Intel Stratix 10 User Manual

Intel Stratix 10 User Manual

Device security
Hide thumbs Also See for Stratix 10:
Table of Contents

Advertisement

Quick Links

®
®
Intel
Stratix
10 Device Security
User Guide
®
®
Updated for Intel
Quartus
Prime Design Suite: 19.1
Subscribe
UG-S10SECURITY | 2019.05.10
Send Feedback
Latest document on the web:
PDF
|
HTML

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Stratix 10 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Intel Stratix 10

  • Page 1 ® ® Intel Stratix 10 Device Security User Guide ® ® Updated for Intel Quartus Prime Design Suite: 19.1 Subscribe UG-S10SECURITY | 2019.05.10 Send Feedback Latest document on the web: HTML...
  • Page 2: Table Of Contents

    3.4.2. Step 4b: Signing the Bitstream Using the quartus_sign Command....19 3.5. Step 5: Programming the Owner Public Root Key for Authentication......20 3.5.1. Step 5a: Programming the Owner Public Root Key Using the Intel Quartus Prime Programmer................... 20 3.5.2. Step 5b: Calculating the Owner Public Root Key Hash........22 4.
  • Page 3 6.1.5. Step 3b: Programming the AES Key and Configuring the Encrypted Image Using the Command Line................40 7. Using eFuses ........................ 41 7.1. Fuse Programming Input Files................43 7.1.1. Fuse File Format..................44 8. Document Revision History for Intel Stratix 10 Device Security User Guide....45 ® ® Intel Stratix...
  • Page 4: Intel ® Stratix ® 10 Device Security Overview

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 5 In addition, key provisioning is the least secure step in the encryption process. Black key provisioning creates a direct secure channel between your custom hardware security module (HSM) and the Intel Stratix 10 device for key provisioning. Having a secure channel ensures confidential information including the AES key are provisioned into silicon without exposure to an intermediate party.
  • Page 6: Intel Stratix 10 Secure Device Manager (Sdm)

    UG-S10SECURITY | 2019.05.10 1.1. Intel Stratix 10 Secure Device Manager (SDM) The Secure Device Manager (SDM) is a triple-redundant processor-based module that manages the configuration and security features of Intel Stratix 10 devices. The SDM authenticates and decrypts configuration data. Figure 1.
  • Page 7: Intel Stratix 10 Base Security

    To enable base security features, you must program the hash of the owner public root key eFuse into Intel Stratix 10. As soon as you program the owner root key you have created an Intel Stratix 10 device with basic security. Your configuration bitstream must be signed.
  • Page 8: Owner Security Keys And Programming

    Owner public root key hash: Programming this key enables the base security features. The Intel Stratix 10 stores the SHA-256 or SHA-384 hash of this key in eFuses or virtual eFuses. This key authenticates the final owner design signing key through the public signature chain.
  • Page 9: Design Authentication

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 10 2. Design Authentication UG-S10SECURITY | 2019.05.10 Figure 2. Example of an Intel Stratix 10 Configuration Bitstream Structure Firmware section is static and Firmware Section Quartus Prime version dependent Design Section (IO Configuration) Design Section (HPS boot code) Design Section (FPGA Core Configuration) The I/O, HPS, and FPGA sections are dynamic and contain the device configuration information based on your design.
  • Page 11: Signature Block

    CRC to identify accidental modifications. Signature Chain Details Intel Stratix 10 FPGAs support up to four signature chains. If a signature chain is invalid, it is ignored. The FPGA starts validating the next signature chain. This capability allows for root key rollover. To pass authentication, at least one signature keychain must pass.
  • Page 12 FPGA I/O, score, PR, HPS I/O, and FSBL sections of the design. • Cancellation ID: Specifies the number that cancels a key that is no longer valid. Intel Stratix 10 devices include 32 cancellation IDs. Cancellation IDs 0-31 cancel owner keys. Once you cancel a key, any previous designs using the canceled key are unusable.
  • Page 13: Authentication For Hps Software

