Intel Agilex 7 Device Security User Manual
- June 16, 2024
- Intel
Table of Contents
- Intel Agilex 7 Device Security
- Product Information
- Product Usage Instructions
- Frequently Asked Questions
- Device Security Overview
- Authentication and Authorization
- AES Bitstream Encryption
- Device Provisioning
- Co-signed firmware
- Device Permit Kill
- Device not secure
- Disable HPS debug
- Disable Intrinsic ID PUF enrollment
- Disable JTAG
- Disable PUF-wrapped encryption key
- Disable owner encryption key in BBRAM = “Not blown”
- Disable owner encryption key in eFuses = “Not blown”
- Disable owner root public key hash 0
- Disable owner root public key hash 1
- Disable owner root public key hash 2
- Disable virtual eFuses
- Force SDM clock to internal oscillator = “Not blown”
- Force encryption key update
- Intel explicit key cancellation
- Lock security eFuses
- Owner encryption key program done
- Owner encryption key program start
- Owner explicit key cancellation 0
- Owner explicit key cancellation 1
- Owner explicit key cancellation 2
- Owner fuses
- Owner root public key hash 0
- Owner root public key hash 1
- Owner root public key hash 2
- Owner root public key size
- PTS counter
- PTS counter base
- QSPI start up delay # RMA Counter # SDMIO0 is I2C # SVN counter A # SVN
- Advanced Features
- Troubleshooting
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
Intel Agilex 7 Device Security
Product Information
Specifications
- Model Number: UG-20335
- Release Date: 2023.05.23
Product Usage Instructions
1. Commitment to Product Security
Intel is committed to product security and recommends users to familiarize themselves with the product security resources provided. These resources should be utilized throughout the life of the Intel product.
2. Planned Security Features
The following security features are planned for a future release of Intel Quartus Prime Pro Edition software:
- Partial Reconfiguration Bitstream Security Verification: Provides additional assurance that Partial Reconfiguration (PR) bitstreams cannot access or interfere with other PR persona bitstreams.
- Device Self-Kill for Physical Anti-Tamper: Performs a device wipe or device zeroization response and programs eFuses to prevent the device from configuring again.
3. Available Security Documentation
The following table lists the available documentation for device security features on Intel FPGA and Structured ASIC devices:
Document Name | Purpose |
---|
Security Methodology for Intel FPGAs and Structured ASICs User
Guide| Top-level document that provides detailed descriptions of
security features and technologies in Intel Programmable Solutions
Products. Helps users select the necessary security features to
meet their security objectives.
Intel Stratix 10 Device Security User Guide| Instructions for users of Intel
Stratix 10 devices to implement
the security features identified using the Security Methodology
User Guide.
Intel Agilex 7 Device Security User Guide| Instructions for users of Intel
Agilex 7 devices to implement
the security features identified using the Security Methodology
User Guide.
Intel eASIC N5X Device Security User Guide| Instructions for users of Intel
eASIC N5X devices to implement
the security features identified using the Security Methodology
User Guide.
Intel Agilex 7 and Intel eASIC N5X HPS Cryptographic Services
User Guide| Information for HPS software engineers on the implementation
and use of HPS software libraries to access cryptographic services
provided by the SDM.
AN-968 Black Key Provisioning Service Quick Start Guide| Complete set of steps
to set up the Black Key Provisioning
service.
Frequently Asked Questions
Q: What is the purpose of the Security Methodology User Guide?
A: The Security Methodology User Guide provides detailed descriptions of security features and technologies in Intel Programmable Solutions Products. It helps users select the necessary security features to meet their security objectives.
Q: Where can I find the Intel Agilex 7 Device Security User Guide?
A: The Intel Agilex 7 Device Security User Guide can be found on the Intel Resource and Design Center website.
Q: What is the Black Key Provisioning service?
A: The Black Key Provisioning service is a service that provides a complete set of steps to set up key provisioning for secure operations.
Intel Agilex® 7 Device Security User Guide
Updated for Intel® Quartus® Prime Design Suite: 23.1
Online Version Send Feedback
UG-20335
683823 2023.05.23
Intel Agilex® 7 Device Security User Guide 2
Send Feedback
Intel Agilex® 7 Device Security User Guide 3
683823 | 2023.05.23 Send Feedback
1. Intel Agilex® 7
Device Security Overview
Intel® designs the Intel Agilex® 7 devices with dedicated, highly-configurable
security hardware and firmware.
This document contains instructions to help you use Intel Quartus® Prime Pro
Edition software to implement security features on your Intel Agilex 7
devices.
Additionally, the Security Methodology for Intel FPGAs and Structured ASICs
User Guide is available on the Intel Resource & Design Center. This document
contains detailed descriptions of the security features and technologies that
are available through Intel Programmable Solutions products to help you select
the security features necessary to meet your security objectives. Contact
Intel Support with reference number 14014613136 to access the Security
Methodology for Intel FPGAs and Structured ASICs User Guide.
The document is organized as follows: · Authentication and Authorization:
Provides instructions to create
authentication keys and signature chains, apply permissions and revocations,
sign objects, and program authentication features on Intel Agilex 7 devices. ·
AES Bitstream Encryption: Provides instructions to create an AES root key,
encrypt configuration bitstreams, and provision the AES root key to Intel
Agilex 7 devices. · Device Provisioning: Provides instructions to use the
Intel Quartus Prime Programmer and Secure Device Manager (SDM) provision
firmware to program security features on Intel Agilex 7 devices. · Advanced
Features: Provides instructions to enable advanced security features,
including secure debug authorization, Hard Processor System (HPS) debug, and
remote system update.
1.1. Commitment to Product Security
Intel’s long-lasting commitment to security has never been stronger. Intel
strongly recommends that you become familiar with our product security
resources and plan to utilize them throughout the life of your Intel product.
Related Information · Product Security at Intel · Intel Product Security
Center Advisories
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
1. Intel Agilex® 7 Device Security Overview 683823 | 2023.05.23
1.2. Planned Security Features
Features mentioned in this section are planned for a future release of Intel Quartus Prime Pro Edition software.
Note:
The information in this section is preliminary.
1.2.1. Partial Reconfiguration Bitstream Security Verification
Partial reconfiguration (PR) bitstream security validation helps provide
additional assurance that PR persona bitstreams cannot access or interfere
with other PR persona bitstreams.
1.2.2. Device Self-Kill for Physical Anti-Tamper
Device self-kill performs a device wipe or device zeroization response and
additionally programs eFuses to prevent the device from configuring again.
1.3. Available Security Documentation
The following table enumerates the available documentation for device security features on Intel FPGA and Structured ASIC devices:
Table 1.
Available Device Security Documentation
Document Name
Security Methodology for Intel FPGAs and Structured ASICs User Guide
Purpose
Top-level document that contains detailed descriptions of security features
and technologies in Intel Programmable Solutions Products. Intended to help
you select the security features necessary to meet your security objectives.
Document ID 721596
Intel Stratix 10 Device Security User Guide
Intel Agilex 7 Device Security User Guide
For users of Intel Stratix 10 devices, this guide contains instructions to use
Intel Quartus Prime Pro Edition software to implement the security features
identified using the Security Methodology User Guide.
For users of Intel Agilex 7 devices, this guide contains instructions to use
Intel Quartus Prime Pro Edition software to implement the security features
identified using the Security Methodology User Guide.
683642 683823
Intel eASIC N5X Device Security User Guide
For users of Intel eASIC N5X devices, this guide contains instructions to use Intel Quartus Prime Pro Edition software to implement the security features identified using the Security Methodology User Guide.
626836
Intel Agilex 7 and Intel eASIC N5X HPS Cryptographic Services User Guide
This guide contains information to assist HPS software engineers in the implementation and use of HPS software libraries to access cryptographic services provided by the SDM.
713026
AN-968 Black Key Provisioning Service Quick Start Guide
This guide contains complete set of steps to set up the Black Key Provisioning service.
739071
Location Intel Resource and
Design Center
Intel.com
Intel.com
Intel Resource and Design Center
Intel Resource and Design Center
Intel Resource and Design Center
Send Feedback
Intel Agilex® 7 Device Security User Guide 5
683823 | 2023.05.23 Send Feedback
Authentication and Authorization
To enable the authentication features of an Intel Agilex 7 device, you begin
by using the Intel Quartus Prime Pro Edition software and associated tools to
build a signature chain. A signature chain consists of a root key, one or more
signing keys, and applicable authorizations. You apply the signature chain to
your Intel Quartus Prime Pro Edition project and compiled programming files.
Use the instructions in Device Provisioning to program your root key into
Intel Agilex 7 devices.
Related Information
Device Provisioning on page 25
2.1. Creating a Signature Chain
You may use the quartus_sign tool or the agilex_sign.py reference
implementation to perform signature chain operations. This document provides
examples using quartus_sign.
To use the reference implementation, you substitute a call to the Python
interpreter included with Intel Quartus Prime software and omit the
–family=agilex option; all other options are equivalent. For example, the
quartus_sign command found later in this section
quartus_sign –family=agilex –operation=make_root root_public.pem root.qky can
be converted into the equivalent call to the reference implementation as
follows
pgm_py agilex_sign.py –operation=make_root root_public.pem root.qky
Intel Quartus Prime Pro Edition software includes the quartus_sign, pgm_py, and agilex_sign.py tools. You may use the Nios® II command shell tool, which automatically sets appropriate environment variables to access the tools.
Follow these instructions to bring up a Nios II command shell. 1. Bring up a Nios II command shell.
Option Windows
Linux
Description
On the Start menu, point to Programs Intel FPGA Nios II EDS
In a command shell change to the
./nios2_command_shell.sh
The examples in this section assume signature chain and configuration bitstream files are located in the current working directory. If you choose to follow the examples where key files are kept on the file system, those examples assume the key files are
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
2. Authentication and Authorization 683823 | 2023.05.23
located in the current working directory. You may choose which directories to
use, and the tools support relative file paths. If you choose to keep key
files on the file system, you must carefully manage access permissions to
those files.
Intel recommends that a commercially available Hardware Security Module (HSM)
be used to store cryptographic keys and perform cryptographic operations. The
quartus_sign tool and reference implementation include a Public Key
Cryptography Standard #11 (PKCS #11) Application Programming Interface (API)
to interact with an HSM while performing signature chain operations. The
agilex_sign.py reference implementation includes an interface abstract as well
as an example interface to SoftHSM.
You may use these example interfaces to implement an interface to your HSM.
Refer to the documentation from your HSM vendor for more information about
implementing an interface to and operating your HSM.
SoftHSM is a software implementation of a generic cryptographic device with a
PKCS #11 interface that is made available by the OpenDNSSEC® project. You may
find more information, including instructions on how to download, build, and
install OpenHSM, at the OpenDNSSEC project. The examples in this section
utilize SoftHSM version 2.6.1. The examples in this section additionally use
the pkcs11-tool utility from OpenSC to perform additional PKCS #11 operations
with a SoftHSM token. You may find more information, including instructions on
how to download, build, and install pkcs11tool from OpenSC.
Related Information
· The OpenDNSSEC project Policy-based zone signer for automating the process
of DNSSEC keys tracking.
· SoftHSM Information about the implementation of a cryptographic store
accessible through a PKCS #11 interface.
· OpenSC Provides set of libraries and utilities able to work with smart
cards.
2.1.1. Creating Authentication Key Pairs on the Local File System
You use the quartus_sign tool to create authentication key pairs on the local
file system using the make_private_pem and make_public_pem tool operations.
You first generate a private key with the make_private_pem operation. You
specify the elliptic curve to use, the private key filename, and optionally
whether to protect the private key with a passphrase. Intel recommends the use
of the secp384r1 curve and following industry best practices to create a
strong, random passphrase on all private key files. Intel also recommends
restricting the file system permissions on the private key .pem files to read
by owner only. You derive the public key from the private key with the
make_public_pem operation. It is helpful to name the key .pem files
descriptively. This document uses the convention
Send Feedback
Intel Agilex® 7 Device Security User Guide 7
2. Authentication and Authorization 683823 | 2023.05.23
repeat this step to create your required number of root keys. Examples in this document all refer to the first root key, though you may build signature chains in a similar fashion with any root key.
