1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM -­module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=root0 –previous_qky=root0.qky –permission=0x40 –cancel=1 –input_keyname=aesccert1 aesccert1_sign_chain.qky
3. Create an unsigned AES compact certificate for the desired AES root key storage location. The following AES root key storage options are available:
· EFUSE_WRAPPED_AES_KEY
· IID_PUF_WRAPPED_AES_KEY
· UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
· BBRAM_IID_PUF_WRAPPED_AES_KEY
· BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
//Create eFuse AES root key unsigned certificate quartus_pfg –ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.ccert
4. Sign the compact certificate with the quartus_sign command or reference implementation.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_signchain.qky unsigned1.ccert signed_1.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Send Feedback

Intel Agilex® 7 Device Security User Guide 33

4. Device Provisioning 683823 | 2023.05.23

–keyname=aesccert1 –qky=aesccert1_signchain.qky unsigned1.ccert signed_1.ccert
5. Use the Intel Quartus Prime Programmer to program the AES root key compact certificate to the Intel Agilex 7 device via JTAG. The Intel Quartus Prime Programmer defaults to program virtual eFuses when using the EFUSE_WRAPPED_AES_KEY compact certificate type.
You add the –non_volatile_key option to specify programming physical fuses.
//For physical (non-volatile) eFuse AES root key quartus_pgm -c 1 -m jtag -o “pi;signed_efuse1.ccert” –non_volatile_key

//For virtual (volatile) eFuse AES root key quartus_pgm -c 1 -m jtag -o “pi;signed_efuse1.ccert”

//For BBRAM AES root key quartus_pgm -c 1 -m jtag -o “pi;signed_bbram1.ccert”

The SDM provision firmware and main firmware support AES root key certificate programming. You may also use the SDM mailbox interface from the FPGA fabric or HPS to program an AES root key certificate.

Note:

The quartus_pgm command does not support options b and v for compact certificates(.ccert).

4.9.2. Intrinsic ID® PUF AES Root Key Provisioning
Implementing the Intrinsic* ID PUF wrapped AES Key includes the following steps: 1. Enrolling the Intrinsic ID PUF via JTAG. 2. Wrapping the AES root key. 3. Programming the helper data and wrapped key into quad SPI flash memory. 4. Querying the Intrinsic ID PUF activation status.
Theuse of Intrinsic ID technology requires a separate license agreement with Intrinsic ID. Intel Quartus Prime Pro Edition software restricts PUF operations without the appropriate license, such as enrollment, key wrapping, and PUF data programming to QSPI flash.

4.9.2.1. Intrinsic ID PUF Enrollment
To enroll the PUF, you must use the SDM provision firmware. The provision firmware must be the first firmware loaded after a power cycle, and you must issue the PUF enrollment command before any other command. The provision firmware supports other commands after PUF enrollment, including AES root key wrapping and programming quad SPI, however, you must power cycle the device to load a configuration bitstream.
You use the Intel Quartus Prime Programmer to trigger PUF enrollment and generate the PUF helper data .puf file.

Intel Agilex® 7 Device Security User Guide 34

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Figure 7.

Intrinsic ID PUF Enrollment
quartus_pgm PUF Enrollment

Enrollment PUF helper data

Secure Device Manager (SDM)

wrapper.puf Helper Data
The Programmer automatically loads a provision firmware helper image when you specify both the i operation and a .puf argument.
quartus_pgm -c 1 -m jtag -o “ei;help_data.puf;AGFB014R24A”
If you are using co-signed firmware, you program the co-signed firmware helper image prior to using the PUF enrollment command.
quartus_pgm -c 1 -m jtag -o “p;signed_provision_helper_image.rbf” –force quartus_pgm -c 1 -m jtag -o “e;help_data.puf;AGFB014R24A”
The UDS IID PUF is enrolled during device manufacturing, and is not available for reenrollment. Instead, you use the Programmer to determine the location of the UDS PUF helper data on IPCS, download the .puf file directly, and then use the UDS .puf file in the same way as the .puf file extracted from an Intel Agilex 7 device.
Use the following Programmer command to generate a text file containing a list of URLs pointing to device-specific files on IPCS:
quartus_pgm -c 1 -m jtag -o “e;ipcs_urls.txt;AGFB014R24B” –ipcs_urls
4.9.2.2. Wrapping the AES Root Key
You generate the IID PUF wrapped AES root key .wkey file by sending a signed certificate to the SDM.
You can use the Intel Quartus Prime Programmer to automatically generate, sign, and send the certificate to wrap your AES root key, or you may use the Intel Quartus Prime Programming File Generator to generate an unsigned certificate. You sign the unsigned certificate using your own tools or the Quartus signing tool. You then use the Programmer to send the signed certificate and wrap your AES root key. The signed certificate may be used to program all devices that can validate the signature chain.

Send Feedback

Intel Agilex® 7 Device Security User Guide 35

4. Device Provisioning 683823 | 2023.05.23

Figure 8.

Wrapping the AES Key Using the Intel Quartus Prime Programmer
.pem Private
Key

.qky

quartus_pgm

Wrap AES Key

AES.QSKigYnature RootCPhuabilnic Key

Generate PUF Wrapped Key

Wrapped AES Key

SDM

.qek Encryption
Key

.wkey PUF-Wrapped
AES Key

1. You may generate the IID PUF wrapped AES root key (.wkey) with the Programmer using the following arguments:
· The .qky file containing a signature chain with AES root key certificate permission
· The private .pem file for the last key in the signature chain
· The .qek file holding the AES root key
· The 16-byte initialization vector (iv).

quartus_pgm -c 1 -m jtag –qky_file=aes0_sign_chain.qky –pem_file=aes0_sign_private.pem –qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”

2. Alternatively, you may generate an unsigned IID PUF wrapping AES root key certificate with the Programming File Generator using the following arguments:

quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert

3. You sign the unsigned certificate with your own signing tools or the quartus_sign tool using the following command:

quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert signed_aes.ccert

4. You then use the Programmer to send the signed AES certificate and return the wrapped key (.wkey) file:

quarts_pgm -c 1 -m jtag –ccert_file=signed_aes.ccert -o “ei;aes.wkey;AGFB014R24A”

Note: The i operation is not necessary if you previously loaded the provision firmware helper image, for example, to enroll the PUF.