    If you are using an SoC device, the HPS Boot Code is part of the bitstream that is authenticated by the SDM during configuration. After you successfully load the HPS Boot Code on the Intel Stratix 10 device, you may need to ensure that the following boot stages of the HPS Software are also authenticated.
  • Page 14: Using The Authentication Feature

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 15: Step 1: Creating The Root Key

    You may need one or more design signing keys. Intel recommends using separate signing keys for the HPS and FPGA in Intel Stratix 10 SX devices. Creating multiple keys also gives you the flexibility to cancel keys if you detect an error, uncover a vulnerability, or need to update the firmware.
  • Page 16: Step 3: Appending The Design Signature Key To The Signature Chain

    3. Using the Authentication Feature UG-S10SECURITY | 2019.05.10 Note: Intel recommends using a passphrase because it makes the key file useless to an attacker. Option Description With passphrase quartus_sign --family=stratix10 --operation=make_private_pem -- curve=<prime256v1 or secp384r1> <design0_sign_private.pem> Enter the passphrase when prompted to do so.
  • Page 17: Step 4: Signing The Bitstream

    .qky bitstream. There are two options for bitstream signing: • You use Intel Quartus Prime Programming File Generator to generate the signed bitstream from a file. You specify the required format for your configuration .sof scheme.
  • Page 18 Specifying the Quartus Key File Specify Quartus Prime Key File Authentication and Encryption Category — Alternatively, you can add the following assignment statement to your Intel Quartus Prime Settings File ( .qsf set_global_assignment -name QKY_FILE design1_sign_keychain.qky 2. To generate a...
  • Page 19: Step 4B: Signing The Bitstream Using The Quartus_Sign Command

    ( ), a private signing key quartus_sign .qky ), and the unsigned raw binary file ( ) as inputs to generate the .pem .rbf signed . ® ® Intel Stratix 10 Device Security User Guide Send Feedback...
  • Page 20: Step 5: Programming The Owner Public Root Key For Authentication

    Values stored in eFuses clear each time you power cycle the Intel Stratix 10 device. You can use the Intel Quartus Prime Software to program the public root key for authentication. Alternatively, you can use a command-line command to accomplish this task.
  • Page 21 Options. Turn off the Enable device security using a volatile security key option. 5. To verify that the fuse value and the hash value of the owner public root key match, turn on the Verify option in the Intel Quartus Prime software. ® ®...
  • Page 22: Step 5B: Calculating The Owner Public Root Key Hash

    To validate the owner public root key hash, you can compare the value of to the value you observe when turn on the Examine option hash_fuse.txt while configuring the Intel Stratix 10 device in the Intel Quartus Prime Pro Edition Programmer. Related Information...
  • Page 23: Co-Signing Device Firmware Overview

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 24: Prerequisites For Co-Signing Device Firmware

    The permission is set to 1 for firmware. The Intel Quartus Prime Signing Tool allows you to append up to three keys, including the owner root key. The first two steps generate required inputs to the operation=append_key command shown in Step 3.
  • Page 25: Co-Signing The Firmware

    1. To find the list of helper devices, in the Intel Quartus Prime Programmer, select Add Device. 2. In the Device family list, select Intel Stratix 10. In the Device name list, identify the find the part number that matches your device.
  • Page 26 7. Program the Co-Signed Firmware eFuses: quartus_pgm -c 1 -m jtag -o "p; " programming_file.fuse Related Information Intel Stratix 10 GX/SX Device Overview For an explanation of Intel Stratix 10 device ordering codes. ® ® Intel Stratix 10 Device Security User Guide...
  • Page 27: Powering On In Jtag Mode After Implementing Co-Signed Firmware

    FPGA. This cancellation is permanent. This requirement only applies to Intel Stratix 10 devices that have the owner root key hash programmed in a physical (non-volatile) eFuse. If you have not programmed the owner root key eFuse, any version of the SDM firmware can run.
  • Page 28 This command generates a text file. my_fuse.fuse Sample contents of my_fuse.fuse # Co-signed firmware = "0xF" # Device not secure = "0x0" # Intel key cancellation = "" # Owner fuses "0x00000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000" # Owner key cancellation = ""...
  • Page 29 , to generate the configuration bitstream for Intel Stratix 10 devices. The nadder.zip SDM firmware signed with an Intel authentication key and has a cancellation ID. The bitstream also includes any authentication and encryption operations you specified. The resulting bitstream can be a file.
  • Page 30: Signing Command Detailed Description

