Intel Stratix 10 User Manual
  1. Manuals
  2. Brands
  3. Intel Manuals
  4. Control Unit
  5. Stratix 10
  6. User manual

Intel Stratix 10 User Manual

Device security
Hide thumbs Also See for Stratix 10:
Table of Contents

Advertisement

Quick Links

®
®
Intel
Stratix
10 Device Security
User Guide
®
®
Updated for Intel
Quartus
Prime Design Suite: 19.3
Subscribe
UG-S10SECURITY | 2020.01.15
Send Feedback
Latest document on the web:
PDF
|
HTML

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Stratix 10 and is the answer not in the manual?

Questions and answers

Related Manuals for Intel Stratix 10

Summary of Contents for Intel Stratix 10

  • Page 1 ® ® Intel Stratix 10 Device Security User Guide ® ® Updated for Intel Quartus Prime Design Suite: 19.3 Subscribe UG-S10SECURITY | 2020.01.15 Send Feedback Latest document on the web: HTML...

  • Page 2: Table Of Contents

    ® 1. Intel Stratix 10 Device Security Overview..............4 1.1. Intel Stratix 10 Secure Device Manager (SDM)............6 1.2. Enabling Intel Stratix 10 Security Features..............7 1.2.1. Side Channel Mitigation................7 1.3. Owner Security Keys and Programming..............8 1.3.1. Owner Root Public Key Hash Programming............ 9 1.3.2.
  • Page 3 9.1.1. Fuse File Format..................51 9.1.2. Programming eFuses ................51 9.1.3. Canceling eFuses..................53 9.1.4. Converting Key, Encryption, and Fuse Files to Jam Staple File Formats.... 53 10. Document Revision History for Intel Stratix 10 Device Security User Guide....55 ® ® Intel...

  • Page 4: Intel ® Stratix ® 10 Device Security Overview

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 5 Physically Unclonable Function (PUF) Overview on page 9 for more information. These security features are available in Intel Stratix 10 devices that support advanced security. The following table lists the security features that Intel Stratix 10 devices support. Intel Stratix 10...

  • Page 6: Intel Stratix 10 Secure Device Manager (Sdm)

    UG-S10SECURITY | 2020.01.15 1.1. Intel Stratix 10 Secure Device Manager (SDM) The Secure Device Manager (SDM) is a triple-redundant processor-based module that manages the configuration and security features of Intel Stratix 10 devices. The SDM authenticates and decrypts configuration data. Figure 1.

  • Page 7: Enabling Intel Stratix 10 Security Features

    Intel and by you, the device owner. An eFuse on the Intel Stratix 10 device enables this feature. For a full list of available eFuse security options, refer to Using eFuses.

  • Page 8: Owner Security Keys And Programming

    Stratix 10 Device Security Overview UG-S10SECURITY | 2020.01.15 The following side channel mitigation features are available in Intel Stratix 10 devices: • Authentication first: The device authenticates the bitstream before decrypting it. Attackers cannot perform differential attacks on the AES encrypted data without breaking authentication.

  • Page 9: Owner Root Public Key Hash Programming

    The Intel Quartus Prime Programmer also includes an Encryption Key Select option with two choices: Battery Backup RAM or eFuses. This option is available for Intel Stratix 10 and later devices that include the SDM when you program a Intel Quartus Prime encryption key .qek...

  • Page 10: Anti-Tampering

    Black key provisioning creates a direct secure channel between your hardware security module (HSM) and the Intel Stratix 10 device. This secure channel ensures that your HSM can provision the AES key and other confidential information without exposure to an intermediate party.

  • Page 11: Design Authentication

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 12 2. Design Authentication UG-S10SECURITY | 2020.01.15 on the device. When you enable co-signed firmware you must co-sign the firmware before generating bitstreams. The SDM validates both the Intel signature and your signature before loading and running the SDM firmware. Figure 4.

  • Page 13: Signature Block

    Up to 4 Signature Chains 3rd Signature Chain Public Key Entry 2 (Optional) Dynamic Sector Pointers 4th Signature Chain Public Key Entry 3 (Optional) 32-bit CRC Header Block Entry ® ® Intel Stratix 10 Device Security User Guide Send Feedback...
  • Page 14 PR, HPS I/O, and FSBL sections of the design. • Cancellation ID: Specifies the number that cancels a key that is no longer valid. Intel Stratix 10 devices support 32 cancellation IDs. Cancellation IDs 0-31 cancel owner keys. Once you cancel a key, any previous designs signed by the canceled key are unusable.
  • Page 15 You cannot cancel the root key. Consequently, the root key does not have a cancellation ID. However, you can cancel a signature chain that includes two or more signature levels. Intel strongly recommends that you create a signature chain with at least two levels to retain the ability to update your signature keychain.

  • Page 16: Canceling Intel Firmware Id

    IDs for older versions of firmware to help ensure the device can only loads the most current firmware. This section describes when and how Intel firmware IDs are canceled. As of Intel Quartus Prime Pro Edition Version 19.3, Intel has used the following firmware IDs. Table 3.