Option With passphrase
Description
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1
root0_private.pem Enter the passphrase when prompted to do so.
Without passphrase
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 –no_passphrase root0_private.pem
2. Run the following command to create a public key using the private key
generated in the previous step. You do not need to protect the confidentiality
of a public key.
quartus_sign –family=agilex –operation=make_public_pem root0_private.pem
root0_public.pem
3. Run the commands again to create a key pair used as the design signing key
in the signature chain.
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1
design0_sign_private.pem
quartus_sign –family=agilex –operation=make_public_pem design0_sign_private.pem design0_sign_public.pem
2.1.2. Creating Authentication Key Pairs in SoftHSM
The SoftHSM examples in this chapter are self-consistent. Certain parameters
depend on your SoftHSM installation and a token initialization within SoftHSM.
The quartus_sign tool depends on the PKCS #11 API library from your HSM.
The examples in this section assume that the SoftHSM library is installed to
one of the following locations: · /usr/local/lib/softhsm2.so on Linux ·
C:SoftHSM2libsofthsm2.dll on 32-bit version of Windows ·
C:SoftHSM2libsofthsm2-x64.dll on 64-bit version of Windows.
Initialize a token within SoftHSM using the softhsm2-util tool:
softhsm2-util –init-token –label agilex-token –pin agilex-token-pin –so-pin
agilex-so-pin –free
The option parameters, particularly the token label and token pin are examples
used throughout this chapter. Intel recommends that you follow instructions
from your HSM vendor to create and manage tokens and keys.
You create authentication key pairs using the pkcs11-tool utility to interact
with the token in SoftHSM. Instead of explicitly referring to the private and
public key .pem files in the file system examples, you refer to the key pair
by its label and the tool selects the appropriate key automatically.
Intel Agilex® 7 Device Security User Guide 8
Send Feedback
2. Authentication and Authorization 683823 | 2023.05.23
Run the following commands to create a key pair used as the root key in later
examples as well as a key pair used as a design signing key in the signature
chain:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-
token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN
–key-type EC:secp384r1 –usage-sign –label root0 –id 0
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-
token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN
–key-type EC:secp384r1 –usage-sign –label design0_sign –id 1
Note:
The ID option in this step must be unique to each key, but it is used only by the HSM. This ID option is unrelated to the key cancellation ID assigned in the signature chain.
2.1.3. Creating the Signature Chain Root Entry
Convert the root public key into a signature chain root entry, stored on the
local file system in the Intel Quartus Prime key (.qky) format file, with the
make_root operation. Repeat this step for each root key you generate.
Run the following command to create a signature chain with a root entry, using
a root public key from the file system:
quartus_sign –family=agilex –operation=make_root –key_type=owner
root0_public.pem root0.qky
Run the following command to create a signature chain with a root entry, using
the root key from the SoftHSM token established in the prior section:
quartus_sign –family=agilex –operation=make_root –key_type=owner
–module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-
token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” root0 root0.qky
2.1.4. Creating a Signature Chain Public Key Entry
Create a new public key entry for a signature chain with the append_key
operation. You specify the prior signature chain, the private key for the last
entry in the prior signature chain, the next level public key, the permissions
and cancellation ID you assign to the next level public key, and the new
signature chain file.
Notice that the softHSM library is not available with Quartus installation and
instead needs to be installed separately. For more information about softHSM
refer to Section Creating a Signature Chain above.
Send Feedback
Intel Agilex® 7 Device Security User Guide 9
2. Authentication and Authorization 683823 | 2023.05.23
Depending on your use of keys on the file system or in an HSM, you use one of
the following example commands to append the design0_sign public key to the
root signature chain created in the prior section:
quartus_sign –family=agilex –operation=append_key
–previous_pem=root0_private.pem –previous_qky=root0.qky –permission=6
–cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=root0
–previous_qky=root0.qky –permission=6 –cancel=0 –input_keyname=design0_sign
design0_sign_chain.qky
You may repeat the append_key operation up to two more times for a maximum of
three public key entries between the root entry and header block entry in any
one signature chain.
The following example assumes you created another authentication public key
with the same permissions and assigned cancellation ID 1 called
design1_sign_public.pem, and are appending this key to the signature chain
from the previous example:
quartus_sign –family=agilex –operation=append_key
–previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky
–permission=6 –cancel=1 –input_pem=design1_sign_public.pem
design1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=design0_sign
–previous_qky=design0_sign_chain.qky –permission=6 –cancel=1
–input_keyname=design1_sign design1_sign_chain.qky
Intel Agilex 7 devices include an additional key cancellation counter to
facilitate the use of a key that may change periodically throughout the life
of a given device. You may select this key cancellation counter by changing
the argument of the –cancel option to pts:pts_value.
2.2. Signing a Configuration Bitstream
Intel Agilex 7 devices support Security Version Number (SVN) counters, which
allow you to revoke the authorization of an object without canceling a key.
You assign the SVN counter and the appropriate SVN counter value during the
signing of any object, such as a bitstream section, firmware .zip file, or
compact certificate. You assign the SVN counter and SVN value using the
–cancel option and svn_counter:svn_value as the argument. Valid values for
svn_counter are svnA, svnB, svnC, and svnD. The svn_value is an integer within
the range [0,63].
Intel Agilex® 7 Device Security User Guide 10
Send Feedback
2. Authentication and Authorization 683823 | 2023.05.23
2.2.1. Quartus Key File Assignment
You specify a signature chain in your Intel Quartus Prime software project to
enable the authentication feature for that design. From the Assignments menu,
select Device Device and Pin Options Security Quartus Key File, then browse to
the signature chain .qky file you created to sign this design.
Figure 1. Enable Configuration Bitstream Setting
Alternatively, you may add the following assignment statement to your Intel
Quartus Prime Settings file (.qsf):
set_global_assignment -name QKY_FILE design0_sign_chain.qky
To generate a .sof file from a previously compiled design, that includes this
setting, from the Processing menu, select Start Start Assembler. The new
output .sof file includes the assignments to enable authentication with the
provided signature chain.
Send Feedback
Intel Agilex® 7 Device Security User Guide 11
2. Authentication and Authorization 683823 | 2023.05.23
2.2.2. Co-Signing SDM Firmware
You use the quartus_sign tool to extract, sign, and install the applicable SDM
firmware .zip file. The co-signed firmware is then included by the programming
file generator tool when you convert .sof file into a configuration bitstream
.rbf file. You use the following commands to create a new signature chain and
sign SDM firmware.
1. Create a new signing key pair.
a. Create a new signing key pair on the file system:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1
firmware1_private.pem
quartus_sign –family=agilex –operation=make_public_pem firmware1_private.pem
firmware1_public.pem
b. Create a new signing key pair in the HSM:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-
token –login –pin agilex-token-pin –keypairgen -mechanism ECDSA-KEY-PAIR-GEN
–key-type EC:secp384r1 –usage-sign –label firmware1 –id 1
2. Create a new signature chain containing the new public key:
quartus_sign –family=agilex –operation=append_key
–previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x1
–cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=root0
–previous_qky=root0.qky –permission=1 –cancel=1 –input_keyname=firmware1
firmware1_sign_chain.qky
3. Copy the firmware .zip file from your Intel Quartus Prime Pro Edition
software installation directory (
quartus_sign –family=agilex –get_firmware=.
4. Sign the firmware .zip file. The tool automatically unpacks the .zip file
and individually signs all firmware .cmf files, then rebuilds the .zip file
for use by the tools in the following sections:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky
–cancel=svnA:0 –pem=firmware1_private.pem agilex.zip signed_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”
Intel Agilex® 7 Device Security User Guide 12
Send Feedback
2. Authentication and Authorization 683823 | 2023.05.23
–keyname=firmware1 –cancel=svnA:0 –qky=firmware1_sign_chain.qky agilex.zip signed_agilex.zip
2.2.3. Signing Configuration Bitstream Using the quartus_sign Command
To sign a configuration bitstream using the quartus_sign command, you first
convert the .sof file to the unsigned raw binary file (.rbf) format. You may
optionally specify co-signed firmware using the fw_source option during the
conversion step.
You can generate the unsigned raw bitstream in .rbf format using the following
command:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof
unsigned_bitstream.rbf
Run one of the following commands to sign the bitstream using the quartus_sign
tool depending on the location of your keys:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky
–pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf
signed_bitstream.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign
–qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf
signed_bitstream.rbf
You may convert signed .rbf files to other configuration bitstream file
formats.
For example, if you are using the Jam* Standard Test and Programming Language
(STAPL) Player to program a bitstream over JTAG, you use the following command
to convert an .rbf file to the .jam format that the Jam STAPL Player requires:
quartus_pfg -c signed_bitstream.rbf signed_bitstream.jam
2.2.4. Partial Reconfiguration Multi-Authority Support
Intel Agilex 7 devices support partial reconfiguration multi-authority
authentication, where the device owner creates and signs the static bitstream,
and a separate PR owner creates and signs PR persona bitstreams. Intel Agilex
7 devices implement multi-authority support by assigning the first
authentication root key slots to the device or static bitstream owner and
assigning the final authentication root key slot to the partial
reconfiguration persona bitstream owner.
If the authentication feature is enabled, then all PR persona images must be
signed, including nested PR persona images. PR persona images may be signed by
either the device owner or by the PR owner; however, static region bitstreams
must be signed by the device owner.
Note:
Partial Reconfiguration static and persona bitstream encryption when multi- authority support is enabled is planned in a future release.
Send Feedback
Intel Agilex® 7 Device Security User Guide 13
2. Authentication and Authorization 683823 | 2023.05.23
Figure 2.
Implementing partial reconfiguration multi-authority support requires several
steps:
1. The device or static bitstream owner generates one or more authentication
root keys as described in Creating Authentication Key Pairs in SoftHSM on page
8, where the –key_type option has value owner.
2. The partial reconfiguration bitstream owner generates an authentication
root key but changes the –key_type option value to secondary_owner.
3. Both the static bitstream and partial reconfiguration design owners ensure
that the Enable Multi-Authority support checkbox is enabled in the Assignments
Device Device and Pin Options Security tab.
Intel Quartus Prime Enable Multi-Authority Option Settings
4. Both the static bitstream and partial reconfiguration design owners create
signature chains based on their respective root keys as described in Creating
a Signature Chain on page 6.
5. Both the static bitstream and partial reconfiguration design owners
convert their compiled designs to .rbf format files and sign the .rbf files.
6. The device or static bitstream owner generates and signs a PR public key
program authorization compact certificate.
quartus_pfg –ccert o ccert_type=PR_PUBKEY_PROG_AUTH o
owner_qky_file=”root0.qky;root1.qky” unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky
–pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert
signed_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=s10-token –user_pin=s10-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign
–qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert
signed_pr_pubkey_prog.ccert
Intel Agilex® 7 Device Security User Guide 14
Send Feedback
2. Authentication and Authorization 683823 | 2023.05.23
7. The device or static bitstream owner provisions their authentication root
key hashes to the device, then programs the PR public key program
authorization compact certificate, and finally provisions the partial
reconfiguration bitstream owner root key to the device. The Device
Provisioning section describes this provisioning process.
8. Intel Agilex 7 device is configured with the static region .rbf file.
9. Intel Agilex 7 device is partially reconfigured with the persona design
.rbf file.
Related Information
· Creating a Signature Chain on page 6
· Creating Authentication Key Pairs in SoftHSM on page 8
· Device Provisioning on page 25
2.2.5. Verifying Configuration Bitstream Signature Chains
After you create signature chains and signed bitstreams, you may verify that a
signed bitstream correctly configures a device programmed with a given root
key. You first use the fuse_info operation of the quartus_sign command to
print the hash of the root public key to a text file:
quartus_sign –family=agilex –operation=fuse_info root0.qky hash_fuse.txt
You then use the check_integrity option of the quartus_pfg command to inspect
the signature chain on each section of a signed bitstream in .rbf format. The
check_integrity option prints the following information:
· Status of the overall bitstream integrity check
· Contents of each entry in each signature chain attached to each section in
the bitstream .rbf file,
· Expected fuse value for the hash of the root public key for each signature
chain.