4.9.2.3. Programming Helper Data and Wrapped Key to QSPI Flash Memory
You use the Quartus Programming File Generator graphical interface to build an initial QSPI flash image containing a PUF partition. You must generate and program an entire flash programming image to add a PUF partition to the QSPI flash. Creation of the PUF

Intel Agilex® 7 Device Security User Guide 36

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Figure 9.

data partition and use of the PUF helper data and wrapped key files for flash image generation is not supported through the Programming File Generator command line interface.
The following steps demonstrate building a flash programming image with the PUF helper data and wrapped key:
1. On the File menu, click Programming File Generator. On the Output Files tab make the following selections:
a. For Device Family select Agilex 7.
b. For Configuration mode select Active Serial x4.
c. For Output directory browse to your output file directory. This example uses output_files.
d. For Name, specify a name for the programming file to be generated. This example uses output_file.
e. Under Description select the programming files to generate. This example generates the JTAG Indirect configuration File (.jic) for device configuration and the Raw Binary File of Programming Helper Image (.rbf) for device helper image. This example also selects the optional Memory Map File (.map) and Raw Programming Data File (.rpd). The raw programming data file is necessary only if you plan to use a third-party programmer in the future.
Programming File Generator – Output Files Tab – Select JTAG Indirect Configuration

Device Family Configuration mode
Output file tab
Output directory
JTAG Indirect (.jic) Memory Map File Programming Helper Raw Programming Data
On the Input Files tab, make the following selections: 1. Click Add Bitstream and browse to your .sof. 2. Select your .sof file and then click Properties.

Send Feedback

Intel Agilex® 7 Device Security User Guide 37

4. Device Provisioning 683823 | 2023.05.23
a. Turn on Enable signing tool. b. For Private key file select your .pem file. c. Turn on Finalize encryption. d. For Encryption key file select your .qek file. e. Click OK to return to the prior window. 3. To specify your PUF helper data file, click Add Raw Data. Change the Files of type drop-down menu to Quartus Physical Unclonable Function File (.puf). Browse to your .puf file. If you are using both the IID PUF and the UDS IID PUF, repeat this step so that .puf files for each PUF are added as input files. 4. To specify your wrapped AES key file, click Add Raw Data. Change the Files of type drop-down menu to Quartus Wrapped Key File (.wkey). Browse to your .wkey file. If you have wrapped AES keys using both the IID PUF and the UDS IID PUF, repeat this step so that .wkey files for each PUF are added as input files.
Figure 10. Specify Input Files for Configuration, Authentication, and Encryption

Add Bitstream Add Raw Data
Properties
Private key file
Finalize encryption Encryption key
On the Configuration Device tab, make the following selections: 1. Click Add Device and select your flash device from the list of available flash
devices. 2. Select the configuration device you have just added and click Add Partition. 3. In the Edit Partition dialog box for the Input file and select your .sof from the
dropdown list. You can retain the defaults or edit the other parameters in the Edit Partition dialog box.

Intel Agilex® 7 Device Security User Guide 38

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
Figure 11. Specifying your .sof Configuration Bitstream Partition

Configuration Device
Edit Partition Add .sof file

Add Partition

4. When you add the .puf and .wkey as input files, the Programming File Generator automatically creates a PUF partition in your Configuration Device. To store the .puf and .wkey in the PUF partition, select the PUF partition and click Edit. In the Edit Partition dialog box, select your .puf and .wkey files from the dropdown lists. If you remove the PUF partition, you must remove and re-add the configuration device for the Programming File Generator to create another PUF partition. You must ensure that you select the correct .puf and .wkey file for the IID PUF and UDS IID PUF, respectively.
Figure 12. Add the .puf and .wkey files to the PUF Partition

PUF Partition

Edit

Edit Partition

Flash Loader

Select Generate

5. For the Flash Loader parameter select the Intel Agilex 7 device family and device name that matches your Intel Agilex 7 OPN.

Send Feedback

Intel Agilex® 7 Device Security User Guide 39

4. Device Provisioning 683823 | 2023.05.23
6. Click Generate to generate the output files that you specified on the Output Files tab.
7. The Programming File Generator reads your .qek file and prompts you for your passphrase. Type your passphrase in response to the Enter QEK passphrase prompt. Click the Enter key.
8. Click OK when the Programming File Generator reports successful generation.
You use the Intel Quartus Prime Programmer to write the QSPI programming image to QSPI flash memory. 1. On the Intel Quartus Prime Tools menu select Programmer. 2. In the Programmer, click Hardware Setup and then select a connected Intel
FPGA Download Cable. 3. Click Add File and browse to your .jic file.
Figure 13. Program .jic

Programming file

Program/ Configure

JTAG scan chain
4. Unselect the box associated with the Helper image. 5. Select Program/Configure for the .jic output file. 6. Turn on Start button to program your quad SPI flash memory. 7. Power cycle your board. The design programmed to the quad SPI flash memory
device subsequently loads into the target FPGA.
You must generate and program an entire flash programming image to add a PUF partition to the quad SPI flash.
When a PUF partition already exists in the flash, it is possible to use theIntel Quartus Prime Programmer to directly access the PUF helper data and wrapped key files. For example, if activation is unsuccessful, it is possible to re-enroll the PUF, re-wrap the AES key, and subsequently only program the PUF files without having to overwrite the entire flash.