  • Page 17: Authentication For Hps Software

    If you are using an SoC device, the HPS Boot Code is part of the bitstream that is authenticated by the SDM during configuration. After you successfully load the HPS Boot Code on the Intel Stratix 10 device, you may need to ensure that the following boot stages of the HPS Software are also authenticated.

  • Page 18: Using The Authentication Feature

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.

  • Page 19: Step 1: Creating The Root Key

    You may need one or more design signing keys. You can create separate signing keys for the HPS and FPGA in Intel Stratix 10 SX devices. Creating multiple keys gives you the flexibility to cancel keys if you detect an error, uncover a vulnerability, or need to update the design.

  • Page 20: Step 3: Appending The Design Signature Key To The Signature Chain

    1. Run the following command to create the first design signature private key. You use the design signature private key to create the design signature public key. Note: Intel recommends following industry best practices to use a strong, random passphrase on all private key files. The...

  • Page 21: Step 4: Signing The Bitstream

    .qky bitstream. There are two options for bitstream signing: • You use Intel Quartus Prime Programming File Generator to generate the signed bitstream from a file. You specify the required format for your configuration .sof scheme.
  • Page 22 UG-S10SECURITY | 2020.01.15 Figure 9. Specifying the Quartus Key File Specify Quartus Key File Security Category — Alternatively, you can add the following assignment statement to your Intel Quartus Prime Settings File ( .qsf set_global_assignment -name QKY_FILE design1_sign_keychain.qky 2. To generate a...

  • Page 23: Step 4B: Signing The Bitstream Using The Quartus_Sign Command

    ( ), a private signing key quartus_sign .qky ), and the unsigned raw binary file ( ) as inputs to generate the .pem .rbf signed . ® ® Intel Stratix 10 Device Security User Guide Send Feedback...

  • Page 24: Step 5: Programming The Owner Root Public Key For Authentication

    Values stored in eFuses clear each time you power cycle the Intel Stratix 10 device. You can use the Intel Quartus Prime Software to program the public root key for authentication. Alternatively, you can use a command-line command to accomplish this task.
  • Page 25 Note: Once you have specified the QKY file, the programmer displays the compatible version of firmware that you use to program the device. The version of the Intel Quartus Prime Programmer and the firmware must match. 4. You can choose to program the non-volatile eFuses or simulate the actual hardware using virtual eFuses.

  • Page 26: Step 5B: Calculating The Owner Root Public Key Hash

    To validate the owner root public key hash, you can compare the value of to the value you observe when turn on the Examine option hash_fuse.txt while configuring the Intel Stratix 10 device in the Intel Quartus Prime Pro Edition Programmer. Related Information...

  • Page 27: Co-Signing Device Firmware Overview

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.

  • Page 28: Prerequisites For Co-Signing Device Firmware

    <install_dir>/quartus/ directory. This file includes common/devinfo/programmer/firmware/ the SDM firmware. 3. Programming the Co-Signed Firmware eFuses in the the Intel Stratix 10 device using the signed firmware (Signed FW ) and signed_nadder.zip owner.fuse as inputs.

  • Page 29: Co-Signing The Firmware

    4.1.4. Powering On In JTAG Mode After Implementing Co-Signed Firmware After you program the co-signed firmware eFuse, the Intel Stratix 10 FPGA requires all configuration bitstreams to include co-signed firmware on every subsequent power-on. The existing helper image containing the SDM firmware is now out-of-date because it does not specify co-signed firmware.

  • Page 30: Hps Debug Using A Certificate

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.

  • Page 31: Enabling Hps Jtag Debugging

    5.1. Enabling HPS JTAG Debugging Use this procedure to enable HPS JTAG debugging after configuring the Intel Stratix 10 SX device with a signed bitstream. You should already have created a first-level signature chain by completing the instructions in the following topics: Step 2: Creating the Design Signing Key on page 19.
  • Page 32 Find the list of Intel Stratix 10 devices, in the Intel Quartus Prime Programmer, by select Add Device. b. In the Device family list, select Intel Stratix 10. In the Device name list, find the part number that matches your device.

  • Page 33: Signing Command Detailed Description

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.

  • Page 34: Generate Private Pem Key

    Output file Private PEM file Arguments This command includes 1 required argument and 1 optional argument: • : Selects the Elliptic Curve Digital Signature Algorithm (EDCSA) 256 or 384. Intel curve recommends using if possible because may be vulnerable to attacks...

  • Page 35: Append Key To Signature Chain

    • Uses the private part of the last-appended public key to sign the new public key • Appends the specified design signing key to the root public Intel Quartus Prime keychain • Assigns specified permissions and cancellation ID to the appended public key...

  • Page 36: Sign The Bitstream, Firmware, Or Debug Certificate

    Input file : This is the root public key. input QKY Output file : Manufacturing uses this text file to program the specified eFuses of the Intel fuse output text Stratix 10 device. Arguments This command has no additional arguments.

