Step 3: Appending The Design Signature Key To The Signature Chain - Intel Stratix 10 User Manual

Device security

Hide thumbs Also See for Stratix 10:

Configuration user manual (113 pages)

User manual (228 pages)

User manual (45 pages)

Table Of Contents

Table of Contents

1. Run the following command to create the first design signature private key. You

use the design signature private key to create the design signature public key.

Note: Intel recommends following industry best practices to use a strong, random

Option

With passphrase

Without passphrase

2. Run the following command to create the design signature public key.

quartus_sign --family=stratix10 --operation=make_public_pem

<design0_sign_private.pem> <design0_sign_public.pem>

Enter your passphrase when prompted to do so.

3.3. Step 3: Appending the Design Signature Key to the Signature

Chain

This step appends design signing keys to the signature chain. The append command

implements the following operations:

•

Appends the 1st Level Public Key (

Public Key (

(

design0_sign_public.qky

public key.

•

Signs the new 1st Level Signature Chain (

Root Private Key (

1. Run the following command to append the first design signature key to the root

key, creating a two-level signature chain:

Setting the

FPGA I/O, core, PR, and HPS sections. Setting the

4 creates a signature that can sign only FPGA or HPS sections, respectively.

Setting the

signature. eFuses 0-31 are available for owner cancellation.

quartus_sign --family=stratix10 --operation=append_key \

--previous_pem=<root_private.pem> --previous_qky=<root_public.qky> \

--permission=6 --cancel=0 <design0_sign_public.pem> \

<design0_sign_chain.qky>

2. Use

a. Repeat the commands in Step

design1_sign_private.pem

b. Append

Intel

Stratix

10 Device Security User Guide

passphrase on all private key files. The

must be the same has the one you specified for the root key.

Description

quartus_sign --family=stratix10 --operation=make_private_pem --

curve=<prime256v1 or secp384r1> <design0_sign_private.pem>

Enter the passphrase when prompted to do so.

quartus_sign --family=stratix10 --operation=make_private_pem --

curve=<prime256v1 or secp384r1> --no_passphrase

<design0_sign_private.pem>

root_public.qky

root_private.pem

argument to 6 creates a signature that can sign the

permission

cancellation

again to create a three-level signature chain:

append_key

design1_sign_public.pem

curve

design0_sign_public.pem

) and generates the 1st Level Signature Chain

) that includes the root public key and design0

design0_sign_chain.qky

permission

argument to 0 means that eFuse0 can cancel this

on page 20, to generate both

and

design1_sign_public.pem

to the signature chain.

3. Using the Authentication Feature

UG-S10SECURITY | 2020.01.15

argument in this command

) to the Root

) using the

argument to 2 or

Send Feedback

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Step 3: Appending The Design Signature Key To The Signature Chain - Intel Stratix 10 User Manual

Hide quick links:

Related Manuals for Intel Stratix 10

Related Content for Intel Stratix 10

Table of Contents