Document Revision History For Intel Stratix 10 Device Security User Guide - Intel Stratix 10 User Manual

UG-S10SECURITY | 2020.01.15
Send Feedback
10. Document Revision History for Intel Stratix 10 Device
Security User Guide
Document Version
2020.01.15
2020.01.06
2019.10.30
Intel Corporation. All rights reserved. Agilex, Altera, Arria, Cyclone, Enpirion, Intel, the Intel logo, MAX, Nios,
Quartus and Stratix words and logos are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or
other countries. Intel warrants performance of its FPGA and semiconductor products to current specifications in
accordance with Intel's standard warranty, but reserves the right to make changes to any products and services
at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any
information, product, or service described herein except as expressly agreed to in writing by Intel. Intel
customers are advised to obtain the latest version of device specifications before relying on any published
information and before placing orders for products or services.
*Other names and brands may be claimed as the property of others.
Intel Quartus
Prime Version
19.3
Corrected the
Programming Files Using the Command Line. The correct command uses
pem_file=design0_sign_private.pem
quartus_pfg -c encryption_enabled.sof top.rbf \
-o finalize_encryption=ON -o qek_file=aes.qek \
-o signing=ON -o pem_file=design0_sign_private.pem
19.3 Made the following changes:
•
Corrected the
the Owner Image and AES Key Filetopic. The
max_key_use
•
Added command showing how to convert an
the Step 4: Signing the Bitstream topic.
• Added the following note to the Converting Key, Encryption, and Fuse
Files to Jam Staple File Formats topic:
Caution: When you convert the AES
• Added a link to the
BBRAM encryption key using the Mailbox Client Intel FPGA IP interface
and System Console?
JTAG Mailbox.
19.3 Added the following new security features:
• Added support for physical (non-volatile) eFuses.
• Changed the way you specify virtual (volatile) or physical (non-volatile)
eFuses. The
the
quartus_pgm
recompile to change the eFuse storage location.
• Increased the number of public keys entries supported from 2 to 3.
• Added support for a signed secure HPS debug certificate to prevent
unauthorized remote or physical access to the HPS.
• Decreased the encryption update ratio from 127:1 to 31:1.
• Revised description the Using the Authentication Feature example. The
example now specifies permission 6 to allow the key to sign both the
Core (permission=2) and HPS (permission=4) sections of the
configuration bitstream. You must create separate key chains to limit
the permissions to either Core or HPS.
• Added support for 10 additional eFuses described in the Owner
Programmable eFuses table.
• Added examples of advanced security features.
• Added descriptions of side-channel mitigation features.
Changes
argument in 7.1.3. Step 2b: Generating
pem_file
command in the Step 1: Preparing
quartus_encrypt
arguments must be preceded by
.qek
the file contains the AES key in plaintext but
.jam
obfuscated form. Consequently, you must protect the
file when storing the AES key. You can protect the
by provisioning the AES key in a secure environment.
How can I write or erase the Intel Stratix 10 AES
article in Storing the AES Key in BBRAM using the
parameter is now an argument to
--non_volatile_key
command. Consequently, you no longer need to
:
and
ik_count
.
--
to format in
.rbf .jam
file to format,
.jam
.jam
file
.jam
continued...
ISO
9001:2015
Registered