Intel Agilex® 7 Device Security User Guide 40

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
The Intel Quartus Prime Programmer supports the following operation argument for PUF files in a pre-existing PUF partition:
· p: program
· v: verify
· r: erase
· b: blank check
You must follow the same restrictions for PUF enrollment, even if a PUF partition exists.
1. Use the i operation argument to load the provision firmware helper image for the first operation. For example, the following command sequence re- enrolls the PUF, re-wrap the AES root key, erase the old PUF helper data and wrapped key, then program and verify the new PUF helper data and AES root key.
quartus_pgm -c 1 -m jtag -o “ei;new.puf;AGFB014R24A” quartus_pgm -c 1 -m jtag –ccert_file=signed_aes.ccert -o “e;new.wkey;AGFB014R24A” quartus_pgm -c 1 -m jtag -o “r;old.puf” quartus_pgm -c 1 -m jtag -o “r;old.wkey” quartus_pgm -c 1 -m jtag -o “p;new.puf” quartus_pgm -c 1 -m jtag -o “p;new.wkey” quartus_pgm -c 1 -m jtag -o “v;new.puf” quartus_pgm -c 1 -m jtag -o “v;new.wkey”
4.9.2.4. Querying Intrinsic ID PUF Activation Status
After you enroll the Intrinsic ID PUF, wrap an AES key, generate the flash programming files, and update the quad SPI flash, you power cycle your device to trigger PUF activation and configuration from the encrypted bitstream. The SDM reports the PUF activation status along with the configuration status. If PUF activation fails, the SDM instead reports the PUF error status. Use the quartus_pgm command to query the configuration status.
1. Use the following command to query the activation status:
quartus_pgm -c 1 -m jtag –status –status_type=”CONFIG”
Here is sample output from a successful activation:
Info (21597): Response of CONFIG_STATUS Device is running in user mode 00006000 RESPONSE_CODE=OK, LENGTH=6 00000000 STATE=IDLE 00160300 Version C000007B MSEL=QSPI_NORMAL, nSTATUS=1, nCONFIG=1, VID=1,
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Error location 00000000 Error details Response of PUF_STATUS 00002000 RESPONSE_CODE=OK, LENGTH=2 00000500 USER_IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0

Send Feedback

Intel Agilex® 7 Device Security User Guide 41

4. Device Provisioning 683823 | 2023.05.23

If you are only using either the IID PUF or the UDS IID PUF, and have not programmed a helper data .puf file for either PUF in the QSPI flash, that PUF does not get activated and the PUF status reflects that PUF helper data is not valid. The following example shows the PUF status when the PUF helper data was not programmed for either PUF:
Response of PUF_STATUS 00002000 RESPONSE_CODE=OK, LENGTH=2 00000002 USER_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0

4.9.2.5. Location of the PUF in Flash Memory
The location of the PUF file is different for designs that support RSU and designs that do not support the RSU feature.

For designs that do not support RSU, you must include the .puf and .wkey files when you create updated flash images. For designs that support RSU, the SDM does not overwrite the PUF data sections during factory or application image updates.

Table 2.

Flash Sub-Partitions Layout without RSU Support

Flash Offset (in bytes)

Size (in bytes)

Contents

Description

0K 256K

256K 256K

Configuration Management Firmware Configuration Management Firmware

Firmware that runs on SDM.

512K

256K

Configuration Management Firmware

768K

256K

Configuration Management Firmware

1M

32K

PUF data copy 0

Data structure for storing PUF helper data and PUF-wrapped AES root key copy 0

1M+32K

32K

PUF data copy 1

Data structure for storing PUF helper data and PUF-wrapped AES root key copy 1

Table 3.

Flash Sub-Partitions Layout with RSU Support

Flash Offset (in bytes)

Size (in bytes)

Contents

Description

0K 512K

512K 512K

Decision firmware Decision firmware

Firmware to identify and load the highest priority image.

1M 1.5M

512K 512K

Decision firmware Decision firmware

2M

8K + 24K

Decision firmware data

Padding

Reserved for Decision firmware use.

2M + 32K

32K

Reserved for SDM

Reserved for SDM.

2M + 64K

Variable

Factory image

A simple image that you create as a backup if all other application images fail to load. This image includes the CMF that runs on the SDM.

Next

32K

PUF data copy 0

Data structure for storing PUF helper data and PUF-wrapped AES root key copy 0
continued…

Intel Agilex® 7 Device Security User Guide 42

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Flash Offset (in bytes)

Size (in bytes)

Next +32K 32K

Contents PUF data copy 1

Next + 256K 4K Next +32K 4K Next +32K 4K

Sub-partition table copy 0 Sub-partition table copy 1 CMF pointer block copy 0

Next +32K _

CMF pointer block copy 1

Variable Variable

Variable Variable

Application image 1 Application image 2

4.9.3. Black Key Provisioning

Description
Data structure for storing PUF helper data and PUF-wrapped AES root key copy 1
Data structure to facilitate the management of the flash storage.
A list of pointers to application images in order of priority. When you add an image, that image becomes the highest.
A second copy of the list of pointers to application images.
Your first application image.
Your second application image.