  • Page 37: Encryption And Decryption Overview

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 38 The section key decrypts the keys block which contains up to 128 keys. Each key is 256 bits and decrypts subsequent encrypted data or another keys block. Figure 16. Bitstream Decryption Intel Stratix 10 Header Block Owner AES Root Key IVs & Intermediate Keys IV &...

  • Page 39: Using The Encryption Feature

    Step 3: Programming the AES key and configuring the encrypted owner image The following flow diagram shows the processes required for each step. Figure 17. Design Flow for Owner Image Encryption in Intel Stratix 10 Devices Stage #3 Program owner AES root key (.qek) to the device (physical...

  • Page 40: Step 2A: Generating Programming Files Using The Programming File Generator

    .pof • Raw Programming Data File ( .rpd 1. On the Intel Quartus Prime File menu select Programming File Generator. 2. On the Output Files tab, specify the output file type for your configuration scheme. Figure 18. Output File Specification...

  • Page 41: Step 2B: Generating Programming Files Using The Command Line Interface

    Device Device and Pin Options. In the current release, you can select Battery Backup RAM (BBRAM) or eFuses. After you make this selection, the Intel Quartus Prime Pro Edition Software identifies the file as .sof encryption enabled and records your settings for the Encryption key select and Encryption update ratio.
  • Page 42 Specify Quartus Prime Key File Select Key Storage Location 1. Bring up the Intel Quartus Prime Programmer. 2. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File file. Navigate to your file and select it. .qky Figure 21.
  • Page 43 7. Encryption and Decryption Overview UG-S10SECURITY | 2020.01.15 4. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File. Navigate to your file and select it. .qek 5. Enable the Program/Configure option for the file. Disable the Program/ .qek...

  • Page 44: Step 3B: Programming The Aes Key And Configuring The Encrypted Image Using The Command Line

    7.1.5. Step 3b: Programming the AES Key and Configuring the Encrypted Image Using the Command Line You use the Intel Quartus Prime Programmer to program the owner AES key into the device. Then, configure the device using the encrypted bitstream.

  • Page 45: Storing The Aes Key Aes In Physical Efuses

    SDM firmware wraps the AES root key and stores the wrapped value in eFuses. You must upgrade to version 19.3 and cancel all prior Intel Firmware IDs in order to store your AES root key in physical eFuses.

  • Page 46: Encryption Command Detailed Description

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.

  • Page 47: Encrypt The Bitstream

    : Specifies an optional file path that a contains passphrase to protect the . If passphrase .qek you do not specify this argument, the command prompts you to enter the quartus_encrypt passphrase ® ® Intel Stratix 10 Device Security User Guide Send Feedback...

  • Page 48: Using Efuses

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 49 Legal Values Description Co-signed firmware 1-bit boolean When you program this fuse, both you and Intel must sign the device firmware. Intel signs the device firmware with the root public key during the manufacturing process. Device not secure 1-bit boolean If you receive a device and this fuse is programmed do not use the device and contact Intel.

  • Page 50: Fuse Programming Input Files

    Quartus Prime Programmer. When you select this option the Intel Quartus Prime Pro Edition stores the eFuse values in firmware registers. 2. In the Intel Quartus Prime Programmer click Add File and browse to your signed bitstream. 3. In the Intel Quartus Prime Programmer turn on the Program/Configure and Examine options.

  • Page 51: Fuse File Format

    1. To find the list of helper devices, in the Intel Quartus Prime Programmer, select Add Device. 2. In the Device family list, select Intel Stratix 10. In the Device name list, identify the find the part number that matches your device.
  • Page 52 //For virtual (volatile) eFuses programming_file.fuse quartus_pgm -c 1 -m jtag -o "p; " Related Information Intel Stratix 10 GX/SX Device Overview For an explanation of Intel Stratix 10 device ordering codes. ® ® Intel Stratix 10 Device Security User Guide...

  • Page 53: Canceling Efuses

    Jam Standard Test and Programming Language (STAPL) Format File .fuse ) and Jam Byte Code File ( ). You can use these files to program Intel .jam .jbc FPGAs using the Jam STAPL Player and the Jam STAPL Byte-Code Player, respectively.
  • Page 54 // To program the AES Encryption key into BBRAM quartus_jli -c 1 -a AESKEY_PROGRAM -e DO_UNI_ACT_DO_BBRAM_FLAG EncKey.jam Related Information AN 425: Using the Command-Line Jam STAPL Solution for Device Programming ® ® Intel Stratix 10 Device Security User Guide Send Feedback...

  • Page 55: Document Revision History For Intel Stratix 10 Device Security User Guide

    Intel's standard warranty, but reserves the right to make changes to any products and services Registered at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any information, product, or service described herein except as expressly agreed to in writing by Intel. Intel customers are advised to obtain the latest version of device specifications before relying on any published information and before placing orders for products or services.
  • Page 56 10. Document Revision History for Intel Stratix 10 Device Security User Guide UG-S10SECURITY | 2020.01.15 Document Version Intel Quartus Changes Prime Version • Added the following topics: — Step 4a: Protecting the AES Key when Storing the AES in eFuses —...

Table of Contents

Save PDF