The value from the fuse_info output should match the Fuse lines in the
check_integrity output.
quartus_pfg –check_integrity signed_bitstream.rbf
Here is an example of the check_integrity command output:
Info: Command: quartus_pfg –check_integrity signed_bitstream.rbf Integrity status: OK
Section
Type: CMF
Signature Descriptor …
Signature chain #0 (entries: -1, offset: 96)
Entry #0
Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79
72978B22 0731B082 6F596899 40F32048 AD766A24
Generate key …
Curve : secp384r1
X
: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA
456FF53F5DBB3A69E48A042C62AB6B0
Y
: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2
2826F7E94A169023AFAE1D1DF4A31C2
Generate key …
Curve : secp384r1
X
: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA
Send Feedback
Intel Agilex® 7 Device Security User Guide 15
2. Authentication and Authorization 683823 | 2023.05.23
456FF53F5DBB3A69E48A042C62AB6B0
Y
: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2
2826F7E94A169023AFAE1D1DF4A31C2
Entry #1
Generate key …
Curve : secp384r1
X
: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B
C120C7E7A744C357346B424D52100A9
Y
: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5
08A80F3FE7F156DEF0AE5FD95BDFE05
Entry #2 Keychain permission: SIGN_CODE Keychain can be cancelled by ID: 3 Signature chain #1 (entries: -1, offset: 648)
Entry #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Entry #1
Generate key …
Curve : secp384r1
X
: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D
74D982BC20A4772ABCD0A1848E9DC96
Y
: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D
0DA7C6B53D83CF8A775A8340BD5A5DB
Entry #2
Generate key …
Curve : secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Entry #3 Keychain permission: SIGN_CODE Keychain can be cancelled by ID: 15 Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)
Section Type: IO Signature Descriptor … Signature chain #0 (entries: -1, offset: 96)
Entry #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Intel Agilex® 7 Device Security User Guide 16
Send Feedback
2. Authentication and Authorization 683823 | 2023.05.23
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Entry #1
Generate key …
Curve : secp384r1
X
: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21
44758CA747B1A8315024A8247F12E51
Y
: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C
F4EA8B8E229218D38A869EE15476750
Entry #2
Generate key …
Curve : secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Entry #3 Keychain permission: SIGN_CORE Keychain can be cancelled by ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)
Section
Type: HPS
Signature Descriptor …
Signature chain #0 (entries: -1, offset: 96)
Entry #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Entry #1
Generate key …
Curve : secp384r1
X
: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30
09CE3F486200940E81D02E2F385D150
Y
: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E
5AC33EE6D388B1A895AC07B86155E9D
Entry #2
Generate key …
Curve : secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Send Feedback
Intel Agilex® 7 Device Security User Guide 17
2. Authentication and Authorization 683823 | 2023.05.23
Entry #3 Keychain permission: SIGN_HPS Keychain can be cancelled by ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)
Section Type: CORE Signature Descriptor … Signature chain #0 (entries: -1, offset: 96)
Entry #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Generate key …
Curve : secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Entry #1
Generate key …
Curve : secp384r1
X
: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21
44758CA747B1A8315024A8247F12E51
Y
: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C
F4EA8B8E229218D38A869EE15476750
Entry #2
Generate key …
Curve : secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Entry #3 Keychain permission: SIGN_CORE Keychain can be cancelled by ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entries: -1, offset: 0) Signature chain #5 (entries: -1, offset: 0) Signature chain #6 (entries: -1, offset: 0) Signature chain #7 (entries: -1, offset: 0)
Intel Agilex® 7 Device Security User Guide 18
Send Feedback
683823 | 2023.05.23 Send Feedback
AES Bitstream Encryption
Advanced Encryption Standard (AES) bitstream encryption is a feature that
enables a device owner to protect the confidentiality of intellectual property
in a configuration bitstream.
To help protect the confidentiality of keys, configuration bitstream
encryption uses a chain of AES keys. These keys are used to encrypt owner data
in the configuration bitstream, where the first intermediate key is encrypted
with the AES root key.
3.1. Creating the AES Root Key
You may use the quartus_encrypt tool or stratix10_encrypt.py reference implementation to create an AES root key in the Intel Quartus Prime software encryption key (.qek) format file.
Note:
The stratix10_encrypt.py file is used for Intel Stratix® 10, and Intel Agilex 7 devices.
You may optionally specify the base key used to derive the AES root key and key derivation key, the value for the AES root key directly, the number of intermediate keys, and the maximum use per intermediate key.
You must specify the device family, output .qek file location, and passphrase
when prompted.
Run the following command to generate the AES root key using random data for
the base key and default values for number of intermediate keys and maximum
key use.
To use the reference implementation, you substitute a call to the Python
interpreter included with Intel Quartus Prime software and omit the
–family=agilex option; all other options are equivalent. For example, the
quartus_encrypt command found later in the section
quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek
can be converted into the equivalent call to the reference implementation as follows pgm_py stratix10_encrypt.py –operation=MAKE_AES_KEY aes_root.qek
3.2. Quartus Encryption Settings
To enable bitstream encryption for a design, you must specify the appropriate
options using the Assignments Device Device and Pin Options Security panel.
You select the Enable configuration bitstream encryption checkbox, and the
desired Encryption key storage location from the dropdown menu.
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
Figure 3. Intel Quartus Prime Encryption Settings
3. AES Bitstream Encryption 683823 | 2023.05.23
Alternatively, you may add the following assignment statement to your Intel
Quartus Prime settings file .qsf:
set_global_assignment -name ENCRYPT_PROGRAMMING_BITSTREAM on
set_global_assignment -name PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
If you want to enable additional mitigations against side-channel attack
vectors, you may enable the Encryption update ratio dropdown and Enable
scrambling checkbox.
Intel Agilex® 7 Device Security User Guide 20
Send Feedback
3. AES Bitstream Encryption 683823 | 2023.05.23
The corresponding changes in the .qsf are:
set_global_assignment -name PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING
on set_global_assignment -name PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO
31
3.3. Encrypting a Configuration Bitstream
You encrypt a configuration bitstream prior to signing the bitstream. The
Intel Quartus Prime Programming File Generator tool can automatically encrypt
and sign a configuration bitstream using the graphical user interface or
command line.
You may optionally create a partially encrypted bitstream for use with the
quartus_encrypt and quartus_sign tools or reference implementation
equivalents.
3.3.1. Configuration Bitstream Encryption Using the Programming File Generator
Graphical Interface
You can use the Programming File Generator to encrypt and sign the owner
image.
Figure 4.
1. On the Intel Quartus Prime File menu select Programming File Generator. 2.
On the Output Files tab, specify the output file type for your configuration
scheme.
Output File Specification
Configuration scheme Output file tab
Output file type
3. On the Input Files tab, click Add Bitstream and browse to your .sof. 4. To
specify encryption and authentication options select the .sof and click
Properties. a. Turn Enable signing tool on. b. For Private key file select
your signing key private .pem file. c. Turn Finalize encryption on.
Send Feedback
Intel Agilex® 7 Device Security User Guide 21
3. AES Bitstream Encryption 683823 | 2023.05.23
Figure 5.
d. For Encryption key file, select your AES .qek file. Input (.sof) File Properties for Authentication and Encryption
Enable authentication Specify private root .pem
Enable encryption Specify encryption key
5. To generate the signed and encrypted bitstream, on the Input Files tab,
click Generate. Password dialog boxes appear for you to input your passphrase
for your AES key .qek file and signing private key .pem file. The programming
file generator creates the encrypted and signed output_file.rbf.
3.3.2. Configuration Bitstream Encryption Using the Programming File Generator
Command Line Interface
Generate an encrypted and signed configuration bitstream in .rbf format with
the quartus_pfg command line interface:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o
qek_file=aes_root.qek -o signing=ON -o pem_file=design0_sign_private.pem
You may convert an encrypted and signed configuration bitstream in .rbf format
to other configuration bitstream file formats.
3.3.3. Partially Encrypted Configuration Bitstream Generation Using the
Command Line Interface
You may generate a partially encrypted programming file to finalize encryption
and sign the image later. Generate the partially encrypted programming file in
the .rbf format with thequartus_pfgcommand line interface: quartus_pfg -c -o
finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf
Intel Agilex® 7 Device Security User Guide 22
Send Feedback
3. AES Bitstream Encryption 683823 | 2023.05.23
You use the quartus_encrypt command line tool to finalize bitstream
encryption:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf
encrypted_top.rbf
You use the quartus_sign command line tool to sign the encrypted configuration
bitstream:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky
–pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf
signed_encrypted_top.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign
–qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf
signed_encrypted_top.rbf
3.3.4. Partial Reconfiguration Bitstream Encryption
You can enable bitstream encryption on someIntel Agilex 7 FPGA designs that
use partial reconfiguration.
Partial reconfiguration designs utilizing the Hierarchical Partial
Reconfiguration (HPR), or Static Update Partial Reconfiguration (SUPR) do not
support the bitstream encryption. If your design contains multiple PR regions,
you must encrypt all personas.
To enable partial reconfiguration bitstream encryption, follow the same
procedure in all design revisions. 1. On the Intel Quartus Prime File menu,
select Assignments Device Device
and Pin Options Security. 2. Select the desired encryption key storage
location.
Figure 6. Partial Reconfiguration Bitstream Encryption Setting
Send Feedback
Intel Agilex® 7 Device Security User Guide 23
3. AES Bitstream Encryption 683823 | 2023.05.23
Alternatively, you may add the following assignment statement in the Quartus
Prime settings file .qsf:
set_global_assignment -name
–ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION on
After you compile your base design and revisions, the software generates
a.soffile and one or more.pmsffiles, representing the personas. 3. Create
encrypted and signed programming files from.sof and.pmsf files in a similar
fashion to designs with no partial reconfiguration enabled. 4. Convert the
compiled persona.pmsf file to a partially encrypted.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON
encryption_enabled_persona1.pmsf persona1.rbf
5. Finalize bitstream encryption using the quartus_encrypt command line tool:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek
persona1.rbf encrypted_persona1.rbf
6. Sign the encrypted configuration bitstream using the quartus_sign command
line tool:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky
–pem=design0_sign_private.pem encrypted_persona1.rbf
signed_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –qky=design0_sign_chain.qky
–cancel=svnA:0 –keyname=design0_sign encrypted_persona1.rbf
signed_encrypted_persona1.rbf
Intel Agilex® 7 Device Security User Guide 24
Send Feedback
683823 | 2023.05.23 Send Feedback
Device Provisioning
Initial security feature provisioning is only supported in the SDM provision
firmware. Use the Intel Quartus Prime Programmer to load the SDM provision
firmware and perform provisioning operations.
You may use any type of JTAG download cable to connect the Quartus Programmer
to an Intel Agilex 7 device to perform provisioning operations.
4.1. Using SDM Provision Firmware
The Intel Quartus Prime Programmer automatically creates and loads a factory
default helper image when you select the initialize operation and a command to
program something other than a configuration bitstream.
Depending on the programming command specified, the factory default helper
image is one of two types:
· Provisioning helper image–consists of one bitstream section containing the
SDM provisioning firmware.
· QSPI helper image–consists of two bitstream sections, one containing the SDM
main firmware and one I/O section.
You may create a factory default helper image file to load into your device
prior to performing any programming command. After programming an
authentication root key hash, you must create and sign a QSPI factory default
helper image because of the included I/O section. If you additionally program
the co-signed firmware security setting eFuse, you must create provisioning
and QSPI factory default helper images with co-signed firmware. You may use a
co-signed factory default helper image on an unprovisioned device as the
unprovisioned device ignores non-Intel signature chains over SDM firmware.
Refer to Using QSPI Factory Default Helper Image on Owned Devices on page 26
for more details about creating, signing, and using the QSPI factory default
helper image.