Note:

TheIntel Quartus PrimeProgrammer assists in establishing a mutually authenticated secure connection between theIntel Agilex 7device and the black key provisioning service. The secure connection is established via https and requires several certificates identified using a text file.
When using Black Key Provisioning, Intel recommends that you avoid externally connecting the TCK pin to pull up or pull down a resistor while still using it for JTAG. However, you may connect the TCK pin to the VCCIO SDM power supply using a 10 k resistor. The existing guidance in the Pin Connection Guidelines to connect TCK to a 1 k pull-down resistor is included for noise suppression. The change in guidance to a 10 k pull-up resistor doesn’t affect the device functionally. For more information about connecting the TCK pin, refer to Intel Agilex 7 Pin Connection Guidelines.
Thebkp_tls_ca_certcertificate authenticates your black key provisioning service instance to your black key provisioning programmer instance. Thebkptls*certificates authenticate your black key provisioning programmer instance to your black key provisioning service instance.
You create a text file containing the necessary information for theIntel Quartus Prime Programmer to connect to the black key provisioning service. To initiate black key provisioning, use the Programmer command line interface to specify the black key provisioning options text file. The black key provisioning then proceeds automatically. For access to the black key provisioning service and associated documentation, please contact Intel Support.
You can enable the black key provisioning using thequartus_pgmcommand:
quartus_pgm -c -m –device –bkp_options=bkp_options.txt
The command arguments specify the following information:

Send Feedback

Intel Agilex® 7 Device Security User Guide 43

4. Device Provisioning 683823 | 2023.05.23

· -c: cable number · -m: specifies the programming mode such as JTAG · –device: specifies a device index on the JTAG chain. Default value is 1. · –bkp_options: specifies a text file containing black key provisioning options.
Related Information Intel Agilex 7 Device Family Pin Connection Guidelines

4.9.3.1. Black Key Provisioning Options
The black key provisioning options is a text file passed to the Programmer through the quartus_pgm command. The file contains required information to trigger black key provisioning.
The following is an example of the bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = root.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pem bkp_tls_prog_key_pass = 1234 bkp_proxy_address = https://192.167.5.5:5000 bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password

Table 4.

Black Key Provisioning Options
This table displays the options required to trigger black key provisioning.

Option Name

Type

Description

bkp_ip

Required

Specifies the server IP address running the black key provisioning service.

bkp_port

Required

Specifies black key provisioning service port required to connect to the server.

bkp_cfg_id

Required

Identifies the black key provisioning configuration flow ID.
Black key provisioning service creates the black key provisioning configuration flows including an AES root key, desired eFuse settings, and other black key provisioning authorization options. The number assigned during the black key provisioning service setup identifies the black key provisioning configuration flows.
Note: Multiple devices may refer to the same black key provisioning service configuration flow.

bkp_tls_ca_cert

Required

The root TLS certificate used to identify the black key provisioning services to the Intel Quartus Prime Programmer (Programmer). A trusted Certificate Authority for the black key provisioning service instance issues this certificate.
If you run the Programmer on a computer with Microsoft® Windows® operating system (Windows), you must install this certificate in the Windows certificate store.

bkp_tls_prog_cert

Required

A certificate created for the instance of the black key provisioning Programmer (BKP Programmer). This is the https client certificate used to identify this BKP programmer instance
continued…

Intel Agilex® 7 Device Security User Guide 44

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Option Name

Type

bkp_tls_prog_key

Required

bkp_tls_prog_key_pass Optional

bkp_proxy_address bkp_proxy_user bkp_proxy_password

Optional Optional Optional

Description
to the black key provisioning service. You must install and authorize this certificate in the black key provisioning service prior to initiating a black key provisioning session. If you run the Programmer on Windows, this option is not available. In this case, the bkp_tls_prog_key already includes this certificate.
The private key corresponding to the BKP Programmer certificate. The key validates the identity of the BKP Programmer instance to black key provisioning service. If you run the Programmer on Windows, the .pfx file combines the bkp_tls_prog_cert certificate and the private key. The bkp_tlx_prog_key option passes the .pfx file in the bkp_options.txt file.
The password for the bkp_tls_prog_key private key. Not required in the black key provisioning configuration options (bkp_options.txt) text file.
Specifies the proxy server URL address.
Specifies the proxy server username.
Specifies the proxy authentication password.

4.10. Converting Owner Root Key, AES Root Key Certificates, and Fuse files to Jam STAPL File Formats

You may use the quartus_pfg command-line command to convert .qky, AES root key .ccert, and .fuse files to Jam STAPL Format File (.jam) and Jam Byte Code Format File (.jbc). You can use these files to program Intel FPGAs using the Jam STAPL Player and the Jam STAPL Byte-Code Player, respectively.

A single .jam or .jbc contains several functions including a firmware helper image configuration and program, blank check, and verification of key and fuse programming.

Caution:

When you convert the AES root key .ccert file to .jam format, the .jam file contains the AES key in plaintext but obfuscated form. Consequently, you must protect the .jam file when storing the AES key. You can do this by provisioning the AES key in a secure environment.

Here are examples of quartus_pfg conversion commands:

quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jam quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jbc quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device=AGFB014R24A settings.fuse settings_fuse.jam quartus_pfg -c -o helper_device=AGFB014R24A settings.fuse settings_fuse.jbc

For more information about the using the Jam STAPL Player for device programming refer to AN 425: Using the Command-Line Jam STAPL Solution for Device Programming.

