Core 2 duo mobile processor, intel core 2 solo mobile processor and intel core 2 extreme mobile processor on 45-nm process, platforms based on mobile intel 4 series express chipset family (113 pages)
3.4.2. Step 4b: Signing the Bitstream Using the quartus_sign Command....19 3.5. Step 5: Programming the Owner Public Root Key for Authentication......20 3.5.1. Step 5a: Programming the Owner Public Root Key Using the Intel Quartus Prime Programmer................... 20 3.5.2. Step 5b: Calculating the Owner Public Root Key Hash........22 4.
Page 3
6.1.5. Step 3b: Programming the AES Key and Configuring the Encrypted Image Using the Command Line................40 7. Using eFuses ........................ 41 7.1. Fuse Programming Input Files................43 7.1.1. Fuse File Format..................44 8. Document Revision History for Intel Stratix 10 Device Security User Guide....45 ® ® Intel Stratix...
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
Page 5
In addition, key provisioning is the least secure step in the encryption process. Black key provisioning creates a direct secure channel between your custom hardware security module (HSM) and the Intel Stratix 10 device for key provisioning. Having a secure channel ensures confidential information including the AES key are provisioned into silicon without exposure to an intermediate party.
UG-S10SECURITY | 2019.05.10 1.1. Intel Stratix 10 Secure Device Manager (SDM) The Secure Device Manager (SDM) is a triple-redundant processor-based module that manages the configuration and security features of Intel Stratix 10 devices. The SDM authenticates and decrypts configuration data. Figure 1.
To enable base security features, you must program the hash of the owner public root key eFuse into Intel Stratix 10. As soon as you program the owner root key you have created an Intel Stratix 10 device with basic security. Your configuration bitstream must be signed.
Owner public root key hash: Programming this key enables the base security features. The Intel Stratix 10 stores the SHA-256 or SHA-384 hash of this key in eFuses or virtual eFuses. This key authenticates the final owner design signing key through the public signature chain.
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
Page 10
2. Design Authentication UG-S10SECURITY | 2019.05.10 Figure 2. Example of an Intel Stratix 10 Configuration Bitstream Structure Firmware section is static and Firmware Section Quartus Prime version dependent Design Section (IO Configuration) Design Section (HPS boot code) Design Section (FPGA Core Configuration) The I/O, HPS, and FPGA sections are dynamic and contain the device configuration information based on your design.
CRC to identify accidental modifications. Signature Chain Details Intel Stratix 10 FPGAs support up to four signature chains. If a signature chain is invalid, it is ignored. The FPGA starts validating the next signature chain. This capability allows for root key rollover. To pass authentication, at least one signature keychain must pass.
Page 12
FPGA I/O, score, PR, HPS I/O, and FSBL sections of the design. • Cancellation ID: Specifies the number that cancels a key that is no longer valid. Intel Stratix 10 devices include 32 cancellation IDs. Cancellation IDs 0-31 cancel owner keys. Once you cancel a key, any previous designs using the canceled key are unusable.
If you are using an SoC device, the HPS Boot Code is part of the bitstream that is authenticated by the SDM during configuration. After you successfully load the HPS Boot Code on the Intel Stratix 10 device, you may need to ensure that the following boot stages of the HPS Software are also authenticated.
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
You may need one or more design signing keys. Intel recommends using separate signing keys for the HPS and FPGA in Intel Stratix 10 SX devices. Creating multiple keys also gives you the flexibility to cancel keys if you detect an error, uncover a vulnerability, or need to update the firmware.
3. Using the Authentication Feature UG-S10SECURITY | 2019.05.10 Note: Intel recommends using a passphrase because it makes the key file useless to an attacker. Option Description With passphrase quartus_sign --family=stratix10 --operation=make_private_pem -- curve=<prime256v1 or secp384r1> <design0_sign_private.pem> Enter the passphrase when prompted to do so.
.qky bitstream. There are two options for bitstream signing: • You use Intel Quartus Prime Programming File Generator to generate the signed bitstream from a file. You specify the required format for your configuration .sof scheme.
Page 18
Specifying the Quartus Key File Specify Quartus Prime Key File Authentication and Encryption Category — Alternatively, you can add the following assignment statement to your Intel Quartus Prime Settings File ( .qsf set_global_assignment -name QKY_FILE design1_sign_keychain.qky 2. To generate a...
( ), a private signing key quartus_sign .qky ), and the unsigned raw binary file ( ) as inputs to generate the .pem .rbf signed . ® ® Intel Stratix 10 Device Security User Guide Send Feedback...