The provisioning factory default helper image performs a provisioning action,
such as programming the authentication root key hash, security setting fuses,
PUF enrollment, or black key provisioning. You use the Intel Quartus Prime
Programming File Generator command line tool to create the provisioning helper
image, specifying the helper_image option, your helper_device name, the
provision helper image subtype, and optionally a co-signed firmware .zip file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o
fw_source=signed_agilex.zip signed_provision_helper_image.rbf
Program the helper image using the Intel Quartus Prime Programmer tool:
quartus_pgm -c 1 -m jtag -o “p;signed_provision_helper_image.rbf” –force
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
4. Device Provisioning 683823 | 2023.05.23
Note:
You may omit the initialize operation from commands, including examples provided in this chapter, after either programming a provision helper image or using a command that contains the initialize operation.
4.2. Using QSPI Factory Default Helper Image on Owned Devices
The Intel Quartus Prime Programmer automatically creates and loads a QSPI
factory default helper image when you select the initialize operation for a
QSPI flash programming file. After programming an authentication root key
hash, you must create and sign the QSPI factory default helper image, and
program the signed QSPI factory helper image separately prior to programming
the QSPI flash. 1. You use the Intel Quartus Prime Programming File Generator
command line tool to
create the QSPI helper image, specifying the helper_image option, your
helper_device type, the QSPI helper image subtype, and optionally a cosigned
firmware .zip file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o
fw_source=signed_agilex.zip qspi_helper_image.rbf
2. You sign the QSPI factory default helper image:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky
–pem=design0_sign_private.pem qspi_helper_image.rbf
signed_qspi_helper_image.rbf
3. You may use any QSPI flash programming file format. The following examples
use a configuration bitstream converted to the .jic file format:
quartus_pfg -c signed_bitstream.rbf signed_flash.jic -o device=MT25QU128 -o
flash_loader=AGFB014R24A -o mode=ASX4
4. You program the signed helper image using the Intel Quartus Prime
Programmer tool:
quartus_pgm -c 1 -m jtag -o “p;signed_qspi_helper_image.rbf” –force
5. You program the .jic image to flash using the Intel Quartus Prime
Programmer tool:
quartus_pgm -c 1 -m jtag -o “p;signed_flash.jic”
4.3. Authentication Root Key Provisioning
To program the owner root key hashes to physical fuses, first you must load
the provision firmware, next program the owner root key hashes, and then
immediately perform a power-on reset. A power-on reset is not required if
programming root key hashes to virtual fuses.
Intel Agilex® 7 Device Security User Guide 26
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
To program authentication root key hashes, you program the provision firmware
helper image and run one of the following commands to program the root key
.qky files.
// For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o
“p;root0.qky;root1.qky;root2.qky” –non_volatile_key
// For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o
“p;root0.qky;root1.qky;root2.qky”
4.3.1. Partial Reconfiguration Multi-Authority Root Key Programming
After provisioning the device or static region bitstream owner root keys, you
again load the device provision helper image, program the signed PR public key
program authorization compact certificate, and then provision the PR persona
bitstream owner root key.
// For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o
“p;root_pr.qky” –pr_pubkey –non_volatile_key
// For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o “p;p;root_pr.qky”
–pr_pubkey
4.4. Programming Key Cancellation ID Fuses
Starting with Intel Quartus Prime Pro Edition software version 21.1,
programming Intel and owner key cancellation ID fuses requires the use of a
signed compact certificate. You may sign the key cancellation ID compact
certificate with a signature chain that has FPGA section signing permissions.
You create the compact certificate with the programming file generator command
line tool. You sign the unsigned certificate using the quartus_sign tool or
reference implementation.
Intel Agilex 7 devices support separate banks of owner key cancellation IDs
for each root key. When an owner key cancellation ID compact certificate is
programmed into an Intel Agilex 7 FPGA, the SDM determines which root key
signed the compact certificate and blows the key cancellation ID fuse that
corresponds to that root key.
The following examples create an Intel key cancellation certificate for Intel
key ID 7. You may replace 7 with the applicable Intel key cancellation ID from
0-31.
Run the following command to create an unsigned Intel key cancellation ID
compact certificate:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7
unsigned_cancel_intel7.ccert
Run one of the following commands to sign the unsigned Intel key cancellation
ID compact certificate:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky
–pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.ccert
signed_cancel_intel7.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”
Send Feedback
Intel Agilex® 7 Device Security User Guide 27
4. Device Provisioning 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0
unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
Run the following command to create an unsigned owner key cancellation ID
compact certificate:
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2
unsigned_cancel_owner2.ccert
Run one of the following commands to sign the unsigned owner key cancellation
ID compact certificate:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky
–pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.ccert
signed_cancel_owner2.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign
–qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.ccert
signed_cancel_owner2.ccert
After you have created a signed key cancellation ID compact certificate, you
use the Intel Quartus Prime Programmer to program the compact certificate to
the device via JTAG.
//For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o
“pi;signed_cancel_intel7.ccert” –non_volatile_key quartus_pgm -c 1 -m jtag -o
“pi;signed_cancel_owner2.ccert” –non_volatile_key
//For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o
“pi;signed_cancel_intel7.ccert” quartus_pgm -c 1 -m jtag -o
“pi;signed_cancel_owner2.ccert”
You may additionally send the compact certificate to the SDM using the FPGA or
HPS mailbox interface.
4.5. Canceling Root Keys
Intel Agilex 7 devices let you cancel the root key hashes when another
uncanceled root key hash is present. You cancel a root key hash by first
configuring the device with a design whose signature chain is rooted in a
different root key hash, then program a signed root key hash cancellation
compact certificate. You must sign the root key hash cancellation compact
certificate with a signature chain rooted in the root key to be canceled.
Run the following command to generate an unsigned root key hash cancellation
compact certificate:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert
Intel Agilex® 7 Device Security User Guide 28
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
Run one of the following commands to sign the unsigned root key hash
cancellation compact certificate:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky
–pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert
signed_root_cancel.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname=design0_sign
–qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert
signed_root_cancel.ccert
You may program a root key hash cancellation compact certificate via JTAG,
FPGA, or HPS mailboxes.
4.6. Programming Counter Fuses
You update the Security Version Number (SVN) and Pseudo Time Stamp (PTS)
counter fuses using signed compact certificates.
Note:
The SDM keeps track of the minimum counter value seen during a given configuration and does not accept counter increment certificates when the counter value is smaller than the minimum value. You must update all objects assigned to a counter and reconfigure the device prior to programming a counter increment compact certificate.
Run one of the following commands that corresponds to the counter increment
certificate you want to generate.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495>
unsigned_pts.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert
A counter value of 1 creates a counter increment authorization certificate.
Programming a counter increment authorization compact certificate enables you
to program further unsigned counter increment certificates to update the
respective counter. You use the quartus_sign tool to sign the counter compact
certificates in a similar fashion to key cancellation ID compact certificates.
You may program a root key hash cancellation compact certificate via JTAG,
FPGA, or HPS mailboxes.
Send Feedback
Intel Agilex® 7 Device Security User Guide 29
4. Device Provisioning 683823 | 2023.05.23
4.7. Secure Data Object Service Root Key Provisioning
You use the Intel Quartus Prime Programmer to provision the Secure Data Object
Service (SDOS) root key. The Programmer automatically loads the provision
firmware helper image to provision the SDOS root key.
quartus_pgm c 1 m jtag –service_root_key –non_volatile_key
4.8. Security Setting Fuse Provisioning
Use the Intel Quartus Prime Programmer to examine device security setting
fuses and write them to a text-based .fuse file as follows:
quartus_pgm -c 1 -m jtag -o “ei;programming_file.fuse;AGFB014R24B”
Options · i: The Programmer loads the provision firmware helper image to the device. · e: The Programmer reads the fuse from the device and stores it in a .fuse file.
The .fuse file contains a list of fuse name-value pairs. The value specifies whether a fuse has been blown or the contents of the fuse field.
The following example shows the format of the .fuse file:
Co-signed firmware
= “Not blown”
Device Permit Kill
= “Not blown”
Device not secure
= “Not blown”
Disable HPS debug
= “Not blown”
Disable Intrinsic ID PUF enrollment
= “Not blown”
Disable JTAG
= “Not blown”
Disable PUF-wrapped encryption key
= “Not blown”
Disable owner encryption key in BBRAM = “Not blown”
Disable owner encryption key in eFuses = “Not blown”
Disable owner root public key hash 0
= “Not blown”
Disable owner root public key hash 1
= “Not blown”
Disable owner root public key hash 2
= “Not blown”
Disable virtual eFuses
= “Not blown”
Force SDM clock to internal oscillator = “Not blown”
Force encryption key update
= “Not blown”
Intel explicit key cancellation
= “0”
Lock security eFuses
= “Not blown”
Owner encryption key program done
= “Not blown”
Owner encryption key program start
= “Not blown”
Owner explicit key cancellation 0
= “”
Owner explicit key cancellation 1
= “”
Owner explicit key cancellation 2
= “”
Owner fuses
=
“0x00000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000
0000000000000000000000”
Owner root public key hash 0
=
“0x00000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000”
Owner root public key hash 1
=
“0x00000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000”
Owner root public key hash 2
=
“0x00000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000”
Owner root public key size
= “None”
PTS counter
= “0”
PTS counter base
= “0”
Intel Agilex® 7 Device Security User Guide 30
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
QSPI start up delay # RMA Counter # SDMIO0 is I2C # SVN counter A # SVN
counter B # SVN counter C # SVN counter D
= “10ms” = “0” = “Not blown” = “0” = “0” = “0” = “0”
Modify the .fuse file to set your desired security setting fuses. A line that
begins with # is treated as a comment line. To program a security setting
fuse, remove the leading # and set the value to Blown. For example, to enable
the Co-signed Firmware security setting fuse, modify the first line of the
fuse file to the following:
Co-signed firmware = “Blown”
You may also allocate and program the Owner Fuses based on your requirements.
You may use the following command to perform a blank check, program, and
verify the owner root public key:
quartus_pgm -c 1 -m jtag -o “ibpv;root0.qky”
Options · i: Loads the provision firmware helper image to the device. · b:
Performs a blank check to verify the desired security setting fuses are not
already blown. · p: Programs the fuse. · v: Verifies the programmed key on the
device.
After programming the .qky file, you may examine the fuse info by checking the
fuse info again to ensure both the owner public key hash and the owner public
key size have non-zero values.
While the following fields are not writable through the .fuse file method,
they are included during the examine operation output for verification: ·
Device not secure · Device permit kill · Disable owner root public key hash 0
· Disable owner root public key hash 1 · Disable owner root public key hash 2
· Intel key cancellation · Owner encryption key program start · Owner
encryption key program done · Owner key cancellation · Owner public key hash ·
Owner public key size · Owner root public key hash 0 · Owner root public key
hash 1 · Owner root public key hash 2
Send Feedback
Intel Agilex® 7 Device Security User Guide 31
4. Device Provisioning 683823 | 2023.05.23
· PTS counter · PTS counter base · QSPI start up delay · RMA counter · SDMIO0
is I2C · SVN counter A · SVN counter B · SVN counter C · SVN counter D
Use the Intel Quartus Prime Programmer to program the .fuse file back to the
device. If you add the i option, the Programmer automatically loads the
provision firmware to program the security setting fuses.
//For physical (non-volatile) eFuses quartus_pgm -c 1 -m jtag -o
“pi;programming_file.fuse” –non_volatile_key
//For virtual (volatile) eFuses quartus_pgm -c 1 -m jtag -o
“pi;programming_file.fuse”
You may use the following command to verify if the device root key hash is the
same as the .qky provided in the command:
quartus_pgm -c 1 -m jtag -o “v;root0_another.qky”
If the keys don’t match, the Programmer fails with an Operation failed error
message.
4.9. AES Root Key Provisioning
You must use a signed AES root key compact certificate to program an AES root
key to an Intel Agilex 7 device.