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 31: Generate Private Pem Key

    Private PEM file Arguments This command includes 1 required argument and 1 optional argument: • : Selects the Elliptic Curve Digital Signature Algorithm (EDCSA) 256 or 384. Intel curve recommends using the key if possible because the key may be...
  • Page 32: Sign The Bitstream

    Intel Quartus .rbf .sof .rbf Prime File Programming File Generator dialog box or the quartus_pfg command-line command. Command quartus_sign --family=stratix10 --operation=sign --qky=<qky file>...
  • Page 33: Calculate Public Root Key Hash From Qky

    : Manufacturing uses this text file to program the specified eFuses of the Intel fuse output text Stratix 10 device. This process is irreversible. You can simulate this process using virtual eFuses. eFuses reset when you power-cycle the pcb. Arguments This command has no additional arguments.
  • Page 34: Encryption And Decryption Overview

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 35: Using The Encryption Feature

    6. Encryption and Decryption Overview UG-S10SECURITY | 2019.05.10 Figure 12. Bitstream Decryption Intel Stratix 10 Header Block Owner AES Root Key IVs & Intermediate Keys IV & Section Key Owner AES Root Key decrypts first Section Key of Header Block decrypts...
  • Page 36: Step 1: Preparing The Owner Image And Aes Key File

    6. Encryption and Decryption Overview UG-S10SECURITY | 2019.05.10 Figure 13. Design Flow for Owner Image Encryption in Intel Stratix 10 Devices Stage #3 Program owner AES root key (.qek) to the device (physical eFUSE/Virtual eFUSE/ BBRAM), and then configure Stage #1...
  • Page 37 6. Encryption and Decryption Overview UG-S10SECURITY | 2019.05.10 1. On the Intel Quartus Prime File menu select Programming File Generator. 2. On the Output Files tab, specify the output file type for your configuration scheme. Figure 14. Output File Specification...
  • Page 38: Step 2B: Generating Programming Files Using The Command Line Interface

    Specify Quartus Prime Key File Select Key Storage Location 1. Bring up the Intel Quartus Prime Programmer. 2. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File file. Navigate to your file and select it. .qky ®...
  • Page 39 Intel Stratix 10 device. Figure 18. Program/Configure A Key File Program/ Configure 4. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File. Navigate to your file and select it. .qek 5. Enable the Program/Configure option for the file.
  • Page 40: Step 3B: Programming The Aes Key And Configuring The Encrypted Image Using The Command Line

    6.1.5. Step 3b: Programming the AES Key and Configuring the Encrypted Image Using the Command Line You use the Intel Quartus Prime Programmer to program the owner AES key into the device. Then, configure the device using the encrypted bitstream.
  • Page 41: Using Efuses

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 42 AES key in eFuses, you can disable the BBRAM root key fuse for additional security. Because eFuses are non-volatile, Intel recommends validating eFuse programming before programming actual eFuses on the Intel Stratix 10 device. ® ®...
  • Page 43: Fuse Programming Input Files

    Quartus Prime Programmer. When you select this option the Intel Quartus Prime Pro Edition stores the eFuse values in firmware registers. 2. In the Intel Quartus Prime Programmer click Add File and browse to your signed bitstream. 3. In the Intel Quartus Prime Programmer turn on the Program/Configure and Examine options.
  • Page 44: Fuse File Format

    <fuse name> = <value> <fuse name> = <value> You can use the Intel Quartus Prime Programmer Examine option to read all currently programmed fuses in the Intel Stratix 10 device and store this information in a .fuse file. 7.1.1.1. Converting Key, Encryption, and Fuse Files to Jam Staple File Formats...
  • Page 45: Document Revision History For Intel Stratix 10 Device Security User Guide

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.

Table of Contents