Step 1: Preparing The Owner Image And Aes Key File; Step 2A: Generating Programming Files Using The Programming File Generator - Intel Stratix 10 User Manual

Device security

Hide thumbs Also See for Stratix 10:

Configuration user manual (113 pages)

User manual (228 pages)

User manual (56 pages)

Table Of Contents

Table of Contents

Figure 13.

Design Flow for Owner Image Encryption in Intel Stratix 10 Devices

quartus_encrypt

(stratix10_encrypt.py)

6.1.1. Step 1: Preparing the Owner Image and AES Key File

Before you generate the owner image and AES key file, you must specify

authentication settings on the Authentication and Encryption page of the Device

and Pin Options.

1. On the Authentication and Encryption page (Assignments

Device and Pin Options

File specify your root key file or signature key chain.

Note: Providing a root key enables other security features such as encryption in

2. Turn on the Enable Programming Bitstream Encryption option.

3. Specify the key storage location from Encryption Key Select drop-down list.

Intel recommends that you choose Virtual eFuses during development.

4. Generate the AES key using the

quartus_encrypt --family=stratix10 --operation=make_aes_key <output.qek>

Note: If you prefer, you can use your own custom script to generate the

6.1.2. Step 2a: Generating Programming Files Using the Programming File

Generator

You can use the Programming File Generator to encrypt and sign the owner image.

The Programming File Generator supports the following signed and encrypted output

file types:

•

Raw Binary File (

•

JTAG Indirect Configuration File (

•

Programmer Object File (

•

Raw Programming Data File (

Intel

Stratix

10 Device Security User Guide

Stage #1

Prepare SOF and QEK

Programming File Generation

.sof with Encryption

Enable and

Key Select Option

Passwordword

protected.qek

Authentication and Encryption), for Quartus Key

Intel Stratix 10 devices.

)

.rbf

.pof

6. Encryption and Decryption Overview

Stage #2

PFG Encryption Option:

Encrypted

Use Factory Script

.rbf/.jic/.pof/.rpd

(stratix10_encrypt.py)

or Custom Script

quartus_encrypt

)

.jic

)

.rpd

UG-S10SECURITY | 2019.05.10

Stage #3

Program owner AES root key

(.qek) to the device (physical

eFUSE/Virtual eFUSE/

BBRAM), and then configure

device with encrypted

bitstream

Programmer

Device

command:

.qek

Send Feedback

file.

Table of Contents

Step 1: Preparing The Owner Image And Aes Key File; Step 2A: Generating Programming Files Using The Programming File Generator - Intel Stratix 10 User Manual

6.1.1. Step 1: Preparing the Owner Image and AES Key File

Related Manuals for Intel Stratix 10

Related Content for Intel Stratix 10

Table of Contents