4.9.1. AES Root Key Compact Certificate
You use the quartus_pfg command line tool to convert your AES root key .qek
file into the compact certificate .ccert format. You specify the key storage
location while creating the compact certificate. You may use the quartus_pfg
tool to create an unsigned certificate for later signing. You must use a
signature chain with the AES root key certificate signing permission,
permission bit 6, enabled in order to successfully sign an AES root key
compact certificate.
Intel Agilex® 7 Device Security User Guide 32
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
1. Create an additional key pair used to sign AES key compact certificate
using one of the following command examples:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1
aesccert1_private.pem
quartus_sign –family=agilex –operation=make_public_pem aesccert1_private.pem
aesccert1_public.pem
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-
token –login –pin agilex-token-pin –keypairgen mechanism ECDSA-KEY-PAIR-GEN
–key-type EC:secp384r1 –usage-sign –label aesccert1 –id 2
2. Create a signature chain with the correct permission bit set using one of
the following commands:
quartus_sign –family=agilex –operation=append_key
–previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x40
–cancel=1 –input_pem=aesccert1_public.pem aesccert1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM
-module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname=root0
–previous_qky=root0.qky –permission=0x40 –cancel=1 –input_keyname=aesccert1
aesccert1_sign_chain.qky
3. Create an unsigned AES compact certificate for the desired AES root key
storage location. The following AES root key storage options are available:
· EFUSE_WRAPPED_AES_KEY
· IID_PUF_WRAPPED_AES_KEY
· UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
· BBRAM_IID_PUF_WRAPPED_AES_KEY
· BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
//Create eFuse AES root key unsigned certificate quartus_pfg –ccert -o
ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.ccert
4. Sign the compact certificate with the quartus_sign command or reference
implementation.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem
–qky=aesccert1_signchain.qky unsigned
quartus_sign –family=agilex –operation=sign –module=softHSM
–module_args=”–token_label=agilex-token –user_pin=agilex-token-pin
–hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”
Send Feedback
Intel Agilex® 7 Device Security User Guide 33
4. Device Provisioning 683823 | 2023.05.23
–keyname=aesccert1 –qky=aesccert1_signchain.qky unsigned
5. Use the Intel Quartus Prime Programmer to program the AES root key compact
certificate to the Intel Agilex 7 device via JTAG. The Intel Quartus Prime
Programmer defaults to program virtual eFuses when using the
EFUSE_WRAPPED_AES_KEY compact certificate type.
You add the –non_volatile_key option to specify programming physical fuses.
//For physical (non-volatile) eFuse AES root key quartus_pgm -c 1 -m jtag -o
“pi;signed_efuse1.ccert” –non_volatile_key
//For virtual (volatile) eFuse AES root key quartus_pgm -c 1 -m jtag -o “pi;signed_efuse1.ccert”
//For BBRAM AES root key quartus_pgm -c 1 -m jtag -o “pi;signed_bbram1.ccert”
The SDM provision firmware and main firmware support AES root key certificate programming. You may also use the SDM mailbox interface from the FPGA fabric or HPS to program an AES root key certificate.
Note:
The quartus_pgm command does not support options b and v for compact certificates(.ccert).
4.9.2. Intrinsic ID® PUF AES Root Key Provisioning
Implementing the Intrinsic* ID PUF wrapped AES Key includes the following
steps: 1. Enrolling the Intrinsic ID PUF via JTAG. 2. Wrapping the AES root
key. 3. Programming the helper data and wrapped key into quad SPI flash
memory. 4. Querying the Intrinsic ID PUF activation status.
Theuse of Intrinsic ID technology requires a separate license agreement with
Intrinsic ID. Intel Quartus Prime Pro Edition software restricts PUF
operations without the appropriate license, such as enrollment, key wrapping,
and PUF data programming to QSPI flash.
4.9.2.1. Intrinsic ID PUF Enrollment
To enroll the PUF, you must use the SDM provision firmware. The provision
firmware must be the first firmware loaded after a power cycle, and you must
issue the PUF enrollment command before any other command. The provision
firmware supports other commands after PUF enrollment, including AES root key
wrapping and programming quad SPI, however, you must power cycle the device to
load a configuration bitstream.
You use the Intel Quartus Prime Programmer to trigger PUF enrollment and
generate the PUF helper data .puf file.
Intel Agilex® 7 Device Security User Guide 34
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
Figure 7.
Intrinsic ID PUF Enrollment
quartus_pgm PUF Enrollment
Enrollment PUF helper data
Secure Device Manager (SDM)
wrapper.puf Helper Data
The Programmer automatically loads a provision firmware helper image when you
specify both the i operation and a .puf argument.
quartus_pgm -c 1 -m jtag -o “ei;help_data.puf;AGFB014R24A”
If you are using co-signed firmware, you program the co-signed firmware helper
image prior to using the PUF enrollment command.
quartus_pgm -c 1 -m jtag -o “p;signed_provision_helper_image.rbf” –force
quartus_pgm -c 1 -m jtag -o “e;help_data.puf;AGFB014R24A”
The UDS IID PUF is enrolled during device manufacturing, and is not available
for reenrollment. Instead, you use the Programmer to determine the location of
the UDS PUF helper data on IPCS, download the .puf file directly, and then use
the UDS .puf file in the same way as the .puf file extracted from an Intel
Agilex 7 device.
Use the following Programmer command to generate a text file containing a list
of URLs pointing to device-specific files on IPCS:
quartus_pgm -c 1 -m jtag -o “e;ipcs_urls.txt;AGFB014R24B” –ipcs_urls
4.9.2.2. Wrapping the AES Root Key
You generate the IID PUF wrapped AES root key .wkey file by sending a signed
certificate to the SDM.
You can use the Intel Quartus Prime Programmer to automatically generate,
sign, and send the certificate to wrap your AES root key, or you may use the
Intel Quartus Prime Programming File Generator to generate an unsigned
certificate. You sign the unsigned certificate using your own tools or the
Quartus signing tool. You then use the Programmer to send the signed
certificate and wrap your AES root key. The signed certificate may be used to
program all devices that can validate the signature chain.
Send Feedback
Intel Agilex® 7 Device Security User Guide 35
4. Device Provisioning 683823 | 2023.05.23
Figure 8.
Wrapping the AES Key Using the Intel Quartus Prime Programmer
.pem Private
Key
.qky
quartus_pgm
Wrap AES Key
AES.QSKigYnature RootCPhuabilnic Key
Generate PUF Wrapped Key
Wrapped AES Key
SDM
.qek Encryption
Key
.wkey PUF-Wrapped
AES Key
1. You may generate the IID PUF wrapped AES root key (.wkey) with the
Programmer using the following arguments:
· The .qky file containing a signature chain with AES root key certificate
permission
· The private .pem file for the last key in the signature chain
· The .qek file holding the AES root key
· The 16-byte initialization vector (iv).
quartus_pgm -c 1 -m jtag –qky_file=aes0_sign_chain.qky –pem_file=aes0_sign_private.pem –qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”
2. Alternatively, you may generate an unsigned IID PUF wrapping AES root key certificate with the Programming File Generator using the following arguments:
quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert
3. You sign the unsigned certificate with your own signing tools or the quartus_sign tool using the following command:
quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert signed_aes.ccert
4. You then use the Programmer to send the signed AES certificate and return the wrapped key (.wkey) file:
quarts_pgm -c 1 -m jtag –ccert_file=signed_aes.ccert -o “ei;aes.wkey;AGFB014R24A”
Note: The i operation is not necessary if you previously loaded the provision firmware helper image, for example, to enroll the PUF.
4.9.2.3. Programming Helper Data and Wrapped Key to QSPI Flash Memory
You use the Quartus Programming File Generator graphical interface to build an
initial QSPI flash image containing a PUF partition. You must generate and
program an entire flash programming image to add a PUF partition to the QSPI
flash. Creation of the PUF
Intel Agilex® 7 Device Security User Guide 36
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
Figure 9.
data partition and use of the PUF helper data and wrapped key files for flash
image generation is not supported through the Programming File Generator
command line interface.
The following steps demonstrate building a flash programming image with the
PUF helper data and wrapped key:
1. On the File menu, click Programming File Generator. On the Output Files
tab make the following selections:
a. For Device Family select Agilex 7.
b. For Configuration mode select Active Serial x4.
c. For Output directory browse to your output file directory. This example
uses output_files.
d. For Name, specify a name for the programming file to be generated. This
example uses output_file.
e. Under Description select the programming files to generate. This example
generates the JTAG Indirect configuration File (.jic) for device configuration
and the Raw Binary File of Programming Helper Image (.rbf) for device helper
image. This example also selects the optional Memory Map File (.map) and Raw
Programming Data File (.rpd). The raw programming data file is necessary only
if you plan to use a third-party programmer in the future.
Programming File Generator – Output Files Tab – Select JTAG Indirect
Configuration
Device Family Configuration mode
Output file tab
Output directory
JTAG Indirect (.jic) Memory Map File Programming Helper Raw Programming Data
On the Input Files tab, make the following selections: 1. Click Add Bitstream
and browse to your .sof. 2. Select your .sof file and then click Properties.
Send Feedback
Intel Agilex® 7 Device Security User Guide 37
4. Device Provisioning 683823 | 2023.05.23
a. Turn on Enable signing tool. b. For Private key file select your .pem file.
c. Turn on Finalize encryption. d. For Encryption key file select your .qek
file. e. Click OK to return to the prior window. 3. To specify your PUF helper
data file, click Add Raw Data. Change the Files of type drop-down menu to
Quartus Physical Unclonable Function File (.puf). Browse to your .puf file.
If you are using both the IID PUF and the UDS IID PUF, repeat this step so
that .puf files for each PUF are added as input files. 4. To specify your
wrapped AES key file, click Add Raw Data. Change the Files of type drop-down
menu to Quartus Wrapped Key File (.wkey). Browse to your .wkey file. If you
have wrapped AES keys using both the IID PUF and the UDS IID PUF, repeat this
step so that .wkey files for each PUF are added as input files.
Figure 10. Specify Input Files for Configuration, Authentication, and
Encryption
Add Bitstream Add Raw Data
Properties
Private key file
Finalize encryption Encryption key
On the Configuration Device tab, make the following selections: 1. Click Add
Device and select your flash device from the list of available flash
devices. 2. Select the configuration device you have just added and click Add
Partition. 3. In the Edit Partition dialog box for the Input file and select
your .sof from the
dropdown list. You can retain the defaults or edit the other parameters in the
Edit Partition dialog box.
Intel Agilex® 7 Device Security User Guide 38
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
Figure 11. Specifying your .sof Configuration Bitstream Partition
Configuration Device
Edit Partition Add .sof file
Add Partition
4. When you add the .puf and .wkey as input files, the Programming File
Generator automatically creates a PUF partition in your Configuration Device.
To store the .puf and .wkey in the PUF partition, select the PUF partition and
click Edit. In the Edit Partition dialog box, select your .puf and .wkey files
from the dropdown lists. If you remove the PUF partition, you must remove and
re-add the configuration device for the Programming File Generator to create
another PUF partition. You must ensure that you select the correct .puf and
.wkey file for the IID PUF and UDS IID PUF, respectively.
Figure 12. Add the .puf and .wkey files to the PUF Partition
PUF Partition
Edit
Edit Partition
Flash Loader
Select Generate
5. For the Flash Loader parameter select the Intel Agilex 7 device family and device name that matches your Intel Agilex 7 OPN.
Send Feedback
Intel Agilex® 7 Device Security User Guide 39
4. Device Provisioning 683823 | 2023.05.23
6. Click Generate to generate the output files that you specified on the
Output Files tab.
7. The Programming File Generator reads your .qek file and prompts you for
your passphrase. Type your passphrase in response to the Enter QEK passphrase
prompt. Click the Enter key.
8. Click OK when the Programming File Generator reports successful
generation.
You use the Intel Quartus Prime Programmer to write the QSPI programming image
to QSPI flash memory. 1. On the Intel Quartus Prime Tools menu select
Programmer. 2. In the Programmer, click Hardware Setup and then select a
connected Intel
FPGA Download Cable. 3. Click Add File and browse to your .jic file.