Send Feedback

Intel Agilex® 7 Device Security User Guide 45

4. Device Provisioning 683823 | 2023.05.23
Run the following commands to program the owner root public key and AES encryption key:
//To load the helper bitstream into the FPGA. // The helper bitstream include provision firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//To program the owner root public key into virtual eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//To program the owner root public key into physical eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//To program the PR owner root public key into virtual eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//To program the PR owner root public key into physical eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//To program the AES encryption key CCERT into BBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//To program the AES encryption key CCERT into physical eFuses quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Related Information AN 425: Using the Command-Line Jam STAPL Solution for Device Programming

Intel Agilex® 7 Device Security User Guide 46

Send Feedback

683823 | 2023.05.23 Send Feedback

Advanced Features

5.1. Secure Debug Authorization
To enable Secure Debug Authorization, the debug owner needs to generate an authentication key pair and use the Intel Quartus Prime Pro Programmer to generate a device information file for the device that runs the debug image:
quartus_pgm -c 1 -m jtag -o “ei;device_info.txt;AGFB014R24A” –dev_info
The device owner uses the quartus_sign tool or the reference implementation to append a conditional public key entry to a signature chain intended for debug operations using the public key from the debug owner, the necessary authorizations, the device information text file, and applicable further restrictions:
quartus_sign –family=agilex –operation=append_key –previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky –permission=0x6 –cancel=1 –dev_info=device_info.txt –restriction=”1,2,17,18″ –input_pem=debug_authorization_public_key.pem secure_debug_auth_chain.qky
The device owner sends the full signature chain back to the debug owner, who uses the signature chain and their private key to sign the debug image:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
You may use the quartus_pfg command to inspect the signature chain of each section of this signed secure debug bitstream as follows:
quartus_pfg –check_integrity authorized_debug_design.rbf
The output of this command prints the restriction values 1,2,17,18 of the conditional public key that was used to generate the signed bitstream.
The debug owner can then program the securely authorized debug design:
quartus_pgm -c 1 -m jtag -o “p;authorized_debug_design.rbf”
The device owner may revoke the secure debug authorization by canceling the explicit key cancellation ID assigned in the secure debug authorization signature chain.
5.2. HPS Debug Certificates
Enabling only authorized access to the HPS debug access port (DAP) via JTAG interface requires several steps:

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

5. Advanced Features 683823 | 2023.05.23
1. Click the Intel Quartus Prime software Assignments menu and select Device Device and Pin Options Configuration tab.
2. In the Configuration tab, enable the HPS debug access port (DAP) by selecting either HPS Pins or SDM Pins from the dropdown menu, and ensuring the Allow HPS debug without certificates checkbox is not selected.
Figure 14. Specify Either HPS or SDM Pins for the HPS DAP

HPS debug access port (DAP)
Alternatively, you may set the assignment below in the Quartus Prime Settings .qsf file:
set_global_assignment -name HPS_DAP_SPLIT_MODE “SDM PINS”
3. Compile and load the design with these settings. 4. Create a signature chain with the appropriate permissions to sign an HPS debug
certificate:
quartus_sign –family=agilex –operation=append_key –previous_pem=root_private.pem –previous_qky=root.qky –permission=0x8 –cancel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_cert_sign_chain.qky
5. Request an unsigned HPS debug certificate from the device where the debug design is loaded:
quartus_pgm -c 1 -m jtag -o “e;unsigned_hps_debug.cert;AGFB014R24A”
6. Sign the unsigned HPS debug certificate using the quartus_sign tool or reference implementation and the HPS debug signature chain:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert signed_hps_debug.cert

Intel Agilex® 7 Device Security User Guide 48

Send Feedback

5. Advanced Features 683823 | 2023.05.23
7. Send the signed HPS debug certificate back to the device to enable access to the HPS debug access port (DAP):
quartus_pgm -c 1 -m jtag -o “p;signed_hps_debug.cert”
The HPS debug certificate is only valid from the time it was generated until the next power cycle of the device or until a different type or version of SDM firmware is loaded. You must generate, sign, and program the signed HPS debug certificate, and perform all debug operations, prior to power cycling the device. You may invalidate the signed HPS debug certificate by power cycling the device.
5.3. Platform Attestation
You can generate a reference integrity manifest (.rim) file using the programming file generator tool:
quartus_pfg -c signed_encrypted_top.rbf top_rim.rim
Follow these steps to ensure the platform attestation in your design: 1. Use the Intel Quartus Prime Pro Programmer to configure your device with the
design you created a reference integrity manifest for. 2. Use a platform attestation verifier to enroll the device by issuing commands to the
SDM via the SDM mailbox to create the device ID certificate and firmware certificate on reload. 3. Use the Intel Quartus Prime Pro Programmer to reconfigure your device with the design. 4. Use the platform attestation verifier to issue commands to the SDM to get the attestation device ID, firmware, and alias certificates. 5. Use the attestation verifier to issue the SDM mailbox command to get the attestation evidence and the verifier checks the returned evidence.
You may implement your own verifier service using the SDM mailbox commands, or use the Intel platform attestation verifier service. For more information about Intel platform attestation verifier service software, availability, and documentation, contact Intel Support.
Related Information Intel Agilex 7 Device Family Pin Connection Guidelines
5.4. Physical Anti-Tamper
You enable the physical anti-tamper features using the following steps: 1. Selecting the desired response to a detected tamper event 2. Configuring the desired tamper detection methods and parameters 3. Including the anti-tamper IP in your design logic to help manage anti-tamper
events

Send Feedback

Intel Agilex® 7 Device Security User Guide 49

5. Advanced Features 683823 | 2023.05.23
5.4.1. Anti-Tamper Responses
You enable physical anti-tamper by selecting a response from the Anti-tamper response: dropdown list on the Assignments Device Device and Pin Options Security Anti-Tamper tab. By default, the anti-tamper response is disabled. Five categories of anti-tamper response are available. When you select your desired response, the options to enable one or more detection methods are enabled.
Figure 15. Available Anti-Tamper Response Options

The corresponding assignment in the Quartus Prime settings .gsf file is the following:
set_global_assignment -name ANTI_TAMPER_RESPONSE “NOTIFICATION DEVICE WIPE DEVICE LOCK AND ZEROIZATION”
When you enable an anti-tamper response, you may choose two available SDM dedicated I/O pins to output the tamper event detection and response status using the Assignments Device Device and Pin Options Configuration Configuration Pin Options window.