Values stored in eFuses clear each time you power cycle the Intel Stratix 10 device. You can use the Intel Quartus Prime Software to program the public root key for authentication. Alternatively, you can use a command-line command to accomplish this task.
Page 21
Options. Turn off the Enable device security using a volatile security key option. 5. To verify that the fuse value and the hash value of the owner public root key match, turn on the Verify option in the Intel Quartus Prime software. ® ®...
To validate the owner public root key hash, you can compare the value of to the value you observe when turn on the Examine option hash_fuse.txt while configuring the Intel Stratix 10 device in the Intel Quartus Prime Pro Edition Programmer. Related Information...
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
The permission is set to 1 for firmware. The Intel Quartus Prime Signing Tool allows you to append up to three keys, including the owner root key. The first two steps generate required inputs to the operation=append_key command shown in Step 3.
1. To find the list of helper devices, in the Intel Quartus Prime Programmer, select Add Device. 2. In the Device family list, select Intel Stratix 10. In the Device name list, identify the find the part number that matches your device.
Page 26
7. Program the Co-Signed Firmware eFuses: quartus_pgm -c 1 -m jtag -o "p; " programming_file.fuse Related Information Intel Stratix 10 GX/SX Device Overview For an explanation of Intel Stratix 10 device ordering codes. ® ® Intel Stratix 10 Device Security User Guide...
FPGA. This cancellation is permanent. This requirement only applies to Intel Stratix 10 devices that have the owner root key hash programmed in a physical (non-volatile) eFuse. If you have not programmed the owner root key eFuse, any version of the SDM firmware can run.
Page 28
This command generates a text file. my_fuse.fuse Sample contents of my_fuse.fuse # Co-signed firmware = "0xF" # Device not secure = "0x0" # Intel key cancellation = "" # Owner fuses "0x00000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000" # Owner key cancellation = ""...
Page 29
, to generate the configuration bitstream for Intel Stratix 10 devices. The nadder.zip SDM firmware signed with an Intel authentication key and has a cancellation ID. The bitstream also includes any authentication and encryption operations you specified. The resulting bitstream can be a file.
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
Private PEM file Arguments This command includes 1 required argument and 1 optional argument: • : Selects the Elliptic Curve Digital Signature Algorithm (EDCSA) 256 or 384. Intel curve recommends using the key if possible because the key may be...
: Manufacturing uses this text file to program the specified eFuses of the Intel fuse output text Stratix 10 device. This process is irreversible. You can simulate this process using virtual eFuses. eFuses reset when you power-cycle the pcb. Arguments This command has no additional arguments.
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
6. Encryption and Decryption Overview UG-S10SECURITY | 2019.05.10 Figure 13. Design Flow for Owner Image Encryption in Intel Stratix 10 Devices Stage #3 Program owner AES root key (.qek) to the device (physical eFUSE/Virtual eFUSE/ BBRAM), and then configure Stage #1...
Page 37
6. Encryption and Decryption Overview UG-S10SECURITY | 2019.05.10 1. On the Intel Quartus Prime File menu select Programming File Generator. 2. On the Output Files tab, specify the output file type for your configuration scheme. Figure 14. Output File Specification...
Specify Quartus Prime Key File Select Key Storage Location 1. Bring up the Intel Quartus Prime Programmer. 2. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File file. Navigate to your file and select it. .qky ®...
Page 39
Intel Stratix 10 device. Figure 18. Program/Configure A Key File Program/ Configure 4. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File. Navigate to your file and select it. .qek 5. Enable the Program/Configure option for the file.
6.1.5. Step 3b: Programming the AES Key and Configuring the Encrypted Image Using the Command Line You use the Intel Quartus Prime Programmer to program the owner AES key into the device. Then, configure the device using the encrypted bitstream.
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
Page 42
AES key in eFuses, you can disable the BBRAM root key fuse for additional security. Because eFuses are non-volatile, Intel recommends validating eFuse programming before programming actual eFuses on the Intel Stratix 10 device. ® ®...
Quartus Prime Programmer. When you select this option the Intel Quartus Prime Pro Edition stores the eFuse values in firmware registers. 2. In the Intel Quartus Prime Programmer click Add File and browse to your signed bitstream. 3. In the Intel Quartus Prime Programmer turn on the Program/Configure and Examine options.
<fuse name> = <value> <fuse name> = <value> You can use the Intel Quartus Prime Programmer Examine option to read all currently programmed fuses in the Intel Stratix 10 device and store this information in a .fuse file. 7.1.1.1. Converting Key, Encryption, and Fuse Files to Jam Staple File Formats...
Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
Need help?
Do you have a question about the Stratix 10 and is the answer not in the manual?
Questions and answers