Figure 13. Program .jic
Programming file
Program/ Configure
JTAG scan chain
4. Unselect the box associated with the Helper image. 5. Select
Program/Configure for the .jic output file. 6. Turn on Start button to program
your quad SPI flash memory. 7. Power cycle your board. The design programmed
to the quad SPI flash memory
device subsequently loads into the target FPGA.
You must generate and program an entire flash programming image to add a PUF
partition to the quad SPI flash.
When a PUF partition already exists in the flash, it is possible to use
theIntel Quartus Prime Programmer to directly access the PUF helper data and
wrapped key files. For example, if activation is unsuccessful, it is possible
to re-enroll the PUF, re-wrap the AES key, and subsequently only program the
PUF files without having to overwrite the entire flash.
Intel Agilex® 7 Device Security User Guide 40
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
The Intel Quartus Prime Programmer supports the following operation argument
for PUF files in a pre-existing PUF partition:
· p: program
· v: verify
· r: erase
· b: blank check
You must follow the same restrictions for PUF enrollment, even if a PUF
partition exists.
1. Use the i operation argument to load the provision firmware helper image
for the first operation. For example, the following command sequence re-
enrolls the PUF, re-wrap the AES root key, erase the old PUF helper data and
wrapped key, then program and verify the new PUF helper data and AES root key.
quartus_pgm -c 1 -m jtag -o “ei;new.puf;AGFB014R24A” quartus_pgm -c 1 -m jtag
–ccert_file=signed_aes.ccert -o “e;new.wkey;AGFB014R24A” quartus_pgm -c 1 -m
jtag -o “r;old.puf” quartus_pgm -c 1 -m jtag -o “r;old.wkey” quartus_pgm -c 1
-m jtag -o “p;new.puf” quartus_pgm -c 1 -m jtag -o “p;new.wkey” quartus_pgm -c
1 -m jtag -o “v;new.puf” quartus_pgm -c 1 -m jtag -o “v;new.wkey”
4.9.2.4. Querying Intrinsic ID PUF Activation Status
After you enroll the Intrinsic ID PUF, wrap an AES key, generate the flash
programming files, and update the quad SPI flash, you power cycle your device
to trigger PUF activation and configuration from the encrypted bitstream. The
SDM reports the PUF activation status along with the configuration status. If
PUF activation fails, the SDM instead reports the PUF error status. Use the
quartus_pgm command to query the configuration status.
1. Use the following command to query the activation status:
quartus_pgm -c 1 -m jtag –status –status_type=”CONFIG”
Here is sample output from a successful activation:
Info (21597): Response of CONFIG_STATUS Device is running in user mode
00006000 RESPONSE_CODE=OK, LENGTH=6 00000000 STATE=IDLE 00160300 Version
C000007B MSEL=QSPI_NORMAL, nSTATUS=1, nCONFIG=1, VID=1,
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0,
SEU_ERROR=1 00000000 Error location 00000000 Error details Response of
PUF_STATUS 00002000 RESPONSE_CODE=OK, LENGTH=2 00000500 USER_IID
STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID
STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0
Send Feedback
Intel Agilex® 7 Device Security User Guide 41
4. Device Provisioning 683823 | 2023.05.23
If you are only using either the IID PUF or the UDS IID PUF, and have not
programmed a helper data .puf file for either PUF in the QSPI flash, that PUF
does not get activated and the PUF status reflects that PUF helper data is not
valid. The following example shows the PUF status when the PUF helper data was
not programmed for either PUF:
Response of PUF_STATUS 00002000 RESPONSE_CODE=OK, LENGTH=2 00000002 USER_IID
STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID
STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0
4.9.2.5. Location of the PUF in Flash Memory
The location of the PUF file is different for designs that support RSU and
designs that do not support the RSU feature.
For designs that do not support RSU, you must include the .puf and .wkey files when you create updated flash images. For designs that support RSU, the SDM does not overwrite the PUF data sections during factory or application image updates.
Table 2.
Flash Sub-Partitions Layout without RSU Support
Flash Offset (in bytes)
Size (in bytes)
Contents
Description
0K 256K
256K 256K
Configuration Management Firmware Configuration Management Firmware
Firmware that runs on SDM.
512K
256K
Configuration Management Firmware
768K
256K
Configuration Management Firmware
1M
32K
PUF data copy 0
Data structure for storing PUF helper data and PUF-wrapped AES root key copy 0
1M+32K
32K
PUF data copy 1
Data structure for storing PUF helper data and PUF-wrapped AES root key copy 1
Table 3.
Flash Sub-Partitions Layout with RSU Support
Flash Offset (in bytes)
Size (in bytes)
Contents
Description
0K 512K
512K 512K
Decision firmware Decision firmware
Firmware to identify and load the highest priority image.
1M 1.5M
512K 512K
Decision firmware Decision firmware
2M
8K + 24K
Decision firmware data
Padding
Reserved for Decision firmware use.
2M + 32K
32K
Reserved for SDM
Reserved for SDM.
2M + 64K
Variable
Factory image
A simple image that you create as a backup if all other application images fail to load. This image includes the CMF that runs on the SDM.
Next
32K
PUF data copy 0
Data structure for storing PUF helper data and PUF-wrapped AES root key copy 0
continued…
Intel Agilex® 7 Device Security User Guide 42
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
Flash Offset (in bytes)
Size (in bytes)
Next +32K 32K
Contents PUF data copy 1
Next + 256K 4K Next +32K 4K Next +32K 4K
Sub-partition table copy 0 Sub-partition table copy 1 CMF pointer block copy 0
Next +32K _
CMF pointer block copy 1
Variable Variable
Variable Variable
Application image 1 Application image 2
4.9.3. Black Key Provisioning
Description
Data structure for storing PUF helper data and PUF-wrapped AES root key copy 1
Data structure to facilitate the management of the flash storage.
A list of pointers to application images in order of priority. When you add an
image, that image becomes the highest.
A second copy of the list of pointers to application images.
Your first application image.
Your second application image.
Note:
TheIntel Quartus PrimeProgrammer assists in establishing a mutually
authenticated secure connection between theIntel Agilex 7device and the black
key provisioning service. The secure connection is established via https and
requires several certificates identified using a text file.
When using Black Key Provisioning, Intel recommends that you avoid externally
connecting the TCK pin to pull up or pull down a resistor while still using it
for JTAG. However, you may connect the TCK pin to the VCCIO SDM power supply
using a 10 k resistor. The existing guidance in the Pin Connection Guidelines
to connect TCK to a 1 k pull-down resistor is included for noise suppression.
The change in guidance to a 10 k pull-up resistor doesn’t affect the device
functionally. For more information about connecting the TCK pin, refer to
Intel Agilex 7 Pin Connection Guidelines.
Thebkp_tls_ca_certcertificate authenticates your black key provisioning
service instance to your black key provisioning programmer instance.
Thebkptls*certificates authenticate your black key provisioning programmer
instance to your black key provisioning service instance.
You create a text file containing the necessary information for theIntel
Quartus Prime Programmer to connect to the black key provisioning service. To
initiate black key provisioning, use the Programmer command line interface to
specify the black key provisioning options text file. The black key
provisioning then proceeds automatically. For access to the black key
provisioning service and associated documentation, please contact Intel
Support.
You can enable the black key provisioning using thequartus_pgmcommand:
quartus_pgm -c
The command arguments specify the following information:
Send Feedback
Intel Agilex® 7 Device Security User Guide 43
4. Device Provisioning 683823 | 2023.05.23
· -c: cable number · -m: specifies the programming mode such as JTAG ·
–device: specifies a device index on the JTAG chain. Default value is 1. ·
–bkp_options: specifies a text file containing black key provisioning options.
Related Information Intel Agilex 7 Device Family Pin Connection Guidelines
4.9.3.1. Black Key Provisioning Options
The black key provisioning options is a text file passed to the Programmer
through the quartus_pgm command. The file contains required information to
trigger black key provisioning.
The following is an example of the bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert =
root.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pem
bkp_tls_prog_key_pass = 1234 bkp_proxy_address = https://192.167.5.5:5000
bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password
Table 4.
Black Key Provisioning Options
This table displays the options required to trigger black key provisioning.
Option Name
Type
Description
bkp_ip
Required
Specifies the server IP address running the black key provisioning service.
bkp_port
Required
Specifies black key provisioning service port required to connect to the server.
bkp_cfg_id
Required
Identifies the black key provisioning configuration flow ID.
Black key provisioning service creates the black key provisioning
configuration flows including an AES root key, desired eFuse settings, and
other black key provisioning authorization options. The number assigned during
the black key provisioning service setup identifies the black key provisioning
configuration flows.
Note: Multiple devices may refer to the same black key provisioning service
configuration flow.
bkp_tls_ca_cert
Required
The root TLS certificate used to identify the black key provisioning services
to the Intel Quartus Prime Programmer (Programmer). A trusted Certificate
Authority for the black key provisioning service instance issues this
certificate.
If you run the Programmer on a computer with Microsoft® Windows® operating
system (Windows), you must install this certificate in the Windows certificate
store.
bkp_tls_prog_cert
Required
A certificate created for the instance of the black key provisioning
Programmer (BKP Programmer). This is the https client certificate used to
identify this BKP programmer instance
continued…
Intel Agilex® 7 Device Security User Guide 44
Send Feedback
4. Device Provisioning 683823 | 2023.05.23
Option Name
Type
bkp_tls_prog_key
Required
bkp_tls_prog_key_pass Optional
bkp_proxy_address bkp_proxy_user bkp_proxy_password
Optional Optional Optional
Description
to the black key provisioning service. You must install and authorize this
certificate in the black key provisioning service prior to initiating a black
key provisioning session. If you run the Programmer on Windows, this option is
not available. In this case, the bkp_tls_prog_key already includes this
certificate.
The private key corresponding to the BKP Programmer certificate. The key
validates the identity of the BKP Programmer instance to black key
provisioning service. If you run the Programmer on Windows, the .pfx file
combines the bkp_tls_prog_cert certificate and the private key. The
bkp_tlx_prog_key option passes the .pfx file in the bkp_options.txt file.
The password for the bkp_tls_prog_key private key. Not required in the black
key provisioning configuration options (bkp_options.txt) text file.
Specifies the proxy server URL address.
Specifies the proxy server username.
Specifies the proxy authentication password.
4.10. Converting Owner Root Key, AES Root Key Certificates, and Fuse files to Jam STAPL File Formats
You may use the quartus_pfg command-line command to convert .qky, AES root key .ccert, and .fuse files to Jam STAPL Format File (.jam) and Jam Byte Code Format File (.jbc). You can use these files to program Intel FPGAs using the Jam STAPL Player and the Jam STAPL Byte-Code Player, respectively.
A single .jam or .jbc contains several functions including a firmware helper image configuration and program, blank check, and verification of key and fuse programming.
Caution:
When you convert the AES root key .ccert file to .jam format, the .jam file contains the AES key in plaintext but obfuscated form. Consequently, you must protect the .jam file when storing the AES key. You can do this by provisioning the AES key in a secure environment.
Here are examples of quartus_pfg conversion commands:
quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jam quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jbc quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device=AGFB014R24A settings.fuse settings_fuse.jam quartus_pfg -c -o helper_device=AGFB014R24A settings.fuse settings_fuse.jbc
For more information about the using the Jam STAPL Player for device programming refer to AN 425: Using the Command-Line Jam STAPL Solution for Device Programming.
Send Feedback
Intel Agilex® 7 Device Security User Guide 45
4. Device Provisioning 683823 | 2023.05.23
Run the following commands to program the owner root public key and AES
encryption key:
//To load the helper bitstream into the FPGA. // The helper bitstream include
provision firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//To program the owner root public key into virtual eFuses quartus_jli -c 1 -a
PUBKEY_PROGRAM RootKey.jam
//To program the owner root public key into physical eFuses quartus_jli -c 1
-a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//To program the PR owner root public key into virtual eFuses quartus_jli -c 1
-a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//To program the PR owner root public key into physical eFuses quartus_jli -c
1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e
DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//To program the AES encryption key CCERT into BBRAM quartus_jli -c 1 -a
CCERT_PROGRAM EncKeyBBRAM.jam
//To program the AES encryption key CCERT into physical eFuses quartus_jli -c
1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Related Information AN 425: Using the Command-Line Jam STAPL Solution for
Device Programming
Intel Agilex® 7 Device Security User Guide 46
Send Feedback
683823 | 2023.05.23 Send Feedback
Advanced Features
5.1. Secure Debug Authorization
To enable Secure Debug Authorization, the debug owner needs to generate an
authentication key pair and use the Intel Quartus Prime Pro Programmer to
generate a device information file for the device that runs the debug image:
quartus_pgm -c 1 -m jtag -o “ei;device_info.txt;AGFB014R24A” –dev_info
The device owner uses the quartus_sign tool or the reference implementation to
append a conditional public key entry to a signature chain intended for debug
operations using the public key from the debug owner, the necessary
authorizations, the device information text file, and applicable further
restrictions:
quartus_sign –family=agilex –operation=append_key
–previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky
–permission=0x6 –cancel=1 –dev_info=device_info.txt –restriction=”1,2,17,18″
–input_pem=debug_authorization_public_key.pem secure_debug_auth_chain.qky
The device owner sends the full signature chain back to the debug owner, who
uses the signature chain and their private key to sign the debug image:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky
–pem=debug_authorization_private_key.pem unsigned_debug_design.rbf
authorized_debug_design.rbf
You may use the quartus_pfg command to inspect the signature chain of each
section of this signed secure debug bitstream as follows:
quartus_pfg –check_integrity authorized_debug_design.rbf
The output of this command prints the restriction values 1,2,17,18 of the
conditional public key that was used to generate the signed bitstream.
The debug owner can then program the securely authorized debug design:
quartus_pgm -c 1 -m jtag -o “p;authorized_debug_design.rbf”
The device owner may revoke the secure debug authorization by canceling the
explicit key cancellation ID assigned in the secure debug authorization
signature chain.
5.2. HPS Debug Certificates
Enabling only authorized access to the HPS debug access port (DAP) via JTAG
interface requires several steps:
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
5. Advanced Features 683823 | 2023.05.23
1. Click the Intel Quartus Prime software Assignments menu and select Device
Device and Pin Options Configuration tab.
2. In the Configuration tab, enable the HPS debug access port (DAP) by
selecting either HPS Pins or SDM Pins from the dropdown menu, and ensuring the
Allow HPS debug without certificates checkbox is not selected.
Figure 14. Specify Either HPS or SDM Pins for the HPS DAP
HPS debug access port (DAP)
Alternatively, you may set the assignment below in the Quartus Prime Settings
.qsf file:
set_global_assignment -name HPS_DAP_SPLIT_MODE “SDM PINS”
3. Compile and load the design with these settings. 4. Create a signature
chain with the appropriate permissions to sign an HPS debug
certificate:
quartus_sign –family=agilex –operation=append_key
–previous_pem=root_private.pem –previous_qky=root.qky –permission=0x8
–cancel=1 –input_pem=hps_debug_cert_public_key.pem
hps_debug_cert_sign_chain.qky
5. Request an unsigned HPS debug certificate from the device where the debug
design is loaded:
quartus_pgm -c 1 -m jtag -o “e;unsigned_hps_debug.cert;AGFB014R24A”
6. Sign the unsigned HPS debug certificate using the quartus_sign tool or
reference implementation and the HPS debug signature chain:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky
–pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert
signed_hps_debug.cert
Intel Agilex® 7 Device Security User Guide 48
Send Feedback
5. Advanced Features 683823 | 2023.05.23
7. Send the signed HPS debug certificate back to the device to enable access
to the HPS debug access port (DAP):
quartus_pgm -c 1 -m jtag -o “p;signed_hps_debug.cert”
The HPS debug certificate is only valid from the time it was generated until
the next power cycle of the device or until a different type or version of SDM
firmware is loaded. You must generate, sign, and program the signed HPS debug
certificate, and perform all debug operations, prior to power cycling the
device. You may invalidate the signed HPS debug certificate by power cycling
the device.
5.3. Platform Attestation
You can generate a reference integrity manifest (.rim) file using the
programming file generator tool:
quartus_pfg -c signed_encrypted_top.rbf top_rim.rim
Follow these steps to ensure the platform attestation in your design: 1. Use
the Intel Quartus Prime Pro Programmer to configure your device with the
design you created a reference integrity manifest for. 2. Use a platform
attestation verifier to enroll the device by issuing commands to the
SDM via the SDM mailbox to create the device ID certificate and firmware
certificate on reload. 3. Use the Intel Quartus Prime Pro Programmer to
reconfigure your device with the design. 4. Use the platform attestation
verifier to issue commands to the SDM to get the attestation device ID,
firmware, and alias certificates. 5. Use the attestation verifier to issue the
SDM mailbox command to get the attestation evidence and the verifier checks
the returned evidence.
You may implement your own verifier service using the SDM mailbox commands, or
use the Intel platform attestation verifier service. For more information
about Intel platform attestation verifier service software, availability, and
documentation, contact Intel Support.
Related Information Intel Agilex 7 Device Family Pin Connection Guidelines
5.4. Physical Anti-Tamper
You enable the physical anti-tamper features using the following steps: 1.
Selecting the desired response to a detected tamper event 2. Configuring the
desired tamper detection methods and parameters 3. Including the anti-tamper
IP in your design logic to help manage anti-tamper
events
Send Feedback
Intel Agilex® 7 Device Security User Guide 49
5. Advanced Features 683823 | 2023.05.23
5.4.1. Anti-Tamper Responses
You enable physical anti-tamper by selecting a response from the Anti-tamper
response: dropdown list on the Assignments Device Device and Pin Options
Security Anti-Tamper tab. By default, the anti-tamper response is disabled.
Five categories of anti-tamper response are available. When you select your
desired response, the options to enable one or more detection methods are
enabled.
Figure 15. Available Anti-Tamper Response Options
The corresponding assignment in the Quartus Prime settings .gsf file is the
following:
set_global_assignment -name ANTI_TAMPER_RESPONSE “NOTIFICATION DEVICE WIPE
DEVICE LOCK AND ZEROIZATION”
When you enable an anti-tamper response, you may choose two available SDM
dedicated I/O pins to output the tamper event detection and response status
using the Assignments Device Device and Pin Options Configuration
Configuration Pin Options window.
Intel Agilex® 7 Device Security User Guide 50
Send Feedback
5. Advanced Features 683823 | 2023.05.23
Figure 16. Available SDM dedicated I/O Pins for Tamper Event Detection
You may also make the following pin assignments in the settings file: set_global_assignment -name USE_TAMPER_DETECT SDM_IO15 set_global_assignment -name ANTI_TAMPER_RESPONSE_FAILED SDM_IO16
5.4.2. Anti-Tamper Detection
You may individually enable the frequency, temperature, and voltage detection features of the SDM. FPGA detection depends on including the Anti-Tamper Lite Intel FPGA IP in your design.
Note:
SDM frequency and voltage tamper detection methods are dependent on internal references and measurement hardware that can vary across devices. Intel recommends that you characterize the behavior of tamper detection settings.
Send Feedback
Intel Agilex® 7 Device Security User Guide 51
5. Advanced Features 683823 | 2023.05.23
Frequency tamper detection operates on the configuration clock source. To
enable frequency tamper detection, you must specify an option other than
Internal Oscillator in the Configuration clock source dropdown on the
Assignments Device Device and Pin Options General tab. You must ensure that
the Run configuration CPU from internal oscillator checkbox is enabled prior
to enabling the frequency tamper detection. Figure 17. Setting the SDM to
Internal Oscillator
To enable frequency tamper detection, select the Enable frequency tamper
detection checkbox and select the desired Frequency tamper detection range
from the dropdown menu. Figure 18. Enabling Frequency Tamper Detection
Intel Agilex® 7 Device Security User Guide 52
Send Feedback
5. Advanced Features 683823 | 2023.05.23
Alternatively, you may enable Frequency Tamper Detection by making the
following changes to the Quartus Prime Settings .qsf file:
set_global_assignment -name AUTO_RESTART_CONFIGURATION OFF
set_global_assignment -name DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ
set_global_assignment -name RUN_CONFIG_CPU_FROM_INT_OSC ON
set_global_assignment -name ENABLE_FREQUENCY_TAMPER_DETECTION ON
set_global_assignment -name FREQUENCY_TAMPER_DETECTION_RANGE 35
To enable temperature tamper detection, select the Enable temperature tamper
detection checkbox and select the desired temperature upper and lower bounds
in the corresponding fields. The upper and lower bounds are populated by
default with the related temperature range for the device selected in the
design.
To enable voltage tamper detection, you select either or both of the Enable
VCCL voltage tamper detection or Enable VCCL_SDM voltage tamper detection
checkboxes and select the desired Voltage tamper detection trigger percentage
in the corresponding field.
Figure 19. Enabling Voltage Tamper Detection
Alternatively, you may enable Voltage Tamper Detection by specifying the
following assignments in the .qsf file:
set_global_assignment -name ENABLE_TEMPERATURE_TAMPER_DETECTION ON
set_global_assignment -name TEMPERATURE_TAMPER_UPPER_BOUND 100
set_global_assignment -name ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION ON
set_global_assignment -name ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION ON
5.4.3. Anti-Tamper Lite Intel FPGA IP
The Anti-Tamper Lite Intel FPGA IP, available in the IP catalog in Intel
Quartus Prime Pro Edition software, facilitates bidirectional communication
between your design and the SDM for tamper events.
Send Feedback
Intel Agilex® 7 Device Security User Guide 53
Figure 20. Anti-Tamper Lite Intel FPGA IP
5. Advanced Features 683823 | 2023.05.23
The IP provides the following signals that you connect to your design as needed:
Table 5.
Anti-Tamper Lite Intel FPGA IP I/O Signals
Signal Name
Direction
Description
gpo_sdm_at_event gpi_fpga_at_event
Output Input
SDM signal to FPGA fabric logic that an SDM has detected a tamper event. The
FPGA logic has approximately 5ms to perform any desired cleaning and respond
to the SDM via gpi_fpga_at_response_done and gpi_fpga_at_zeroization_done. The
SDM proceeds with the tamper response actions when gpi_fpga_at_response_done
is asserted or after no response is received in the allotted time.
FPGA interrupt to SDM that your designed anti-tamper detection circuitry has
detected a tamper event and the SDM tamper response should be triggered.
gpi_fpga_at_response_done
Input
FPGA interrupt to SDM that FPGA logic has performed desired cleaning.
gpi_fpga_at_zeroization_d one
Input
FPGA signal to SDM that FPGA logic has completed any desired zeroization of design data. This signal is sampled when gpi_fpga_at_response_done is asserted.
5.4.3.1. Release Information
The IP versioning scheme (X.Y.Z) number changes from one software version to
another. A change in:
· X indicates a major revision of the IP. If you update your Intel Quartus
Prime software, you must regenerate the IP.
· Y indicates the IP includes new features. Regenerate your IP to include
these new features.
· Z indicates the IP includes minor changes. Regenerate your IP to include
these changes.
Table 6.
Anti-Tamper Lite Intel FPGA IP Release Information
IP Version
Item
Description 20.1.0
Intel Quartus Prime Version
21.2
Release Date
2021.06.21
Intel Agilex® 7 Device Security User Guide 54
Send Feedback
5. Advanced Features 683823 | 2023.05.23
5.5. Using Design Security Features with Remote System Update
Remote System Update (RSU) is an Intel Agilex 7 FPGAs feature that assists in
updating configuration files in a robust way. RSU is compatible with design
security features such as authentication, firmware co-signing, and bitstream
encryption as RSU does not depend on the design contents of configuration
bitstreams.
Building RSU Images with .sof Files
If you are storing private keys on your local filesystem, you may generate RSU
images with design security features using a simplified flow with .sof files
as inputs. To generate RSU images with the .sof file, you may follow the
instructions in Section Generating Remote System Update Image Files Using the
Programming File Generator of the Intel Agilex 7 Configuration User Guide. For
every .sof file specified on the Input Files tab, click the Properties… button
and specify the appropriate settings and keys for the signing and encryption
tools. The programming file generator tool automatically signs and encrypts
factory and application images while creating the RSU programming files.
Alternatively, if you are storing private keys in an HSM, you must use the
quartus_sign tool and therefore use .rbf files. The rest of this section
details the changes in the flow to generate RSU images with .rbf files as
inputs. You must encrypt and sign .rbf format files prior to selecting them as
input files for RSU images; however, the RSU boot info file must not be
encrypted and instead only be signed. The Programming File Generator does not
support modifying properties of .rbf format files.
The following examples demonstrate the necessary modifications to the commands
in Section Generating Remote System Update Image Files Using the Programming
File Generator of the Intel Agilex 7 Configuration User Guide.
Generating the Initial RSU Image Using .rbf Files: Command Modification
From Generating the Initial RSU Image Using .rbf Files section, modify the
commands in Step 1. to enable the design security features as desired using
instructions from earlier sections of this document.
For example, you would specify a signed firmware file if you were using
firmware cosigning, then use the Quartus encryption tool to encrypt each .rbf
file, and finally use the quartus_sign tool to sign each file.
In step 2, if you have enabled firmware co-signing, you must use an additional
option in the creation of the boot .rbf from the factory image file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o
fw_source=signed_agilex.zip
After you create the boot info .rbf file, use the quartus_sign tool to sign
the .rbf file. You must not encrypt the boot info .rbf file.
Send Feedback
Intel Agilex® 7 Device Security User Guide 55
5. Advanced Features 683823 | 2023.05.23
Generating an Application Image: Command Modification
To generate an application image with design security features, you modify the
command in Generating an Application Image to use a .rbf with design security
features enabled, including co-signed firmware if required, instead of the
original application .sof file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf
secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Generating a Factory Update Image: Command Modification
After you create the boot info .rbf file, you use the quartus_sign tool to
sign the .rbf file. You must not encrypt the boot info .rbf file.
To generate an RSU factory update image, you modify the command from
Generating a Factory Update Image to use a .rbf file with design security
features enabled and add the option to indicate the co-signed firmware usage:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf
secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o
fw_source=signed_agilex.zip
Related Information Intel Agilex 7 Configuration User Guide
5.6. SDM Cryptographic Services
The SDM on Intel Agilex 7 devices provides cryptographic services that FPGA
fabric logic or the HPS may request via the respective SDM mailbox interface.
For more information about the mailbox commands and data formats for all SDM
cryptographic services, refer to Appendix B in the Security Methodology for
Intel FPGAs and Structured ASICs User Guide.
To access the SDM mailbox interface to FPGA fabric logic for SDM cryptographic
services, you must instantiate the Mailbox Client Intel FPGA IP in your
design.
Reference code to access to the SDM mailbox interface from the HPS is included
in the ATF and Linux code provided by Intel.
Related Information Mailbox Client Intel FPGA IP User Guide
5.6.1. Vendor Authorized Boot
Intel provides a reference implementation for HPS software that utilizes the
vendor authorized boot feature to authenticate HPS boot software from the
first stage boot loader through to the Linux kernel.
Related Information Intel Agilex 7 SoC Secure Boot Demo Design
Intel Agilex® 7 Device Security User Guide 56
Send Feedback
5. Advanced Features 683823 | 2023.05.23
5.6.2. Secure Data Object Service
You send the commands through the SDM mailbox to perform SDOS object
encryption and decryption. You may use the SDOS feature after provisioning the
SDOS root key.
Related Information Secure Data Object Service Root Key Provisioning on page
30
5.6.3. SDM Cryptographic Primitive Services
You send the commands through the SDM mailbox to initiate SDM cryptographic
primitive service operations. Some cryptographic primitive services require
that more data be transferred to and from the SDM than the mailbox interface
can accept. In these cases, the command of the format changes to provide
pointers to data in memory. Additionally, you must change the instantiation of
the Mailbox Client Intel FPGA IP to use SDM cryptographic primitive services
from the FPGA fabric logic. You must additionally set the Enable Crypto
Service parameter to 1 and connect the newly exposed AXI initiator interface
to a memory in your design.
Figure 21. Enabling SDM Cryptographic Services in the Mailbox Client Intel
FPGA IP
5.7. Bitstream Security Settings (FM/S10)
FPGA Bitstream Security options are a collection of policies that restrict the
specified feature or mode of operation within a defined period.
Bitstream Security options consist of flags that you set in Intel Quartus
Prime Pro Edition software. These flags are automatically copied into the
configuration bitstreams.
You may permanently enforce security options on a device through the use of
the corresponding security setting eFuse.
To use any security settings in the configuration bitstream or device eFuses,
you must enable the authentication feature.
Send Feedback
Intel Agilex® 7 Device Security User Guide 57
5. Advanced Features 683823 | 2023.05.23
5.7.1. Selecting and Enabling Security Options
To select and enable security options, do as follows: From the Assignments
menu, select Device Device and Pin Options Security More Options… Figure 22.
Selecting and Enabling Security Options
And then select the values from the drop-down lists for the security options
that you want to enable as shown in the following example:
Figure 23. Selecting Values for Security Options
Intel Agilex® 7 Device Security User Guide 58
Send Feedback
5. Advanced Features 683823 | 2023.05.23
The following are the corresponding changes in the Quartus Prime Settings .qsf
file:
set_global_assignment -name SECU_OPTION_DISABLE_JTAG “ON CHECK”
set_global_assignment -name SECU_OPTION_FORCE_ENCRYPTION_KEY_UPDATE “ON
STICKY” set_global_assignment -name SECU_OPTION_FORCE_SDM_CLOCK_TO_INT_OSC ON
set_global_assignment -name SECU_OPTION_DISABLE_VIRTUAL_EFUSES ON
set_global_assignment -name SECU_OPTION_LOCK_SECURITY_EFUSES ON
set_global_assignment -name SECU_OPTION_DISABLE_HPS_DEBUG ON
set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON
set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON
set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON
set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON
set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM ON
set_global_assignment -name SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY ON
Send Feedback
Intel Agilex® 7 Device Security User Guide 59
683823 | 2023.05.23 Send Feedback
Troubleshooting
This chapter describes common errors and warning messages that you may
encounter while trying to use device security features and measures to resolve
them.
6.1. Using Quartus Commands in a Windows Environment Error
Error quartus_pgm: command not found Description This error displays when
attempting to use Quartus commands in a NIOS II Shell in a Windows environment
by using WSL. Resolution This command works in Linux environment; For Windows
hosts, use the following command: quartus_pgm.exe -h Similarly, apply the same
syntax to other Quartus Prime commands such as quartus_pfg, quartus_sign,
quartus_encrypt among other commands.
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
6. Troubleshooting 683823 | 2023.05.23
6.2. Generating a Private Key Warning
Warning:
The specified password is considered insecure. Intel recommends that at least 13 characters of password be used. You are recommended to change the password by using the OpenSSL executable.
openssl ec -in -out
Description
This warning is related to the password strength and displays when trying to
generate a private key by issuing the following commands:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp3841 root.pem
Resolution Use the openssl executable to specify a longer and thus stronger password.
Send Feedback
Intel Agilex® 7 Device Security User Guide 61
6. Troubleshooting 683823 | 2023.05.23
6.3. Adding a Signing Key to the Quartus Project Error
Error …File contains root key information…
Description
After adding a signing key .qky file to the Quartus project, you need to re-
assemble the .sof file. When you add this regenerated .sof file to the
selected device by using Quartus Programmer, the following error message
indicates that the file contains root key information:
Failed to add
Resolution
Use the Quartus Programming file generator to convert the file into a signed
Raw Binary File .rbf for configuration.
Related Information Signing Configuration Bitstream Using the quartus_sign
Command on page 13
Intel Agilex® 7 Device Security User Guide 62
Send Feedback
6. Troubleshooting 683823 | 2023.05.23
6.4. Generating Quartus Prime Programming File was Unsuccessful
Error
Error (20353): X of public key from QKY does not match with private key from
PEM file.
Error (20352): Failed to sign the bitstream through python script
agilex_sign.py.
Error: Quartus Prime Programming File Generator was unsuccessful.
Description If you try to sign a configuration bitstream using an incorrect
private key .pem file or a .pem file that does not match the .qky added to the
project, the above common errors display. Resolution Ensure that you use the
correct private key .pem to sign the bitstream.
Send Feedback
Intel Agilex® 7 Device Security User Guide 63
6. Troubleshooting 683823 | 2023.05.23
6.5. Unknown Argument Errors
Error
Error (23028): Unknown argument “ûc”. Refer to –help for legal arguments.
Error (213008): Programming option string “ûp” is illegal. Refer to –help for
legal programming option formats.
Description If you copy and paste command-line options from a .pdf file in the
Windows NIOS II Shell, you may encounter Unknown argument errors as shown
above. Resolution In such cases, you may manually enter the commands instead
of pasting from the clipboard.
Intel Agilex® 7 Device Security User Guide 64
Send Feedback
6. Troubleshooting 683823 | 2023.05.23
6.6. Bitstream Encryption Option Disabled Error
Error
Cannot finalize the encryption for the file design .sof because it was
compiled with the bitstream encryption option disabled.
Description If you try to encrypt the bitstream via GUI or command-line after
you have compiled the project with the bitstream encryption option disabled,
Quartus rejects the command as shown above.
Resolution Ensure that you compile the project with the bitstream encryption
option enabled either via GUI or command-line. To enable this option in GUI,
you must check the checkbox for this option.
Send Feedback
Intel Agilex® 7 Device Security User Guide 65
6. Troubleshooting 683823 | 2023.05.23
6.7. Specifying Correct Path to the Key
Error
Error (19516): Detected Programming File Generator settings error: Cannot find
‘key_file’. Make sure the file is located at the expected location or update
the setting.sec
Error (19516): Detected Programming File Generator settings error: Cannot find
‘key_file’. Make sure the file is located at the expected location or update
the setting.
Description
If you are using keys that are stored on the file system, you need to ensure
that they specify the correct path for the keys used for bitstream encryption
and signing. If the Programming File Generator cannot detect the right path,
the above error messages display.
Resolution
Refer to the Quartus Prime Settings .qsf file to locate the correct paths for
the keys. Make sure you use relative paths instead of absolute paths.
Intel Agilex® 7 Device Security User Guide 66
Send Feedback
6. Troubleshooting 683823 | 2023.05.23
6.8. Using Unsupported Output File Type
Error
quartus_pfg -c design.sof output_file.ebf -o finalize_operation=ON -o
qek_file=ae.qek -o signing=ON -o pem_file=sign_private.pem
Error (19511): Unsupported output file type (ebf). Use “-l” or “–list” option
to display supported file type information.
Description While using the Quartus Programming File Generator to generate the
encrypted and signed configuration bitstream, you may see the above error if
an unsupported output file type is specified. Resolution Use the -l or the
–list option to see the list of supported file types.
Send Feedback
Intel Agilex® 7 Device Security User Guide 67
683823 | 2023.05.23 Send Feedback
7. Intel Agilex 7 Device Security User Guide Archives
For the latest and previous versions of this user guide, refer to Intel Agilex
7 Device Security User Guide. If an IP or software version is not listed, the
user guide for the previous IP or software version applies.
Intel Corporation. All rights reserved. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Intel warrants performance of its FPGA and semiconductor products to current specifications in accordance with Intel’s standard warranty, but reserves the right to make changes to any products and services at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services. *Other names and brands may be claimed as the property of others.
ISO 9001:2015 Registered
683823 | 2023.05.23 Send Feedback
8. Revision History for the Intel Agilex 7 Device Security User Guide
Document Version 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>