Intel Agilex® 7 Device Security User Guide 50

Send Feedback

5. Advanced Features 683823 | 2023.05.23
Figure 16. Available SDM dedicated I/O Pins for Tamper Event Detection

You may also make the following pin assignments in the settings file: set_global_assignment -name USE_TAMPER_DETECT SDM_IO15 set_global_assignment -name ANTI_TAMPER_RESPONSE_FAILED SDM_IO16

5.4.2. Anti-Tamper Detection

You may individually enable the frequency, temperature, and voltage detection features of the SDM. FPGA detection depends on including the Anti-Tamper Lite Intel FPGA IP in your design.

Note:

SDM frequency and voltage tamper detection methods are dependent on internal references and measurement hardware that can vary across devices. Intel recommends that you characterize the behavior of tamper detection settings.

Send Feedback

Intel Agilex® 7 Device Security User Guide 51

5. Advanced Features 683823 | 2023.05.23
Frequency tamper detection operates on the configuration clock source. To enable frequency tamper detection, you must specify an option other than Internal Oscillator in the Configuration clock source dropdown on the Assignments Device Device and Pin Options General tab. You must ensure that the Run configuration CPU from internal oscillator checkbox is enabled prior to enabling the frequency tamper detection. Figure 17. Setting the SDM to Internal Oscillator
To enable frequency tamper detection, select the Enable frequency tamper detection checkbox and select the desired Frequency tamper detection range from the dropdown menu. Figure 18. Enabling Frequency Tamper Detection

Intel Agilex® 7 Device Security User Guide 52

Send Feedback

5. Advanced Features 683823 | 2023.05.23
Alternatively, you may enable Frequency Tamper Detection by making the following changes to the Quartus Prime Settings .qsf file:
set_global_assignment -name AUTO_RESTART_CONFIGURATION OFF set_global_assignment -name DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ set_global_assignment -name RUN_CONFIG_CPU_FROM_INT_OSC ON set_global_assignment -name ENABLE_FREQUENCY_TAMPER_DETECTION ON set_global_assignment -name FREQUENCY_TAMPER_DETECTION_RANGE 35
To enable temperature tamper detection, select the Enable temperature tamper detection checkbox and select the desired temperature upper and lower bounds in the corresponding fields. The upper and lower bounds are populated by default with the related temperature range for the device selected in the design.
To enable voltage tamper detection, you select either or both of the Enable VCCL voltage tamper detection or Enable VCCL_SDM voltage tamper detection checkboxes and select the desired Voltage tamper detection trigger percentage in the corresponding field.
Figure 19. Enabling Voltage Tamper Detection

Alternatively, you may enable Voltage Tamper Detection by specifying the following assignments in the .qsf file:
set_global_assignment -name ENABLE_TEMPERATURE_TAMPER_DETECTION ON set_global_assignment -name TEMPERATURE_TAMPER_UPPER_BOUND 100 set_global_assignment -name ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION ON set_global_assignment -name ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION ON
5.4.3. Anti-Tamper Lite Intel FPGA IP
The Anti-Tamper Lite Intel FPGA IP, available in the IP catalog in Intel Quartus Prime Pro Edition software, facilitates bidirectional communication between your design and the SDM for tamper events.

Send Feedback

Intel Agilex® 7 Device Security User Guide 53

Figure 20. Anti-Tamper Lite Intel FPGA IP

5. Advanced Features 683823 | 2023.05.23

The IP provides the following signals that you connect to your design as needed:

Table 5.

Anti-Tamper Lite Intel FPGA IP I/O Signals

Signal Name

Direction

Description

gpo_sdm_at_event gpi_fpga_at_event

Output Input

SDM signal to FPGA fabric logic that an SDM has detected a tamper event. The FPGA logic has approximately 5ms to perform any desired cleaning and respond to the SDM via gpi_fpga_at_response_done and gpi_fpga_at_zeroization_done. The SDM proceeds with the tamper response actions when gpi_fpga_at_response_done is asserted or after no response is received in the allotted time.
FPGA interrupt to SDM that your designed anti-tamper detection circuitry has detected a tamper event and the SDM tamper response should be triggered.

gpi_fpga_at_response_done

Input

FPGA interrupt to SDM that FPGA logic has performed desired cleaning.

gpi_fpga_at_zeroization_d one

Input

FPGA signal to SDM that FPGA logic has completed any desired zeroization of design data. This signal is sampled when gpi_fpga_at_response_done is asserted.

5.4.3.1. Release Information

The IP versioning scheme (X.Y.Z) number changes from one software version to another. A change in:
· X indicates a major revision of the IP. If you update your Intel Quartus Prime software, you must regenerate the IP.
· Y indicates the IP includes new features. Regenerate your IP to include these new features.
· Z indicates the IP includes minor changes. Regenerate your IP to include these changes.

Table 6.

Anti-Tamper Lite Intel FPGA IP Release Information

IP Version

Item

Description 20.1.0

Intel Quartus Prime Version

21.2

Release Date

2021.06.21

Intel Agilex® 7 Device Security User Guide 54

Send Feedback

5. Advanced Features 683823 | 2023.05.23
5.5. Using Design Security Features with Remote System Update
Remote System Update (RSU) is an Intel Agilex 7 FPGAs feature that assists in updating configuration files in a robust way. RSU is compatible with design security features such as authentication, firmware co-signing, and bitstream encryption as RSU does not depend on the design contents of configuration bitstreams.
Building RSU Images with .sof Files
If you are storing private keys on your local filesystem, you may generate RSU images with design security features using a simplified flow with .sof files as inputs. To generate RSU images with the .sof file, you may follow the instructions in Section Generating Remote System Update Image Files Using the Programming File Generator of the Intel Agilex 7 Configuration User Guide. For every .sof file specified on the Input Files tab, click the Properties… button and specify the appropriate settings and keys for the signing and encryption tools. The programming file generator tool automatically signs and encrypts factory and application images while creating the RSU programming files.
Alternatively, if you are storing private keys in an HSM, you must use the quartus_sign tool and therefore use .rbf files. The rest of this section details the changes in the flow to generate RSU images with .rbf files as inputs. You must encrypt and sign .rbf format files prior to selecting them as input files for RSU images; however, the RSU boot info file must not be encrypted and instead only be signed. The Programming File Generator does not support modifying properties of .rbf format files.
The following examples demonstrate the necessary modifications to the commands in Section Generating Remote System Update Image Files Using the Programming File Generator of the Intel Agilex 7 Configuration User Guide.
Generating the Initial RSU Image Using .rbf Files: Command Modification
From Generating the Initial RSU Image Using .rbf Files section, modify the commands in Step 1. to enable the design security features as desired using instructions from earlier sections of this document.
For example, you would specify a signed firmware file if you were using firmware cosigning, then use the Quartus encryption tool to encrypt each .rbf file, and finally use the quartus_sign tool to sign each file.
In step 2, if you have enabled firmware co-signing, you must use an additional option in the creation of the boot .rbf from the factory image file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
After you create the boot info .rbf file, use the quartus_sign tool to sign the .rbf file. You must not encrypt the boot info .rbf file.

Send Feedback

Intel Agilex® 7 Device Security User Guide 55

5. Advanced Features 683823 | 2023.05.23
Generating an Application Image: Command Modification
To generate an application image with design security features, you modify the command in Generating an Application Image to use a .rbf with design security features enabled, including co-signed firmware if required, instead of the original application .sof file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Generating a Factory Update Image: Command Modification
After you create the boot info .rbf file, you use the quartus_sign tool to sign the .rbf file. You must not encrypt the boot info .rbf file.
To generate an RSU factory update image, you modify the command from Generating a Factory Update Image to use a .rbf file with design security features enabled and add the option to indicate the co-signed firmware usage:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
Related Information Intel Agilex 7 Configuration User Guide
5.6. SDM Cryptographic Services
The SDM on Intel Agilex 7 devices provides cryptographic services that FPGA fabric logic or the HPS may request via the respective SDM mailbox interface. For more information about the mailbox commands and data formats for all SDM cryptographic services, refer to Appendix B in the Security Methodology for Intel FPGAs and Structured ASICs User Guide.
To access the SDM mailbox interface to FPGA fabric logic for SDM cryptographic services, you must instantiate the Mailbox Client Intel FPGA IP in your design.
Reference code to access to the SDM mailbox interface from the HPS is included in the ATF and Linux code provided by Intel.
Related Information Mailbox Client Intel FPGA IP User Guide
5.6.1. Vendor Authorized Boot
Intel provides a reference implementation for HPS software that utilizes the vendor authorized boot feature to authenticate HPS boot software from the first stage boot loader through to the Linux kernel.
Related Information Intel Agilex 7 SoC Secure Boot Demo Design

Intel Agilex® 7 Device Security User Guide 56

Send Feedback

5. Advanced Features 683823 | 2023.05.23
5.6.2. Secure Data Object Service
You send the commands through the SDM mailbox to perform SDOS object encryption and decryption. You may use the SDOS feature after provisioning the SDOS root key.
Related Information Secure Data Object Service Root Key Provisioning on page 30
5.6.3. SDM Cryptographic Primitive Services
You send the commands through the SDM mailbox to initiate SDM cryptographic primitive service operations. Some cryptographic primitive services require that more data be transferred to and from the SDM than the mailbox interface can accept. In these cases, the command of the format changes to provide pointers to data in memory. Additionally, you must change the instantiation of the Mailbox Client Intel FPGA IP to use SDM cryptographic primitive services from the FPGA fabric logic. You must additionally set the Enable Crypto Service parameter to 1 and connect the newly exposed AXI initiator interface to a memory in your design.
Figure 21. Enabling SDM Cryptographic Services in the Mailbox Client Intel FPGA IP

5.7. Bitstream Security Settings (FM/S10)
FPGA Bitstream Security options are a collection of policies that restrict the specified feature or mode of operation within a defined period.
Bitstream Security options consist of flags that you set in Intel Quartus Prime Pro Edition software. These flags are automatically copied into the configuration bitstreams.
You may permanently enforce security options on a device through the use of the corresponding security setting eFuse.
To use any security settings in the configuration bitstream or device eFuses, you must enable the authentication feature.

Send Feedback

Intel Agilex® 7 Device Security User Guide 57

5. Advanced Features 683823 | 2023.05.23
5.7.1. Selecting and Enabling Security Options
To select and enable security options, do as follows: From the Assignments menu, select Device Device and Pin Options Security More Options… Figure 22. Selecting and Enabling Security Options

And then select the values from the drop-down lists for the security options that you want to enable as shown in the following example:
Figure 23. Selecting Values for Security Options

Intel Agilex® 7 Device Security User Guide 58

Send Feedback

5. Advanced Features 683823 | 2023.05.23
The following are the corresponding changes in the Quartus Prime Settings .qsf file:
set_global_assignment -name SECU_OPTION_DISABLE_JTAG “ON CHECK” set_global_assignment -name SECU_OPTION_FORCE_ENCRYPTION_KEY_UPDATE “ON STICKY” set_global_assignment -name SECU_OPTION_FORCE_SDM_CLOCK_TO_INT_OSC ON set_global_assignment -name SECU_OPTION_DISABLE_VIRTUAL_EFUSES ON set_global_assignment -name SECU_OPTION_LOCK_SECURITY_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_HPS_DEBUG ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM ON set_global_assignment -name SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY ON

Send Feedback

Intel Agilex® 7 Device Security User Guide 59

683823 | 2023.05.23 Send Feedback

Troubleshooting

This chapter describes common errors and warning messages that you may encounter while trying to use device security features and measures to resolve them.
6.1. Using Quartus Commands in a Windows Environment Error
Error quartus_pgm: command not found Description This error displays when attempting to use Quartus commands in a NIOS II Shell in a Windows environment by using WSL. Resolution This command works in Linux environment; For Windows hosts, use the following command: quartus_pgm.exe -h Similarly, apply the same syntax to other Quartus Prime commands such as quartus_pfg, quartus_sign, quartus_encrypt among other commands.

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

6. Troubleshooting 683823 | 2023.05.23

6.2. Generating a Private Key Warning

Warning:

The specified password is considered insecure. Intel recommends that at least 13 characters of password be used. You are recommended to change the password by using the OpenSSL executable.

openssl ec -in -out -aes256

Description
This warning is related to the password strength and displays when trying to generate a private key by issuing the following commands:

quartus_sign –family=agilex –operation=make_private_pem –curve=secp3841 root.pem

Resolution Use the openssl executable to specify a longer and thus stronger password.

Send Feedback

Intel Agilex® 7 Device Security User Guide 61

6. Troubleshooting 683823 | 2023.05.23
6.3. Adding a Signing Key to the Quartus Project Error
Error …File contains root key information…
Description
After adding a signing key .qky file to the Quartus project, you need to re- assemble the .sof file. When you add this regenerated .sof file to the selected device by using Quartus Programmer, the following error message indicates that the file contains root key information:
Failed to add to Programmer. The file contains root key information (.qky). However, Programmer does not support bitstream signing feature. You can use Programming File Generator to convert the file to the signed Raw Binary file (.rbf) for configuration.
Resolution
Use the Quartus Programming file generator to convert the file into a signed Raw Binary File .rbf for configuration.
Related Information Signing Configuration Bitstream Using the quartus_sign Command on page 13

Intel Agilex® 7 Device Security User Guide 62

Send Feedback

6. Troubleshooting 683823 | 2023.05.23
6.4. Generating Quartus Prime Programming File was Unsuccessful
Error
Error (20353): X of public key from QKY does not match with private key from PEM file.
Error (20352): Failed to sign the bitstream through python script agilex_sign.py.
Error: Quartus Prime Programming File Generator was unsuccessful.
Description If you try to sign a configuration bitstream using an incorrect private key .pem file or a .pem file that does not match the .qky added to the project, the above common errors display. Resolution Ensure that you use the correct private key .pem to sign the bitstream.

Send Feedback

Intel Agilex® 7 Device Security User Guide 63

6. Troubleshooting 683823 | 2023.05.23
6.5. Unknown Argument Errors
Error
Error (23028): Unknown argument “ûc”. Refer to –help for legal arguments.
Error (213008): Programming option string “ûp” is illegal. Refer to –help for legal programming option formats.
Description If you copy and paste command-line options from a .pdf file in the Windows NIOS II Shell, you may encounter Unknown argument errors as shown above. Resolution In such cases, you may manually enter the commands instead of pasting from the clipboard.

Intel Agilex® 7 Device Security User Guide 64

Send Feedback

6. Troubleshooting 683823 | 2023.05.23
6.6. Bitstream Encryption Option Disabled Error
Error
Cannot finalize the encryption for the file design .sof because it was compiled with the bitstream encryption option disabled.
Description If you try to encrypt the bitstream via GUI or command-line after you have compiled the project with the bitstream encryption option disabled, Quartus rejects the command as shown above.
Resolution Ensure that you compile the project with the bitstream encryption option enabled either via GUI or command-line. To enable this option in GUI, you must check the checkbox for this option.

Send Feedback

Intel Agilex® 7 Device Security User Guide 65

6. Troubleshooting 683823 | 2023.05.23
6.7. Specifying Correct Path to the Key
Error
Error (19516): Detected Programming File Generator settings error: Cannot find ‘key_file’. Make sure the file is located at the expected location or update the setting.sec
Error (19516): Detected Programming File Generator settings error: Cannot find ‘key_file’. Make sure the file is located at the expected location or update the setting.
Description
If you are using keys that are stored on the file system, you need to ensure that they specify the correct path for the keys used for bitstream encryption and signing. If the Programming File Generator cannot detect the right path, the above error messages display.
Resolution
Refer to the Quartus Prime Settings .qsf file to locate the correct paths for the keys. Make sure you use relative paths instead of absolute paths.

Intel Agilex® 7 Device Security User Guide 66

Send Feedback

6. Troubleshooting 683823 | 2023.05.23
6.8. Using Unsupported Output File Type
Error
quartus_pfg -c design.sof output_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o signing=ON -o pem_file=sign_private.pem
Error (19511): Unsupported output file type (ebf). Use “-l” or “–list” option to display supported file type information.
Description While using the Quartus Programming File Generator to generate the encrypted and signed configuration bitstream, you may see the above error if an unsupported output file type is specified. Resolution Use the -l or the –list option to see the list of supported file types.

Send Feedback

Intel Agilex® 7 Device Security User Guide 67

683823 | 2023.05.23 Send Feedback
7. Intel Agilex 7 Device Security User Guide Archives
For the latest and previous versions of this user guide, refer to Intel Agilex 7 Device Security User Guide. If an IP or software version is not listed, the user guide for the previous IP or software version applies.

Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.

ISO 9001:2015 Registered

683823 | 2023.05.23 Send Feedback

8. Revision History for the Intel Agilex 7 Device Security User Guide

Document Version 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals