Intel Agilex 7 Saogalemu Meafaigaluega
Fa'amatalaga o oloa
Fa'amatalaga
- Numera Fa'ata'ita'i: UG-20335
- Aso Fa'ailoa: 2023.05.23
Fa'atonuga o le Fa'aaogaina o Mea
1. Tautinoga i le Puipuiga o Oloa
Ua tuuto atu Intel i le saogalemu o oloa ma fautuaina tagata faaaoga e faamasani i latou lava i punaoa saogalemu o oloa ua saunia. O nei punaoa e tatau ona faʻaaogaina i le olaga atoa o le oloa Intel.
2. Fuafuaga Saogalemu Fuafuaina
O lo'o fa'atulaga nei vaega saogalemu mo le fa'asa'olotoina o le polokalama Intel Quartus Prime Pro Edition i le lumana'i:
- Fa'atonuga o le Puipuiga o le Saogalemu Bitstream: Tuuina atu le fa'amautinoaga fa'aopoopo e le mafai e bitstreams Fa'atonu Fa'apitoa (PR) ona maua pe fa'alavelave i isi fa'aupuga PR persona bitstreams.
- Masini Fasioti Tagata mo le Anti-T Faaletinoamper: Fa'atino se masini solo po'o le masini e leai se tali ma polokalame eFuses e taofia ai le masini mai le toe setiina.
3. Avanoa Fa'amaumauga Puipuiga
Ole laulau o lo'o i lalo o lo'o lisiina ai fa'amaumauga o lo'o avanoa mo fa'aoga saogalemu o masini ile Intel FPGA ma Structured ASIC masini:
| Igoa Pepa | Faamoemoega |
|---|---|
| Metotia Puipuiga mo Intel FPGAs ma Structured ASICs User Taiala |
Pepa maualuga e maua ai fa'amatalaga auiliili o vaega saogalemu ma tekinolosi i Intel Programmable Solutions Oloa. Fesoasoani i tagata fa'aoga e filifili vaega talafeagai mo le puipuiga ausia a latou sini mo le saogalemu. |
| Intel Stratix 10 Device Security User Guide | Fa'atonuga mo tagata fa'aoga Intel Stratix 10 masini e fa'atino o vaega saogalemu ua faailoa mai i le faaaogaina o le Saogalemu Metotia Fa'aoga Taiala. |
| Intel Agilex 7 Device Security Taiala mo Tagata Fa'aoga | Fa'atonuga mo tagata fa'aoga Intel Agilex 7 masini e fa'atino o vaega saogalemu ua faailoa mai i le faaaogaina o le Saogalemu Metotia Fa'aoga Taiala. |
| Intel eASIC N5X Device Security Guide Guide | Fa'atonuga mo le fa'aogaina o masini Intel eASIC N5X e fa'atino o vaega saogalemu ua faailoa mai i le faaaogaina o le Saogalemu Metotia Fa'aoga Taiala. |
| Intel Agilex 7 ma Intel eASIC N5X HPS Cryptographic Services Fa'aoga Taiala |
Fa'amatalaga mo HPS software engineers ile fa'atinoga ma le fa'aogaina o faletusi komipiuta a le HPS e maua ai auaunaga fa'ata'oto saunia e le SDM. |
| AN-968 Black Key Provisioning Service Guide Amata vave | Fa'ato'a seti o la'asaga e fa'atūina ai le Fa'atonuga Ki Black auaunaga. |
Fesili e Fai soo
F: O le a le fa'amoemoega o le Taiala mo Tagata Fa'aoga Metotia Puipuiga?
A: O lo'o tu'uina mai e le Taiala mo Tagata Fa'aoga mo le Saogalemu fa'amatalaga au'ili'ili o uiga ma tekonolosi ile Intel Programmable Solutions Products. E fesoasoani i tagata fa'aoga e filifili ai mea e mana'omia mo le saogalemu e fa'afetaui ai a latou fa'amoemoega saogalemu.
Q: O fea e mafai ona ou maua ai le Intel Agilex 7 Device Security User Guide?
A: Ole Intel Agilex 7 Device Security User Guide e mafai ona maua ile Intel Resource and Design Center webnofoaga.
Q: O le a le auaunaga Black Key Provisioning?
A: O le 'au'aunaga Black Key Provisioning o se 'au'aunaga e tu'uina atu ai se seti atoatoa o laasaga e fa'atūina ai tu'utu'uga autu mo fa'agaioiga saogalemu.
Intel Agilex® 7 Taiala mo Tagata Fa'aoga Puipuiga
Fa'afou mo le Intel® Quartus® Prime Design Suite: 23.1
Online Version Lauina Manatu
UG-20335
683823 2023.05.23
Intel Agilex® 7 Device Security User Guide 2
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 3
683823 | 2023.05.23 Auina Manatu
1. Intel Agilex® 7
Ua uma le Puipuiga o Meaview
Ua mamanuina e Intel® le Intel Agilex® 7 masini fa'atasi ai ma mea fa'apitoa mo le puipuiga ma fa'amautu.
O lenei pepa o lo'o i ai fa'atonuga e fesoasoani ia te oe e fa'aoga ai le polokalama Intel Quartus® Prime Pro Edition e fa'atino ai vaega saogalemu i au masini Intel Agilex 7.
E le gata i lea, o le Saogalemu Metotia mo Intel FPGAs ma Structured ASICs User Guide o loʻo avanoa ile Intel Resource & Design Center. O lenei pepa o lo'o i ai fa'amatalaga au'ili'ili o uiga saogalemu ma tekinolosi o lo'o avanoa e ala i oloa a le Intel Programmable Solutions e fesoasoani ia te oe e filifili ai vaega saogalemu e mana'omia e ausia ai au sini tau puipuiga. Fa'afeso'ota'i le Intel Support ma le numera fa'asino 14014613136 e maua ai le Fa'atonuga Puipuiga mo Intel FPGAs ma Structured ASICs User Guide.
O le pepa o loʻo faʻatulagaina e pei ona taua i lalo: · Faʻamaonia ma Faʻatagaina: Tuuina atu faatonuga e fai
fa'amaoniga ki ma filifili saini, fa'aoga fa'atagaga ma fa'aleaogaina, fa'ailoga mea, ma fa'ailoga fa'amaonia polokalame i masini Intel Agilex 7. · AES Bitstream Encryption: Tuuina atu faatonuga e fatu ai se ki aʻa AES, faʻailoga bitstreams fetuutuunai, ma tuʻuina atu le ki aʻa AES i masini Intel Agilex 7. · Tuuina atu o Masini: Tuuina atu faatonuga e faʻaoga ai le Intel Quartus Prime Programmer ma le Secure Device Manager (SDM) faʻapipiʻi firmware e faʻapipiʻi ai le puipuiga o mea i luga ole Intel Agilex 7 masini. · Avanoa Avanoa: Tuuina atu faʻatonuga e mafai ai ona faʻaogaina tulaga saogalemu, e aofia ai le faʻatagaina o le debug malupuipuia, Hard Processor System (HPS) debug, ma le faʻafouina o le polokalama mamao.
1.1. Tautinoga i le Puipuiga o Oloa
Ole tautinoga umi a Intel ile saogalemu e leʻi sili atu ona malosi. E fautuaina malosi e Intel ia e masani i a matou punaoa saogalemu o oloa ma fuafua e faʻaaogaina i le olaga atoa o lau oloa Intel.
Faʻamatalaga Faʻafesoʻotaʻi · Puipuiga o oloa i le Intel · Fautuaga Nofoaga Autu Puipuiga a Intel
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
1. Intel Agilex® 7 Saogalemu Meafaigaluega I lugaview 683823 | 2023.05.23
1.2. Fuafuaga Saogalemu Fuafuaina
O vaega o loʻo taʻua i lenei vaega o loʻo fuafua mo se faʻasalalauga i le lumanaʻi o le Intel Quartus Prime Pro Edition software.
Fa'aaliga:
O faʻamatalaga i lenei vaega o mea muamua.
1.2.1. Fa'atonuga Fa'atonu Bitstream Security Verification
E fesoasoani le fa'amaoniaina o le puipuiga ole vaega ole toe fetuutuunai (PR) e tu'uina atu le fa'amautinoaga fa'aopoopo e le mafai e le PR persona bitstreams ona maua pe fa'alavelave i isi PR persona bitstreams.
1.2.2. Masini Fasioti Tagata mo le Anti-T Faaletinoamper
O le fasioti tagata lava ia e fa'atino ai le tapeina o masini po'o le tali ole masini ma fa'aopoopoina polokalame eFuses e taofia ai le masini mai le toe fa'atulagaina.
1.3. Avanoa Fa'amaumauga Puipuiga
O le siata o loʻo i lalo o loʻo faʻamatalaina ai faʻamaumauga o loʻo avanoa mo le saogalemu o masini ile Intel FPGA ma Structured ASIC masini:
Laulau 1.
Avanoa Fa'amaumauga Puipuiga o Masini
Igoa Pepa
Metotia Puipuiga mo Intel FPGAs ma Structured ASICs User Guide
Faamoemoega
Pepa maualuga o lo'o iai fa'amatalaga au'ili'ili o uiga saogalemu ma tekonolosi i le Intel Programmable Solutions Products. Fa'amoemoe e fesoasoani ia te oe i le filifilia o vaega saogalemu e mana'omia e fa'afetaui ai au fa'amoemoega saogalemu.
Pepa ID 721596
Intel Stratix 10 Device Security User Guide
Intel Agilex 7 Device Security Taiala mo Tagata Fa'aoga
Mo tagata e fa'aogaina masini Intel Stratix 10, o lenei ta'iala o lo'o i ai fa'atonuga e fa'aoga ai le polokalama Intel Quartus Prime Pro Edition e fa'atino ai vaega o le puipuiga ua fa'ailoa mai e fa'aaoga ai le Taiala mo Tagata Faiaoga Metotia Puipuiga.
Mo tagata e fa'aogaina masini Intel Agilex 7, o lenei ta'iala o lo'o i ai fa'atonuga e fa'aoga ai le polokalama Intel Quartus Prime Pro Edition e fa'atino ai vaega fa'apitoa e fa'ailoa mai e fa'aaoga ai le Taiala mo Tagata Faiaoga Metotia Puipuiga.
683642 683823
Intel eASIC N5X Device Security Guide Guide
Mo tagata e fa'aogaina masini Intel eASIC N5X, o lenei ta'iala o lo'o i ai fa'atonuga e fa'aoga ai le polokalama Intel Quartus Prime Pro Edition e fa'atino ai vaega o le puipuiga ua fa'ailoa mai e fa'aaoga ai le Taiala mo Tagata Faiaoga Metotia Puipuiga.
626836
Intel Agilex 7 ma Intel eASIC N5X HPS Cryptographic Services Taiala
O lenei ta'iala o lo'o i ai fa'amatalaga e fesoasoani ai i inisinia software HPS i le fa'atinoina ma le fa'aogaina o faletusi polokalama fa'akomepiuta a le HPS e maua ai auaunaga fa'ata'oto e saunia e le SDM.
713026
AN-968 Black Key Provisioning Service Guide Amata vave
O lenei ta'iala o lo'o i ai le seti atoa o la'asaga e fa'atulaga ai le auaunaga Black Key Provisioning.
739071
Nofoaga Intel Resource ma
Design Center
Intel.com
Intel.com
Intel Resource and Design Center
Intel Resource and Design Center
Intel Resource and Design Center
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 5
683823 | 2023.05.23 Auina Manatu
Ina ia mafai ona faʻamaonia foliga o se masini Intel Agilex 7, e te amata i le faʻaaogaina o le Intel Quartus Prime Pro Edition software ma meafaigaluega faʻapitoa e fausia ai se filifili saini. O se filifili saini e aofia ai se ki a'a, tasi pe sili atu ki saini, ma fa'atagaga talafeagai. E te fa'aogaina le filifili saini i lau poloketi Intel Quartus Prime Pro Edition ma polokalame tu'ufa'atasia files. Fa'aaogā fa'atonuga ile Tulaga Fa'atonu e fa'apolokalame ai lau ki a'a ile Intel Agilex 7 masini.
Fa'amatalaga Fa'atatau
Tuuina atu o Meafaigaluega i le itulau 25
2.1. Fausia se filifili saini
E mafai ona e fa'aogaina le quartus_sign tool po'o le agilex_sign.py reference fa'atinoga e fa'atino ai fa'agaioiga filifili saini. O lenei pepa o lo'o tu'uina atu aiample faʻaaogaina o le quartus_sign.
Mo le fa'aogaina o le fa'atinoga o fa'asinomaga, e te suitulaga i se vala'au i le fa'aliliuupu Python e aofia ai ma le polokalama Intel Quartus Prime ma fa'ate'aina le filifiliga –family=agilex; e tutusa uma isi filifiliga. Mo example, le quartus_sign poloaiga na maua mulimuli ane i lenei vaega
quartus_sign –family=agilex –operation=make_root root_public.pem root.qky e mafai ona liua i le valaau tutusa i le faʻatinoga o faʻamatalaga e pei ona taua i lalo
pgm_py agilex_sign.py –operation=make_root root_public.pem root.qky
Intel Quartus Prime Pro Edition software e aofia ai le quartus_sign, pgm_py, ma agilex_sign.py meafaigaluega. E mafai ona e fa'aogaina le Nios® II command shell tool, lea e otometi ona fa'atulaga suiga talafeagai o le siosiomaga e maua ai meafaigaluega.
Mulimuli i faʻatonuga nei e aumai ai se atigi faʻatonu Nios II. 1. Aumai se atigi poloaiga Nios II.
Filifiliga Pupuni
Linux
Fa'amatalaga
I luga o le lisi Amata, faasino i Polokalama Intel FPGA Nios II EDS ma kiliki Nios II Poloaiga Shell.
I se poloaiga atigi sui i le / nios2eds ma faʻatautaia le poloaiga lenei:
./nios2_command_shell.sh
O le exampO le vaega lea o lo'o fa'aogaina le filifili saini ma le bitstream fetuutuunai files o lo'o i totonu o le tusi faigaluega o lo'o iai nei. Afai e te filifili e mulimuli i le examples lea ki files e teuina i luga o le file faiga, na exampave le ki files o
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
o lo'o i totonu o le tusi faigaluega o lo'o iai nei. E mafai ona e filifili po'o fea fa'atonuga e fa'aoga, ma mea faigaluega e feso'ota'i file ala. Afai e te filifili e teu le ki files i luga o le file faiga, e tatau ona e pulea ma le faaeteete faatagaga avanoa ia i latou files.
Ua fautuaina e Intel le fa'aogaina o se masini fa'akomepiuta mo le saogalemu (HSM) e teu ai ki ma fa'atino galuega fa'ata'oto. O le meafaigaluega quartus_sign ma le fa'atinoga o fa'asinomaga e aofia ai le Public Key Cryptography Standard #11 (PKCS #11) Application Programming Interface (API) e fegalegaleai ai ma le HSM a'o fa'atinoina le fa'agaioiga o filifili saini. O le agilex_sign.py reference faʻatinoga e aofia ai se faʻamatalaga faʻapitoa faʻapea foʻi ma se example fa'aoga ile SoftHSM.
E mafai ona e faʻaaogaina nei mea muamuaample feso'ota'iga e fa'atino ai se atina'e i lau HSM. Va'ai i fa'amaumauga mai lau fa'atau HSM mo nisi fa'amatalaga e uiga i le fa'atinoina o se atina'e ma le fa'aogaina o lau HSM.
SoftHSM ose polokalama fa'atinoina o se masini fa'ata'oto fa'apitoa fa'atasi ai ma se fa'aoga PKCS #11 lea e fa'aavanoaina e le poloketi OpenDNSSEC®. E mafai ona e mauaina nisi faʻamatalaga, e aofia ai faʻatonuga ile auala e sii mai ai, fausia, ma faʻapipiʻi OpenHSM, ile poloketi OpenDNSSEC. O le exampfa'aoga i lenei vaega le SoftHSM version 2.6.1. O le exampO lo'o i totonu o lenei vaega fa'aopoopo le fa'aogaina o le pkcs11-tool utility mai OpenSC e fa'atino ai galuega fa'aopoopo PKCS #11 fa'atasi ai ma se fa'ailoga SoftHSM. E mafai ona e mauaina nisi fa'amatalaga, e aofia ai fa'atonuga ile laiga, fau, ma fa'apipi'i le pkcs11tool mai OpenSC.
Fa'amatalaga Fa'atatau
· O le OpenDNSSEC project Policy-based zone signer mo le otometi le faagasologa o le siakiina o ki DNSSEC.
· SoftHSM Fa'amatalaga e uiga i le fa'atinoina o se faleoloa fa'ata'oto e mafai ona maua e ala ile PKCS #11 fa'aoga.
· OpenSC Tuuina atu seti o faletusi ma mea aoga e mafai ona galulue i kata atamai.
2.1.1. Fausiaina Fa'amautuga Fa'auiga Paiga i le Fa'alotoifale File Faiga
E te fa'aogaina le meafaigaluega quartus_sign e fa'atupu ai pa'aga autu fa'amaoni i le lotoifale file faiga e fa'aoga ai le fai_private_pem ma fai_public_pem mea faigaluega. E te faia muamua se ki fa'apitoa i le fa'agaioiga make_private_pem. E te fa'amaoti le elliptic curve e fa'aoga, le private key fileigoa, ma filifili pe puipuia le ki patino i se fuaitau. E fautuaina e Intel le fa'aogaina o le secp384r1 curve ma mulimuli i faiga fa'apisinisi e sili ona lelei e fatu ai se fa'aupuga malosi, fa'afuase'i i luga o ki tuma'oti uma. files. Ua fautuaina foi e Intel le taofiofia o le file fa'atagaga faiga ile ki tuma'oti .pem files e faitau na'o lē e ona. E te maua le ki fa'alaua'itele mai le ki tuma'oti ma le fa'agaioiga make_public_pem. E aoga le ta'u o le ki .pem files fa'amatala. O lenei pepa o lo'o fa'aogaina le tauaofiaga _ .pem i le ex leaamples.
1. I le Nios II command shell, fa'atino le fa'atonuga lea e fai ai se ki fa'apitoa. O le ki patino, o loʻo faʻaalia i lalo, o loʻo faʻaaogaina e fai ma aʻa i le mulimuli aneample mea e fai ai se filifili saini. O masini Intel Agilex 7 e lagolagoina le tele o ki aʻa, o oe
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 7
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
toe fai le laasaga lea e fai ai lau numera mana'omia o ki a'a. ExampO mea o lo'o i totonu o lenei pepa e fa'asino uma i le ki a'a muamua, e ui lava e mafai ona e fausia filifili saini i se faiga fa'apena ma so'o se ki a'a.
Filifiliga Faatasi ai ma passphrase
Fa'amatalaga
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem Ulufale le passphrase pe a uunaia e fai.
E aunoa ma se upusii
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 –no_passphrase root0_private.pem
2. Fa'agasolo le fa'atonuga o lo'o i lalo e fai ai se ki fa'alaua'itele e fa'aaoga ai le ki fa'apitoa na gaosia i le la'asaga muamua. E te le mana'omia le puipuia o le agatapuia o se ki fa'alaua'itele.
quartus_sign –family=agilex –operation=make_public_pem root0_private.pem root0_public.pem
3. Toe tamo'e le fa'atonuga e fatu ai se paga ki e fa'aaogaina e fai ma ki saini mamanu i le filifili saini.
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 design0_sign_private.pem
quartus_sign –family=agilex –operation=make_public_pem design0_sign_private.pem design0_sign_public.pem
2.1.2. Fausiaina Fa'amaoni Pa'aga autu ile SoftHSM
O le SoftHSM exampO mea i totonu o lenei mataupu o loʻo faʻalagolago e le tagata lava ia. O nisi fa'amaufa'ailoga e fa'alagolago i lau fa'apipi'i SoftHSM ma se fa'ailoga amata i totonu o SoftHSM.
Ole meafaigaluega quartus_sign e fa'alagolago ile faletusi PKCS #11 API mai lau HSM.
O le exampO le vaega lea e manatu ua fa'apipi'i le faletusi SoftHSM i se tasi o nofoaga nei: · /usr/local/lib/softhsm2.so on Linux · C:SoftHSM2libsofthsm2.dll on 32-bit version of Windows · C:SoftHSM2libsofthsm2-x64 .dll ile 64-bit version o Windows.
Fa'amata se fa'ailoga i totonu o le SoftHSM e fa'aaoga ai le meafaigaluega softhsm2-util:
softhsm2-util –init-token –igoa agilex-token –pin agilex-token-pin –so-pin agilex-so-pin – leai se totogi
O fa'ailoga filifiliga, ae maise le fa'ailoga fa'ailoga ma pine fa'ailoga e fa'atasiample faaaogaina i lenei mataupu atoa. Ua fautuaina e Intel e te mulimuli i faatonuga mai lau tagata faatau HSM e fatu ma pulea faailoga ma ki.
E te fatuina le faʻamaonia o paga autu e faʻaaoga ai le pkcs11-tool utility e fegalegaleai ai ma le faʻailoga i SoftHSM. Nai lo le fa'asino tonu i le ki fa'alilolilo ma fa'alaua'itele .pem files i le file faiga example, e te fa'asino i le pa'aga ki i lona fa'ailoga ma otometi lava ona filifili e le meafaigaluega le ki talafeagai.
Intel Agilex® 7 Device Security User Guide 8
Lauina Manatu
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
Fa'asolo tulafono nei e fai ai se pa'aga ki e fa'aaogaina e fai ma 'a'a ki i se fa'asologa mulimuliamples fa'apea fo'i ma se pa'aga ki e fa'aaogaina e fai ma ki saini mamanu i le filifili saini:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC :secp384r1 –usage-sign –label root0 –id 0
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC :secp384r1 –usage-sign –label design0_sign –id 1
Fa'aaliga:
O le filifiliga ID i lenei laasaga e tatau ona tulaga ese i ki taitasi, ae na'o le HSM e fa'aaogaina. O lenei filifiliga ID e le feso'ota'i ma le ID fa'alēaogāina autu ua tofia i le filifili saini.
2.1.3. Fausiaina o le Saini Fa'aa'a Ulufale
Su'e le ki fa'alaua'itele a'a i se fa'aa'a filifili filifili saini, teuina i le lotoifale file faiga i le Intel Quartus Prime ki (.qky) faatulagaga file, fa'atasi ai ma le fa'agaioiga fai_root. Toe fai le laasaga lea mo ki ta'itasi e te fa'atupuina.
Fa'atonu le fa'atonuga o lo'o i lalo e fatu ai se filifili saini ma se a'a e ulufale ai, fa'aaoga ai le a'a lautele ki mai le file faiga:
quartus_sign –family=agilex –operation=make_root –key_type=owner root0_public.pem root0.qky
Faʻataʻitaʻi le faʻatonuga o loʻo i lalo e fatu ai se filifili saini ma se aʻa, faʻaaoga le ki aʻa mai le SoftHSM faʻailoga na faʻatuina i le vaega muamua:
quartus_sign –family=agilex –operation=make_root –key_type=owner –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so ” root0 root0.qky
2.1.4. Fausiaina o se Saini Fa'asinomaga Fa'aulufale Fa'asalalau
Fausia se fa'ailoga fou fa'alaua'itele mo se filifili saini ma le fa'aoga append_key. E te fa'ama'oti mai le filifili saini muamua, le ki patino mo le fa'ailoga mulimuli i le filifili saini muamua, le isi tulaga lautele ki, le fa'atagaga ma le fa'aleaogaina ID e te tu'uina atu i le isi tulaga lautele ki, ma le filifili fou saini. file.
Matau e le maua le faletusi softHSM i le fa'apipi'i Quartus ae e mana'omia ona fa'apipi'i ese. Mo nisi fa'amatalaga e uiga i le softHSM va'ai ile Vaega Fausiaina o se Saini Fa'ailoga i luga.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 9
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
Fa'alagolago i lou fa'aogaina o ki ile file faiga po'o totonu ole HSM, e te fa'aogaina se tasi o mea neiample poloaiga e faʻapipiʻi le design0_sign public key i le filifili saini aʻa na faia i le vaega muamua:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=6 –faalēaogāina=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= root0 –previous_qky=root0.qky –faatagaga=6 –fa’aleaogaina=0 –input_keyname=design0_sign design0_sign_chain.qky
E mafai ona e toe faia le append_key fa'agaoioiga e o'o atu i le fa'alua taimi mo le maualuga o le tolu fa'amatalaga autu lautele i le va o le a'a ma le fa'auluina poloka poloka i so'o se filifili saini e tasi.
O le exampLe fa'apea na e faia se isi fa'amaoniga lautele fa'atasi ma fa'atagaga tutusa ma tu'uina atu le fa'aleaogaina ID 1 ua ta'ua o le design1_sign_public.pem, ma o lo'o fa'apipi'iina lenei ki i le filifili saini mai le saini muamua.ampLe:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –fa’atagaga=6 –fa’aleaogaina=1 –input_pem=design1_sign_public.pem design1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= design0_sign –previous_qky=design0_sign_chain.qky –permission=6 –fa’aleaogaina=1 –input_keyname=design1_sign design1_sign_chain.qky
O masini Intel Agilex 7 e aofia ai se faʻailoga faʻamalo e faʻafaigofie ai le faʻaogaina o se ki e ono suia i lea taimi ma lea taimi i le olaga atoa o se masini tuʻuina atu. E mafai ona e filifilia lenei fa'ailoga fa'aleaogaina autu e ala i le suia o le finauga o le filifiliga -fa'aleaogaina ile pts:pts_value.
2.2. Sainiina o le Bitstream Configuration
O masini Intel Agilex 7 e lagolagoina numera o le Saogalemu Version Numera (SVN), lea e mafai ai ona e soloia le faatagaga o se mea e aunoa ma le faaleaogaina o se ki. E te tu'uina atu le SVN fa'atau ma le SVN fa'atauga talafeagai i le taimi o le sainia o so'o se mea, e pei o se vaega bitstream, firmware .zip file, poʻo se tusi faʻamaonia. E te tofia le SVN counter ma le SVN tau e faʻaaoga ai le -faʻaleaogaina filifiliga ma svn_counter:svn_value e fai ma finauga. O tau aoga mo svn_counter o svnA, svnB, svnC, ma svnD. O le svn_value o se numera tasi i totonu o le laina [0,63].
Intel Agilex® 7 Device Security User Guide 10
Lauina Manatu
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
2.2.1. Quartus Key File Tofiga
E te fa'amaoti se filifili saini i lau polokalama faakomepiuta Intel Quartus Prime ina ia mafai ai le fa'amaoniga fa'amaonia mo lena mamanu. Mai le lisi o Tofiga, filifili masini masini ma Pin Options Security Quartus Key File, ona su'e lea i le filifili saini .qky file na e faia e sainia lenei mamanu.
Ata 1. Fa'aagaoioi le Fa'atulagaina o Bitstream Set
I le isi itu, e mafai ona e faʻaopopoina le faʻamatalaga o tofiga i lau Intel Quartus Prime Settings file (.qsf):
seti_global_assignment -igoa QKY_FILE design0_sign_chain.qky
Ina ia maua se .sof file mai se mamanu tu'ufa'atasia muamua, e aofia ai lenei fa'atulagaga, mai le Fa'atonuga lisi, filifili Amata Amata Assembler. Le galuega fou .sof file e aofia ai tofitofiga e mafai ai ona fa'amaonia ma le filifili saini ua tu'uina atu.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 11
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
2.2.2. Saini Fa'atasi SDM Firmware
E te faʻaogaina le meafaigaluega quartus_sign e aveese ai, saini, ma faʻapipiʻi le SDM firmware .zip talafeagai file. O le firmware na sainia faʻatasi ona faʻapipiʻiina lea e le polokalame file meafaigaluega generator pe a e liliu .sof file i totonu o se faatulagaga bitstream .rbf file. E te fa'aogaina tulafono nei e fatu ai se filifili saini fou ma saini SDM firmware.
1. Fausia se pa'aga ki saini fou.
a. Fausia se ki saini fou i luga o le file faiga:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 firmware1_private.pem
quartus_sign –family=agilex –operation=make_public_pem firmware1_private.pem firmware1_public.pem
e. Fausia se pa'aga ki saini fou ile HSM:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen -mechanism ECDSA-KEY-PAIR-GEN –key-type EC :secp384r1 –faaogaina-faailoga –igoa firmware1 –id 1
2. Fausia se filifili saini fou o lo'o i ai le ki lautele fou:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x1 –calcel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= root0 –previous_qky=root0.qky –faatagaga=1 –faalēaogā=1 –input_keyname=firmware1 firmware1_sign_chain.qky
3. Kopi le firmware .zip file mai lau Intel Quartus Prime Pro Edition software installation directory ( /devices/programmer/firmware/ agilex.zip) i le lisi galue o iai nei.
quartus_sign –family=agilex –get_firmware=.
4. Saini le firmware .zip file. E otometi lava ona tatala e le meafaigaluega le .zip file ma saini taitoatasi uma firmware .cmf files, ona toe fausia lea o le .zip file mo le faʻaaogaina e meafaigaluega i vaega nei:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip signed_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”
Intel Agilex® 7 Device Security User Guide 12
Lauina Manatu
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
–keyname=firmware1 –faʻamalo=svnA:0 –qky=firmware1_sign_chain.qky agilex.zip signed_agilex.zip
2.2.3. Saini Fa'atonuga Bitstream Fa'aaoga le quartus_sign Poloaiga
Ina ia sainia se bitstream fetuutuunai e faʻaaoga ai le quartus_sign poloaiga, e te faʻaliliu muamua le .sof file i le binary mata e le'i sainia file (.rbf) faatulagaga. E mafai ona e fa'ailoa mai le fa'amaufa'ailoga saini fa'atasi e fa'aaoga ai le filifiliga fw_source i le taimi o le suiga.
E mafai ona e fa'atupuina le unsigned raw bitstream i le .rbf format e fa'aaoga ai le poloaiga lenei:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
Faʻatonu se tasi o tulafono nei e saini ai le bitstream e faʻaaoga ai le meafaigaluega quartus_sign e faʻatatau i le nofoaga o au ki:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf signed_bitstream.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf signed_bitstream.rbf
E mafai ona e liliu mai saini .rbf files i isi fetuutuunaiga bitstream file faatulagaga.
Mo example, pe afai o loʻo e faʻaogaina le Jam* Standard Test and Programming Language (STAPL) Player e faʻapipiʻi ai se bitstream i luga ole JTAG, e te fa'aogaina le fa'atonuga lea e fa'aliliu ai se .rbf file i le faatulagaga .jam e mana'omia e le Jam STAPL Player:
quartus_pfg -c saini_bitstream.rbf saini_bitstream.jam
2.2.4. Vaega Toefaatulagaina Lagolago Tele-Pulega
Intel Agilex 7 masini lagolago vaega reconfiguration tele-pule faʻamaoni, lea e faia e le e ona le masini ma saini le static bitstream, ma se isi PR pule e fatuina ma saini PR persona bitstreams. O masini Intel Agilex 7 e fa'atino le lagolago tele-pule e ala i le tu'uina atu o fa'amaufa'ailoga muamua a'a ki avanoa i le masini po'o le pule bitstream static ma tu'uina atu le fa'amautu fa'amautu a'a ki slot i le vaega reconfiguration persona bitstream pule.
Afai e mafai ona faʻamaonia le faʻamaoniga, ona tatau lea ona sainia uma ata PR persona, e aofia ai ata PR persona faʻapipiʻi. E mafai ona sainia e lē e ana le masini po'o lē e ana le PR; ae ui i lea, e tatau ona sainia e lē e ona le masini ia alavai o le itulagi.
Fa'aaliga:
Fa'ailoga Fa'ailoga Fa'apitoa ma fa'ailoga fa'ailoga tagata pe a fa'amalosia le lagolago a le tele o pulega e fuafua i se fa'asalalauga i le lumana'i.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 13
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
Ata 2.
O le fa'atinoina o se vaega toefa'atonu lagolago tele-pule e mana'omia ai ni laasaga se tele:
1. O le masini po'o le static bitstream owner e fa'atupuina se tasi po'o le sili atu authentication root ki e pei ona fa'amatalaina i le Fa'atupuina o Pa'aga Fa'amautu i SoftHSM i le itulau 8, lea o le filifiliga –key_type e iai lona tau.
2. O le vaega reconfiguration bitstream pule e fa'atupuina se fa'amaoniga a'a ki ae suia le -key_type filifiliga tau i le secondary_owner.
3. E fa'amautinoaina e le aufaifa'atonu e fa'atonuina le fa'aagaoioiga e fa'aagaoioi le tele-Authority i le fa'ailoga o Mea Fa'atonu ma Filifiliga Fa'amau.
Intel Quartus Prime Fa'aagaoioi le Fa'atonu Fa'atonu Fa'atonu Fa'atonu
4. E faia uma e i latou e ona mamanu saini saini e faavae i luga o latou ki a'a e pei ona faamatalaina i le Fausiaina o se filifili saini i le itulau 6.
5. E fa'aliliu e i latou e ona le mamanu tu'ufa'atasia ma fa'aputuga fa'atulagaina a latou mamanu tu'ufa'atasi i le .rbf format. files ma saini le .rbf files.
6. O le masini po'o le tagata e ona le bitstream e fa'atupuina ma saini se tusi fa'ataga fa'ataga polokalame fa'alaua'itele PR.
quartus_pfg –ccert o ccert_type=PR_PUBKEY_PROG_AUTH poo owner_qky_file=”root0.qky;root1.qky” unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=s10-token –user_pin=s10-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert
Intel Agilex® 7 Device Security User Guide 14
Lauina Manatu
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
7. O le masini po'o le tagata e ona bitstream static e tu'uina atu a latou fa'amaoniga a'a hashes i le masini, ona fa'apolokalameina lea o le PR public key program authorization compact certificate, ma mulimuli ane tu'uina atu le vaega reconfiguration bitstream owner root key i le masini. O lo'o fa'amatala mai e le vaega o le Tulaga Fa'atonu le fa'agasologa o le tu'uina atu.
8. Intel Agilex 7 masini ua configured ma le itulagi static .rbf file.
9. Intel Agilex 7 masini ua reconfigured vaega ma le persona design .rbf file.
Fa'amatalaga Fa'atatau
· Fausia se filifili saini i le itulau e 6
· Fausiaina o Paiga Autu Fa'amaonia ile SoftHSM ile itulau 8
· Tuuina atu o masini i le itulau e 25
2.2.5. Fa'amaonia le Fa'atonuga Bitstream Signature Chains
A uma ona e faia filifili saini ma saini bitstreams, e mafai ona e faʻamaonia o se bitstream saini e faʻapipiʻi saʻo se masini ua faʻapipiʻiina ma se ki aʻa. E te fa'aaoga muamua le fuse_info fa'agaioiga o le quartus_sign fa'atonuga e lolomi ai le hash o le a'a lautele ki i se tusitusiga file:
quartus_sign –family=agilex –operation=fuse_info root0.qky hash_fuse.txt
Ona e fa'aogaina lea o le check_integrity option o le quartus_pfg command e asiasia ai le filifili saini i vaega ta'itasi o le bitstream ua sainia i le .rbf format. Ole filifiliga siaki_integrity e lolomi fa'amatalaga nei:
· Tulaga ole su'esu'ega atoa ole bitstream
· O mea o lo'o i totonu o fa'amaumauga ta'itasi i filifili saini ta'itasi o lo'o fa'apipi'i i vaega ta'itasi i le bitstream .rbf file,
· Fa'amoemoeina le tau o le fuse mo le hash o le autu lautele mo filifili saini taitasi.
Ole tau mai le fuse_info output e tatau ona fetaui ma laina Fuse ile siaki_integrity output.
quartus_pfg –check_integrity signed_bitstream.rbf
O se ex leaample o le fa'atonuga o le check_integrity:
Fa'amatalaga: Poloaiga: quartus_pfg –check_integrity signed_bitstream.rbf Tulaga Amiotonu: OK
Vaega
Ituaiga: CMF
Saini Fa'amatala...
Saini filifili #0 (fa'amaumauga: -1, fa'asolo: 96)
Ulufale #0
Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79
72978B22 0731B082 6F596899 40F32048 AD766A24
Fausia ki…
Pi'o: secp384r1
X
: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA
456FF53F5DBB3A69E48A042C62AB6B0
Y
: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2
2826F7E94A169023AFAE1D1DF4A31C2
Fausia ki…
Pi'o: secp384r1
X
: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 15
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
456FF53F5DBB3A69E48A042C62AB6B0
Y
: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2
2826F7E94A169023AFAE1D1DF4A31C2
Ulufale #1
Fausia ki…
Pi'o: secp384r1
X
: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B
C120C7E7A744C357346B424D52100A9
Y
: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5
08A80F3FE7F156DEF0AE5FD95BDFE05
Ulufale #2 Fa'atagaga Keychain: SIGN_CODE Keychain e mafai ona fa'aleaogaina ile ID: 3 Saini filifili #1 (tusi: -1, offset: 648)
Ulufale #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Ulufale #1
Fausia ki…
Pi'o: secp384r1
X
: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D
74D982BC20A4772ABCD0A1848E9DC96
Y
: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D
0DA7C6B53D83CF8A775A8340BD5A5DB
Ulufale #2
Fausia ki…
Pi'o: secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Ulufale #3 Fa'atagaga Keychain: SIGN_CODE Keychain e mafai ona fa'aleaogaina ile ID: 15 Saini filifili #2 (tusi: -1, offset: 0) Saini filifili #3 (tusi: -1, offset: 0) Saini filifili #4 (tusi: -1, offset: 0) Saini filifili #5 (tusi: -1, offset: 0) Saini filifili #6 (fa'amau: -1, offset: 0) Saini filifili #7 (fa'amau: -1, offset: 0)
Ituaiga Vaega: IO Saini Fa'amatalaga … Saini filifili #0 (fa'amaumauga: -1, fa'asolo: 96)
Ulufale #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Intel Agilex® 7 Device Security User Guide 16
Lauina Manatu
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Ulufale #1
Fausia ki…
Pi'o: secp384r1
X
: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21
44758CA747B1A8315024A8247F12E51
Y
: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C
F4EA8B8E229218D38A869EE15476750
Ulufale #2
Fausia ki…
Pi'o: secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Ulufale #3 Fa'atagaga Keychain: SIGN_CORE Keychain e mafai ona fa'aleaogaina ile ID: 15 Saini filifili #1 (tusi: -1, offset: 0) Saini filifili #2 (tusi: -1, offset: 0) Saini filifili #3 (tusi: -1, offset: 0) Saini filifili #4 (fa'amau: -1, offset: 0) Saini filifili #5 (fa'amau: -1, offset: 0) Saini filifili #6 (fa'amau: -1, offset: 0) Saini filifili #7 (fa'amatalaga: -1, fa'asolo: 0)
Vaega
Ituaiga: HPS
Saini Fa'amatala...
Saini filifili #0 (fa'amaumauga: -1, fa'asolo: 96)
Ulufale #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Ulufale #1
Fausia ki…
Pi'o: secp384r1
X
: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30
09CE3F486200940E81D02E2F385D150
Y
: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E
5AC33EE6D388B1A895AC07B86155E9D
Ulufale #2
Fausia ki…
Pi'o: secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 17
2. Fa'amaoni ma Fa'atagaga 683823 | 2023.05.23
Ulufale #3 Fa'atagaga Keychain: SIGN_HPS Keychain e mafai ona fa'aleaogaina ile ID: 15 Saini filifili #1 (tusi: -1, offset: 0) Saini filifili #2 (tusi: -1, offset: 0) Saini filifili #3 (tusi: -1, offset: 0) Saini filifili #4 (fa'amau: -1, offset: 0) Saini filifili #5 (fa'amau: -1, offset: 0) Saini filifili #6 (fa'amau: -1, offset: 0) Saini filifili #7 (fa'amatalaga: -1, fa'asolo: 0)
Ituaiga Vaega: CORE Saini Fa'amatala … Saini filifili #0 (fa'amaumauga: -1, fa'asolo: 96)
Ulufale #0
Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6
DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Fausia ki…
Pi'o: secp384r1
X
: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765
0411C4592FAFFC71DE36A105B054781
Y
: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8
6B7312EEE8241189474262629501FCD
Ulufale #1
Fausia ki…
Pi'o: secp384r1
X
: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21
44758CA747B1A8315024A8247F12E51
Y
: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C
F4EA8B8E229218D38A869EE15476750
Ulufale #2
Fausia ki…
Pi'o: secp384r1
X
: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432
76896E771A9C6CA5A2D3C08CF4CB83C
Y
: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1
49F91CABA72F6A3A1C2D1990CDAEA3D
Ulufale #3 Fa'atagaga Keychain: SIGN_CORE Keychain e mafai ona fa'aleaogaina ile ID: 15 Saini filifili #1 (tusi: -1, offset: 0) Saini filifili #2 (tusi: -1, offset: 0) Saini filifili #3 (tusi: -1, offset: 0) Saini filifili #4 (fa'amau: -1, offset: 0) Saini filifili #5 (fa'amau: -1, offset: 0) Saini filifili #6 (fa'amau: -1, offset: 0) Saini filifili #7 (fa'amatalaga: -1, fa'asolo: 0)
Intel Agilex® 7 Device Security User Guide 18
Lauina Manatu
683823 | 2023.05.23 Auina Manatu
AES Bitstream Encryption
Advanced Encryption Standard (AES) bitstream encryption o se vaega e mafai ai e se tagata e ona le masini ona puipuia le le faalauaiteleina o meatotino tau le mafaufau i se bitstream fetuutuunai.
Ina ia fesoasoani i le puipuia o le agatapuia o ki, fetuutuunaiga bitstream encryption e faaaoga ai se filifili o ki AES. O nei ki e faʻaogaina e faʻailogaina ai faʻamatalaga e ona i totonu o le bitstream configuration, lea e faʻapipiʻi ai le ki muamua i le ki aʻa AES.
3.1. Fausia le AES Root Key
E mafai ona e fa'aogaina le meafaigaluega quartus_encrypt po'o le stratix10_encrypt.py fa'atinoga fa'asinomaga e fatu ai se ki a'a AES i le fa'ailoga Intel Quartus Prime software encryption key (.qek) file.
Fa'aaliga:
O le stratix10_encrypt.py file e fa'aoga mo Intel Stratix® 10, ma le Intel Agilex 7 masini.
E mafai ona e fa'atonuina le ki fa'avae e fa'aaoga e maua mai ai le AES root key ma le ki fa'atupuina, le tau mo le AES root key sa'o, numera o ki vaeluagalemu, ma le maualuga o le fa'aoga i le intermediate key.
E tatau ona e faʻamaonia le aiga masini, .qek file nofoaga, ma le fuaitau pe a uunaia.
Fa'atonu le fa'atonuga lea e fa'atupu ai le ki a'a AES e fa'aaoga ai fa'amaumauga fa'afuase'i mo le ki fa'avae ma tau fa'aletonu mo le numera o ki vaeluagalemu ma le fa'aoga maualuga ki.
Mo le fa'aogaina o le fa'atinoga o fa'asinomaga, e te suitulaga i se vala'au i le fa'aliliuupu Python e aofia ai ma le polokalama Intel Quartus Prime ma fa'ate'aina le filifiliga –family=agilex; e tutusa uma isi filifiliga. Mo example, le quartus_encrypt poloaiga maua mulimuli ane i le vaega
quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek
e mafai ona liua i le valaau tutusa i le faʻatinoga o faʻamatalaga e pei ona mulimuli mai pgm_py stratix10_encrypt.py –operation=MAKE_AES_KEY aes_root.qek
3.2. Fa'ailoga Fa'ailoga Quartus
Ina ia fa'aogaina le fa'ailoga bitstream mo se mamanu, e tatau ona e fa'ama'oti filifiliga talafeagai e fa'aaoga ai le Assignments Device Device ma Pin Options Security panel. E te filifilia le Enable configuration bitstream encryption box, ma le mea e mana'omia e Encryption e teu ai mai le lisi pa'ū.
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
Ata 3. Intel Quartus Prime Encryption Settings
3. AES Bitstream Encryption 683823 | 2023.05.23
I le isi itu, e mafai ona e faʻaopopoina le faʻamatalaga o tofiga i lau Intel Quartus Prime faʻatulagaina file .qsf:
seti_global_assignment -igoa ENCRYPT_PROGRAMMING_BITSTREAM ile seti_global_assignment -igoa PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
Afai e te mana'o e fa'ataga fa'aitiitiga fa'aopoopo e fa'asaga i vete osofa'iga a le itu-auala, e mafai ona e fa'aogaina le Fa'ailoga fa'afouga fa'afouga pa'u i lalo ma Enable scrambling checkbox.
Intel Agilex® 7 Device Security User Guide 20
Lauina Manatu
3. AES Bitstream Encryption 683823 | 2023.05.23
O suiga tutusa i le .qsf o:
set_global_assignment -igoa PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING ile seti_global_assignment -igoa PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31
3.3. Fa'ailogaina o le Bitstream Configuration
E te fa'ailogaina se fetuutuunaiga bitstream a'o le'i sainia le bitstream. Le Intel Quartus Prime Polokalama File E mafai ona otometi lava ona fa'ailoga ma saini le mea faigaluega fa'atupu fa'aputuga ma saini se bitstream fetuutuuna'i e fa'aoga ai le fa'aoga fa'aoga fa'akalafi po'o le laina fa'atonu.
E mafai ona e faia se filifiliga fai se vaega fa'ailoga bitstream mo le fa'aoga i le quartus_encrypt ma le quartus_sign mea faigaluega po'o fa'atusa fa'atinoga fa'atusa.
3.3.1. Configuration Bitstream Encryption Fa'aaogaina le Polokalama File Fa'aaufa'atasi Ata fa'atupu
E mafai ona e faʻaogaina le Polokalama File Generator e fa'ailoga ma saini le ata e ona.
Ata 4.
1. I luga ole Intel Quartus Prime File menu filifili Polokalama File Galue. 2. I luga o le Galuega Fa'atino Files tab, faʻamaonia le gaioiga file type mo lau fa'atulagaina
fuafuaga.
Tuuina atu File Fa'amatalaga
Fuafuaga polokalame Fa'atulagaina file laupepa
Tuuina atu file ituaiga
3. I luga o le Ulufale Files tab, kiliki Add Bitstream ma su'esu'e i lau .sof. 4. Ina ia faʻamaonia filifiliga faʻailoga ma faʻamaoniga filifili le .sof ma kiliki
Meatotino. a. Ki'i le Enable signing tool. e. Mo Private key file filifili lau ki saini private .pem file. i. Ki le Fa'ai'uga fa'ailoga.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 21
3. AES Bitstream Encryption 683823 | 2023.05.23
Ata 5.
o. Mo Encryption ki file, filifili lau AES .qek file. Ulufale (.sof) File Meatotino mo le Fa'amaoni ma le Fa'ailoga
Fa'amalo le fa'amaoni Fa'ailoa a'a tuma'oti .pem
Fa'amalo fa'ailoga Fa'ailoa ki fa'ailoga
5. Ia fa'atupuina le bitstream ua sainia ma fa'ailoga, i luga ole Input Files tab, kiliki Fausia. O lo'o fa'aali pusa fa'amatalaga mo oe e tu'u ai lau fa'amatalaga mo lau ki .qek AES file ma le sainia o ki patino .pem file. Le polokalame file generator faia le fa'ailogaina ma saini galuega_file.rbf.
3.3.2. Configuration Bitstream Encryption Fa'aaogaina le Polokalama File Faiga Fa'atonu laina Fa'afeso'ota'i
Fausia se fa'ailoga fa'ailoga ma saini fa'asologa bitstream i le .rbf fa'apipi'i ma le quartus_pfg fa'atonu laina laina:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o saini=ON -o pem_file=design0_sign_private.pem
E mafai ona e fa'aliliuina se bitstream fa'ailoga fa'ailoga ma saini i le .rbf fa'asologa i isi bitstream fa'aopoopo file faatulagaga.
3.3.3. Fa'ailoga Fa'ailoga Fa'ailoga Fa'ailoga Bitstream Fa'aaogāina le Fa'atonuga o Laina Fa'atonu
E mafai ona e fa'atupuina se polokalame fa'ailoga fa'ailoga file e fa'amae'a fa'ailoga ma saini le ata mulimuli ane. Fausia le polokalame fa'ailoga fa'ailoga file i le faatulagaga .rbf ma lequartus_pfgcommand line interface: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf
Intel Agilex® 7 Device Security User Guide 22
Lauina Manatu
3. AES Bitstream Encryption 683823 | 2023.05.23
E te faʻaogaina le meafaigaluega laina laina quartus_encrypt e faʻamaeʻa ai faʻailoga bitstream:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
E te faʻaogaina le meafaigaluega laina laina quartus_sign e saini ai le faʻailoga faʻailoga bitstream:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf signed_encrypted_top.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf signed_encrypted_top.rbf
3.3.4. Fa'ailoga Fa'atonu Bitstream Encryption
E mafai ona e fa'aogaina le fa'amalamalamaga o le bitstream i luga o nisi Intel Agilex 7 FPGA mamanu e fa'aogaina ai se vaega toe fetuutuunai.
O mamanu toe fetuutuuna'i vaega e fa'aogaina ai le Hierarchical Partial Reconfiguration (HPR), po'o le Static Update Partial Reconfiguration (SUPR) e le lagolagoina le fa'ailoga bitstream. Afai o lau mamanu e tele vaega PR, e tatau ona e fa'ailoga tagata uma.
Ina ia mafai ona fa'apipi'i fa'ailoga bitstream se vaega toe fetuutuuna'i, mulimuli i le faiga lava lea e tasi i suiga uma o mamanu. 1. I luga ole Intel Quartus Prime File menu, filifili Tofiga masini masini
ma Filifiliga Pin Saogalemu. 2. Filifili le nofoaga e teu ai ki fa'ailoga.
Ata 6. Fa'atonuga Fa'apitoa Bitstream Encryption Seti
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 23
3. AES Bitstream Encryption 683823 | 2023.05.23
I le isi itu, e mafai ona e faʻaopopoina le faʻamatalaga o tofiga o loʻo i lalo i le Quartus Prime settings file .qsf:
set_global_assignment -igoa –ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION on
A mae'a ona e tu'ufa'atasia lau mamanu fa'avae ma toe iloiloga, e fa'atupuina e le software a.soffile ma le tasi pe sili atu.pmsffiles, e fai ma sui o tagata. 3. Fausia polokalame fa'ailoga ma sainia files mai.sof ma.pmsf files i se faiga tutusa i mamanu e aunoa ma se vaega toe fetuutuunai mafai. 4. Suia le persona.pmsf ua tuufaatasia file i se vaega fa'ailoga.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. Fa'amae'a fa'ailoga bitstream e fa'aaoga ai le quartus_encrypt command line tool:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. Saini le encrypted configuration bitstream e fa'aaoga ai le quartus_sign command line tool:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbf signed_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –qky= design0_sign_chain.qky –cance=svnA:0 –keyname=design0_sign encrypted_persona1.rbf signed_encrypted_persona1.rbf
Intel Agilex® 7 Device Security User Guide 24
Lauina Manatu
683823 | 2023.05.23 Auina Manatu
Tuuina atu o masini
E na'o le SDM fa'apolokalame fa'apolokalame e lagolagoina. Fa'aaoga le Intel Quartus Prime Programmer e utaina ai le firmware o le SDM ma fa'atino fa'agaioiga fa'atonu.
E mafai ona e faʻaaogaina soʻo se ituaiga o JTAG la'u mai le uaea e fa'afeso'ota'i ai le Quartus Programmer i se masini Intel Agilex 7 e fa'atino ai galuega fa'atino.
4.1. Fa'aaogā SDM Provision Firmware
O le Intel Quartus Prime Programmer e otometi lava ona fatuina ma utaina se ata ole fesoasoani ile falegaosimea pe a e filifilia le faʻagaioiga amata ma se faʻatonuga e faʻapipiʻi se mea e ese mai i le bitstream configuration.
Faʻalagolago i le faʻatonuga o le polokalame ua faʻamaonia, o le faʻataʻitaʻiga fesoasoani ile fale gaosimea o se tasi o ituaiga e lua:
· Tuuina atu ata fesoasoani-e aofia ai le tasi vaega bitstream o loʻo iai le SDM faʻapipiʻi firmware.
· Ata fesoasoani QSPI-e aofia ai vaega e lua bitstream, tasi o loʻo i ai le SDM matua firmware ma le tasi vaega I/O.
E mafai ona e fatuina se ata fesoasoani ile falegaosimea file e uta i lau masini a'o le'i faia so'o se fa'atonuga polokalame. A maeʻa le faʻapipiʻiina o se faʻamaufaʻailoga aʻa, e tatau ona e fatuina ma sainia se ata ole fesoasoani ile fale gaosi oloa ole QSPI ona o le vaega I/O e aofia ai. Afai e te fa'aopoopoina le fa'apolokalameina o le eFuse fa'apipi'i fa'apipi'i fa'apipi'i fa'amaumau, e tatau ona e fa'atupuina ma fa'aoga ata ole fesoasoani ile falegaosimea ma QSPI fa'atasi ai ma firmware saini fa'atasi. E mafai ona e fa'aogaina se fa'ailoga fesoasoani ile fale gaosi saini i luga o se masini e le'i fa'atonuina ona o le masini e le'i fa'atonuina e le amana'ia filifili saini e le o le Intel ile SDM firmware. Va'ai i le Fa'aaogaina o le QSPI Factory Default Helper Image on Owned Devices i le itulau 26 mo nisi fa'amatalaga e uiga i le fatuina, sainia, ma le fa'aogaina o le QSPI factory default helper image.
Ole ata ole fesoasoani ile fale gaosi oloa e fa'atinoina se gaioiga fa'apolokalame, e pei o le fa'apolokalameina o le fa'amaoniga a'a ki hash, fa'amautu fa'amautu fuses, fa'ailoga PUF, po'o le tu'uina atu o ki uliuli. E te fa'aogaina le Intel Quartus Prime Programming File Meafaigaluega laina fa'atonuga fa'atupu e fatu ai le ata fesoasoani fesoasoani, fa'amaoti le filifiliga helper_image, lou igoa helper_device, le subtype ata fesoasoani fesoasoani, ma pe a filifili se firmware .zip saini fa'atasi file:
quartus_pfg –fesoasoani_ata -o fesoasoani_meamea=AGFB014R24A -o laititi=tulaga -o fw_source=signed_agilex.zip saini_provision_helper_image.rbf
Polokalama le ata fesoasoani e faʻaaoga ai le meafaigaluega a le Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o “p;signed_provision_helper_image.rbf” –malosi
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
4. Tuuina atu o masini 683823 | 2023.05.23
Fa'aaliga:
E mafai ona e fa'ate'aina le galuega amata mai fa'atonuga, e aofia ai exampo lo'o tu'uina atu i lenei mataupu, pe a uma ona fa'apolokalameina se ata fesoasoani fesoasoani po'o le fa'aogaina o se fa'atonuga o lo'o iai le fa'agaioiga amata.
4.2. Fa'aaogā QSPI Factory Default Helper Image on Owned Devices
O le Intel Quartus Prime Programmer e otometi lava ona fatuina ma utaina se ata ole fesoasoani ile falegaosimea ole QSPI pe a e filifilia le gaioiga amata mo se polokalame moli QSPI. file. A maeʻa le faʻapipiʻiina o se faʻamaufaʻailoga aʻa, e tatau ona e fatuina ma sainia le ata ole fesoasoani ile falegaosimea ole QSPI, ma faʻapipiʻi ese le ata ole fesoasoani ile fale gaosi oloa QSPI aʻo leʻi faʻapipiʻiina le QSPI flash. 1. E te fa'aogaina le Intel Quartus Prime Programming File Generator command line tool to
fatuina le ata fesoasoani QSPI, faʻamaonia le fesoasoani_image filifiliga, lau ituaiga fesoasoani_device, le QSPI fesoasoani faʻataʻitaʻiga subtype, ma le filifiliga o se firmware cosigned .zip file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. E te sainia le ata ole fesoasoani ile fale gaosimea ole QSPI:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf signed_qspi_helper_image.rbf
3. E mafai ona e fa'aogaina so'o se polokalame fa'amalama QSPI file faatulagaga. O le exampfa'aaoga se bitstream fetuutuunai ua liua i le .jic file faatulagaga:
quartus_pfg -c signed_bitstream.rbf signed_flash.jic -o masini=MT25QU128 -o flash_loader=AGFB014R24A -o mode=ASX4
4. E te fa'apolokalameina le ata fesoasoani saini e fa'aaoga ai le meafaigaluega a le Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o “p;signed_qspi_helper_image.rbf” –malosi
5. E te fa'apolokalame le ata .jic e emo e fa'aaoga ai le meafaigaluega a le Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o “p;signed_flash.jic”
4.3. Authentication Root Key Tuuina atu
Ina ia fa'apolokalame le pule a'a hashes i fuses faaletino, muamua e tatau ona e utaina le firmware saunia, sosoo ai ma le polokalame le pule a'a hashes, ona vave faia lea o le toe setiina o le mana. E le mana'omia le toe fa'aleleia o le mana pe a fa'asolo le ki fa'apolokalame i fuses.
Intel Agilex® 7 Device Security User Guide 26
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Ina ia polokalame faʻamaonia aʻa hashes ki, e te polokalame le saunia firmware fesoasoani ata ma tamoe se tasi o poloaiga nei e polokalame le ki aʻa .qky files.
// Mo faʻaletino (e le faʻafefe) eFuses quartus_pgm -c 1 -mjtag -o “p;root0.qky;root1.qky;root2.qky” –non_volatile_key
// Mo fa'amatalaga (volatile) eFuses quartus_pgm -c 1 -mjtag -o “p;root0.qky;root1.qky;root2.qky”
4.3.1. Faiga Fa'atonu Fa'atonu Fa'atele Pule Fa'aa'a Polokalama Ki
A mae'a ona tu'uina atu le masini po'o le static region bitstream owner root key, e te toe utaina le masini tu'uina atu ata fesoasoani, fa'apolokalame le sainia o le PR saini fa'alaua'itele polokalame fa'atagaina tusi fa'amaonia, ona tu'uina atu lea o le PR persona bitstream owner root key.
// Mo faʻaletino (e le faʻafefe) eFuses quartus_pgm -c 1 -mjtag -o “p;root_pr.qky” –pr_pubkey –non_volatile_key
// Mo fa'amatalaga (volatile) eFuses quartus_pgm -c 1 -mjtag -o “p;p;root_pr.qky” –pr_pubkey
4.4. Fa'apolokalame Fa'aleaogaina Fa'ailoga ID Fuses
Amata ile Intel Quartus Prime Pro Edition software version 21.1, fa'apolokalameina ole Intel ma le pule ile fa'aleaogaina ole ID fuses e mana'omia ai le fa'aogaina o se tusi fa'amaonia saini. E mafai ona e sainia le pepa fa'amaufa'ailoga ID fa'aleaogaina autu ma se filifili saini e iai fa'atagaga saini vaega FPGA. E te fatuina le tusi faamaonia ma le polokalame file meafaigaluega laina poloaiga generator. E te sainia le tusi faamaonia e leʻi sainia e faʻaaoga ai le meafaigaluega quartus_sign poʻo le faʻatinoga o faʻamatalaga.
O masini Intel Agilex 7 e lagolagoina faletupe eseese o ID fa'aleaogaina autu mo ki ta'itasi. Pe a fa'apolokalameina le ID fa'alēaogāina e ona ki i totonu o le Intel Agilex 7 FPGA, e fa'ailoa e le SDM po'o le fea ki a'a na sainia le tusi fa'amaufa'atasi ma feula le fuse ID fa'aleaogaina e fetaui ma lena ki a'a.
O le examples faia se Intel key faalēaogāina tusi faamaonia mo Intel key ID 7. E mafai ona e suitulaga i le 7 i le ID faalēaogāina ki Intel talafeagai mai le 0-31.
Fa'atonu le fa'atonuga nei e fatu ai se fa'ailoga fa'amaufa'ailoga ID fa'alilolilo Intel e le'i sainia:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 unsigned_cancel_intel7.ccert
Fa'ata'ita'i se tasi o tulafono nei e saini ai le fa'ailoga ID fa'aliloga ole Intel key e le'i sainia:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 27
4. Tuuina atu o masini 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
Fa'ata'ita'i le fa'atonuga lea e fai ai se tusipasi fa'alēaogāina ID fa'aliloilo e le'i sainia:
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 unsigned_cancel_owner2.ccert
Fa'agasolo se tasi o fa'atonuga nei e saini ai le tusi pasi fa'alilolilo ID fa'amaufa'ailoga e le'i saini:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
A mae'a ona e faia se fa'ailoga fa'amaufa'ailoga ID fa'aliloga ua sainia, e te fa'aogaina le Intel Quartus Prime Programmer e fa'apolokalame ai le tusi fa'atusatusa i le masini e ala i le J.TAG.
//Mo fa'aletino (e le fa'afefe) eFuses quartus_pgm -c 1 -mjtag -o “pi;signi_cancel_intel7.ccert” –non_volatile_key quartus_pgm -c 1 -mjtag -o “pi;signi_cancel_owner2.ccert” –non_volatile_key
//Mo fa'amatalaga (volatile) eFuses quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_intel7.ccert” quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_owner2.ccert”
E mafai fo'i ona e lafo atu le tusi pasi fa'aopoopo i le SDM e fa'aoga ai le atigipusa meli FPGA po'o le HPS.
4.5. Fa'aleaogaina Ki A'a
O masini Intel Agilex 7 e fa'atagaina oe e fa'aleaogaina le fa'amaufa'ailoga a'a pe a iai se isi fa'amaufa'ailoga a'a e le'i fa'aleaogaina. E te fa'aleaogaina se hash ki a'a e ala i le fa'atulagaina muamua o le masini ma se mamanu o lona filifili saini e maua'a i se 'ese'ese hash ki a'a, ona fa'apolokalame lea o se pepa fa'amaufa'atasi o le fa'aliloiloina o le hash root key. E tatau ona e sainia le root key hash cancellation compact certificate ma se filifili saini e maua'a i le root key e fa'aleaogaina.
Fa'ata'ita'i le fa'atonuga lea e fa'atupu ai se fa'ailoga fa'amaufa'ailoga fa'alia o le hash root key e le'i sainia:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert
Intel Agilex® 7 Device Security User Guide 28
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Fa'agasolo se tasi o fa'atonuga nei e saini ai le fa'ailoga fa'amaufa'ailoga fa'alia o hash a'a e le'i sainia:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
E mafai ona e fa'apolokalameina se tusi fa'amaufa'ailoga fa'alia o le hash a'a e ala i le JTAG, FPGA, po'o pusameli HPS.
4.6. Polokalame Counter Fuses
E te fa'afouina le Numera o le Puipuiga (SVN) ma le Pseudo Time Stamp (PTS).
Fa'aaliga:
O lo'o fa'amauina e le SDM le tau fa'atauta'i maualalo o lo'o va'aia i le taimi o se fa'atonuga ma e le talia tusi pasi fa'aopoopo pe a la'ititi le tau fa'atau nai lo le tau maualalo. E tatau ona e fa'afou mea uma ua tu'uina atu i se fata ma toe fetu'una'i le masini a'o le'i fa'apolokalameina se tusi pasi fa'aopoopo fa'aopoopo.
Fa'agasolo se tasi o fa'atonuga o lo'o mulimuli mai e fetaui ma le tusi fa'aopoopo e te mana'o e fai.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert
quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert
Ole tau fa'atusa ole 1 e fa'atupuina ai se tusi fa'atagaina fa'aopoopo fa'aopoopo. O le fa'apolokalameina o se tusipasi fa'ataga fa'aopoopo fa'aopoopo e mafai ai e oe ona fa'apolokalame isi tusi pasi fa'aopoopo e le'i sainia e fa'afou ai le fata ta'itasi. E te fa'aogaina le meafaigaluega quartus_sign e saini ai le fa'ailoga fa'amaufa'ailoga tusi fa'atusa i le faiga fa'atusa ma le fa'aleaogaina autu ID fa'amaonia fa'amautu.
E mafai ona e fa'apolokalameina se tusi fa'amaufa'ailoga fa'alia o le hash a'a e ala i le JTAG, FPGA, po'o pusameli HPS.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 29
4. Tuuina atu o masini 683823 | 2023.05.23
4.7. Saogalemu Fa'amatalaga Mea'ai Au'aunaga A'a Tulaga Ki
E te fa'aogaina le Intel Quartus Prime Programmer e tu'uina atu ai le ki a'a o le Secure Data Object Service (SDOS). E otometi lava ona utaina e le Polokalama le ata fesoasoani firmware e saunia ai le ki aʻa SDOS.
quartus_pgm c 1 mjtag –service_root_key –non_volatile_key
4.8. Saogalemu Seti Fuse Tulaga
Fa'aoga le Intel Quartus Prime Programmer e su'esu'e ai fuse fa'atulagaina o le puipuiga o masini ma tusi i se .fuse fa'avae tusitusiga. file fa'apea:
quartus_pgm -c 1 -mjtag -o “ei;polokalame_file.fuse;AGFB014R24B”
Filifiliga · i: E utaina e le Polokalama le ata o le fesoasoani firmware i le masini. · u: E faitau e le Polokalama le fuse mai le masini ma teu i totonu o se .fuse file.
O le .fuse file o lo'o i ai se lisi o fa'aigoa fa'aigoa fa'afuse. O le tau e fa'amaoti mai ai pe ua feula se fuse po'o mea o lo'o i totonu o le fuse field.
O le example faʻaalia le faʻatulagaina o le .fuse file:
# Firmware saini saini
= "E le'i feula"
# Fa'ataga Fa'atonu Mea Fasi
= "E le'i feula"
# E le saogalemu le masini
= "E le'i feula"
# Fa'agata HPS debug
= "E le'i feula"
# Fa'agata le lesitalaina o ID PUF
= "E le'i feula"
# Taofi JTAG
= "E le'i feula"
# Tape le PUF-afifi fa'ailoga ki
= "E le'i feula"
# Faʻamalo le ki faʻailoga faʻailoga i le BBRAM = "E leʻi feula"
# Faʻamalo le ki faʻamalamalamaga o le pule ile eFuses = "E leʻi feula"
# Fa'ate'a le pule a'a fa'alaua'itele fa'amaufa'ailoga hash 0
= "E le'i feula"
# Fa'ate'a le pule a'a fa'alaua'itele fa'amaufa'ailoga hash 1
= "E le'i feula"
# Fa'ate'a le pule a'a fa'alaua'itele fa'amaufa'ailoga hash 2
= "E le'i feula"
# Fa'agata eFuses
= "E le'i feula"
# Fa'amalosi le uati SDM i le oscillator totonu = "E le'i feula"
# Fa'afou fa'amatalaga fa'amaufa'ailoga malosi
= "E le'i feula"
# Intel fa'alia fa'aleaogaina ki
= “0”
# Loka saogalemu eFuses
= "E le'i feula"
# Ua mae'a le polokalame fa'amaufa'ailoga a le pule
= "E le'i feula"
# Owner encryption key program amata
= "E le'i feula"
# Le tagata e ona le fa'aleaogaina fa'amatalaga manino 0
= “”
# Le tagata e ona le fa'aleaogaina fa'amatalaga manino 1
= “”
# Le tagata e ona le fa'aleaogaina fa'amatalaga manino 2
= “”
# Fusi a lē e ona
=
“0x00000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000
0000000000000000000000”
# O lē e ona a'a fa'aigoa fa'alaua'itele hash 0
=
“0x00000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000”
# O lē e ona a'a fa'aigoa fa'alaua'itele hash 1
=
“0x00000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000”
# O lē e ona a'a fa'aigoa fa'alaua'itele hash 2
=
“0x00000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000”
# O lē e ona a'a lautele ki lautele
= “Leai”
# PTS counter
= “0”
# PTS counter base
= “0”
Intel Agilex® 7 Device Security User Guide 30
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
# QSPI tuai amata amata # RMA Counter # SDMIO0 o le I2C # SVN counter A # SVN counter B # SVN counter C # SVN counter D
= “10ms” = “0” = “E le’i feula” = “0” = “0” = “0” = “0”
Suia le .fuse file e seti ai fuses fa'atulagaina saogalemu. Ole laina e amata ile # e fa'atatauina ole laina ole fa'amatalaga. Ina ia fa'apolokalame se fuse fa'amautu, aveese le ta'imua # ma fa'atulaga le tau i Blown. Mo example, ina ia mafai ai le Co-signed Firmware security set fuse, sui le laina muamua o le fuse file i mea nei:
Firmware saini fa'atasi = "Blown"
E mafai fo'i ona e fa'asoa ma fa'apolokalameina Fuse Owner e fa'atatau i ou mana'oga.
E mafai ona e faʻaogaina le faʻatonuga o loʻo i lalo e fai ai se siaki avanoa, polokalame, ma faʻamaonia le pule lautele aʻa:
quartus_pgm -c 1 -mjtag -o “ibpv;root0.qky”
Filifiliga · i: utaina le ata o le fesoasoani firmware i le masini. · b: Fa'atino se siaki avanoa e fa'amaonia ai e le o iai fusu fa'atulagaina saogalemu
ua uma ona feula. · p: Polokalama le fuse. · v: Fa'amaonia le ki ua fa'apolokalameina i le masini.
Ina ua uma le polokalame o le .qky file, e mafai ona e su'esu'eina le fa'amatalaga o le fuse e ala i le toe siakiina o fa'amatalaga fa'amau ina ia mautinoa e le'o se-zero le tau o le e ona le ki fa'alaua'itele.
A'o vaega nei e le mafai ona tusia i le .fuse file auala, o lo'o aofia ai i le taimi o le su'esu'ega galuega fa'atino mo le fa'amaoniga: · E le maluelue le masini · Fa'ataga le masini fa'atamaia · Fa'amalo le pule a'a fa'amalo lautele hash 0 · Fa'amalo le pule a'a fa'alaua'itele hash 1 · Fa'amalo le pule a'a fa'amalo lautele hash 2 · Intel fa'alēaogā ki · Amata le polokalame ki fa'amaufa'ailoga a lē ona · Ua mae'a le polokalame ki fa'ailoga fa'ailoga e ona tagata · Fa'aleaogaina ki fa'aliga · Hash ki fa'alaua'itele e ona le tele o ki fa'alaua'itele le tele o fa'aigoa fa'aigoa fa'alaua'itele.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 31
4. Tuuina atu o masini 683823 | 2023.05.23
· fa'atauga PTS · fa'atutusa PTS fa'avae · tuai le amataina o le QSPI · fa'atau RMA · fa'a SDMIO0 o le I2C · fa'atau A SVN fa'a B · fa'atete SVN C · fa'a SVN D.
Fa'aoga le Intel Quartus Prime Programmer e fa'apolokalame ai le .fuse file toe foi i le masini. Afai e te faʻaopoopoina le filifiliga i, e otometi lava ona utaina e le Polokalama le firmware o le tuʻuina atu e faʻapolokalame ai fuse seti saogalemu.
//Mo fa'aletino (e le fa'afefe) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fuse” –non_volatile_key
//Mo fa'amatalaga (volatile) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fuse”
E mafai ona e faʻaogaina le faʻatonuga lea e faʻamaonia ai pe tutusa le hash root key ma le .qky o loʻo tuʻuina atu i le poloaiga:
quartus_pgm -c 1 -mjtag -o “v;root0_another.qky”
Afai e le fetaui ia ki, e le manuia le Polokalama i se fe'au sese o le Operation.
4.9. AES Root Key Tulaga
E tatau ona e fa'aoga se tusipasi fa'amaufa'ailoga ki a AES ua sainia e fa'apolokalame ai se ki a'a AES i se masini Intel Agilex 7.
4.9.1. AES Root Key Compact Certificate
E te fa'aogaina le meafaigaluega laina fa'atonu quartus_pfg e fa'aliliu ai lau ki a'a AES .qek file i totonu o le pepa fa'amaonia .ccert faatulagaga. E te fa'amaoti le nofoaga autu e teu ai a'o faia le tusi fa'akomipiuta. E mafai ona e fa'aogaina le meafaigaluega quartus_pfg e fai ai se tusi pasi e le'i sainia mo le saini mulimuli. E tatau ona e fa'aogaina se filifili saini ma le AES root key certificate saini, fa'atagaina bit 6, fa'aagaina ina ia mafai ai ona saini manuia se AES root key compact certificate.
Intel Agilex® 7 Device Security User Guide 32
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
1. Fausia se pa'aga fa'aopoopo e fa'aaoga e saini ai le AES key compact certificate e fa'aaoga ai se tasi o le fa'atonuga e pei oamples:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 aesccert1_private.pem
quartus_sign –family=agilex –operation=make_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen mechanism ECDSA-KEY-PAIR-GEN –key-type EC: secp384r1 –usage-sign –label aesccert1 –id 2
2. Fausia se filifili saini ma le fa'atagaga sa'o ua setiina e fa'aaoga ai se tasi o poloaiga nei:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccert1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM -module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= root0 –previous_qky=root0.qky –faatagaga=0x40 –faaleaogaina=1 –input_keyname=aesccert1 aesccert1_sign_chain.qky
3. Fausia se tusipasi fa'akomepiuta AES e le'i sainia mo le nofoaga e teu ai ki a'a AES. O lo'o maua avanoa e teu ai a'a a'a AES nei:
· EFUSE_WRAPPED_AES_KEY
· IID_PUF_WRAPPED_AES_KEY
· UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
· BBRAM_IID_PUF_WRAPPED_AES_KEY
· BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
// Fausia eFuse AES a'a ki le sainiina tusi faamaonia quartus_pfg –ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.ccert
4. Saini le tusi faamaonia fa'atasi ma le fa'atonuga quartus_sign po'o le fa'atinoga o fa'asinomaga.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_sign_chain.qky unsigned_ 1.ccert saini_ 1.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 33
4. Tuuina atu o masini 683823 | 2023.05.23
–keyname=aesccert1 –qky=aesccert1_sign_chain.qky unsigned_ 1.ccert sainia_ 1.ccert
5. Fa'aaoga le Intel Quartus Prime Programmer e fa'apolokalame le AES root key compact certificate i le Intel Agilex 7 masini e ala i le JTAG. E lē mafai e le Intel Quartus Prime Programmer ona fa'apolokalame eFuses virtual pe'ā fa'aogaina le EFUSE_WRAPPED_AES_KEY ituaiga tusi pasi.
E te faʻaopoopoina le filifiliga -non_volatile_key e faʻamaonia ai le faʻapipiʻiina o fusi faʻaletino.
//Mo fa'aletino (e le fa'afefe) eFuse AES a'a ki quartus_pgm -c 1 -mjtag -o “pi;signed_efuse1.ccert” –non_volatile_key
//Mo le fa'aigoa (fa'alelei) eFuse AES a'a ki quartus_pgm -c 1 -mjtag -o “pi;signed_efuse1.ccert”
//Mo BBRAM AES root key quartus_pgm -c 1 -mjtag -o “pi;signed_bbram1.ccert”
E lagolagoina e le SDM firmware ma le firmware autu polokalame tusi faamaonia autu AES. E mafai fo'i ona e fa'aogaina le atigipusa meli SDM mai le ie FPGA po'o le HPS e fa'apolokalame ai se tusi faamaonia ki a'a AES.
Fa'aaliga:
E le lagolagoina e le quartus_pgm le filifiliga b ma le v mo tusi pasi fa'atusatusa (.ccert).
4.9.2. Intrinsic ID® PUF AES Root Key Provisioning
Fa'atinoina o le Intrinsic* ID PUF afifi AES Key e aofia ai laasaga nei: 1. Fa'amauina le Intrinsic ID PUF e ala i le JTAG. 2. afifiina le ki a'a AES. 3. Polokalama fa'amaumauga fesoasoani ma afifi ki i le quad SPI flash memory. 4. Fesili ile Intrinsic ID PUF activation status.
O le fa'aogaina o le Intrinsic ID tekinolosi e mana'omia ai se maliliega laisene tu'uese ma le Intrinsic ID. O le polokalama a le Intel Quartus Prime Pro Edition e fa'agata ai galuega PUF e aunoa ma se laisene talafeagai, e pei o le lesitalaina, afifi ki, ma polokalame fa'amaumauga PUF i le QSPI flash.
4.9.2.1. Fa'asinomaga PUF ID Intrinsic
Ina ia lesitala le PUF, e tatau ona e faʻaogaina le SDM faʻapipiʻi firmware. E tatau ona avea le firmware o le firmware muamua e utaina pe a maeʻa le taamilosaga o le eletise, ma e tatau ona e tuʻuina atu le tulafono e lesitala ai le PUF aʻo leʻi faia se isi poloaiga. E lagolagoina e le firmware firmware isi tulafono pe a maeʻa le lesitalaina o le PUF, e aofia ai le afifiina o aʻa aʻa AES ma le polokalame quad SPI, peitaʻi, e tatau ona e faʻaosoina le masini e uta ai se bitstream fetuutuunai.
E te fa'aogaina le Intel Quartus Prime Programmer e fa'aoso ai le lesitalaina o le PUF ma fa'atupuina fa'amaumauga fesoasoani PUF .puf file.
Intel Agilex® 7 Device Security User Guide 34
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Ata 7.
Fa'asinomaga PUF ID Intrinsic
quartus_pgm PUF lesitala
Fa'amaumauga fesoasoani PUF
Saogalemu Pule Fa'atonu (SDM)
wrapper.puf Fesoasoani Faamatalaga
Otometi lava ona utaina e le Polokalama se ata o le fesoasoani firmware pe a e fa'amaoti uma le i fa'agaioiga ma le finauga .puf.
quartus_pgm -c 1 -mjtag -o “ei;help_data.puf;AGFB014R24A”
Afai o lo'o e fa'aogaina le firmware saini fa'atasi, e te fa'apolokalameina le ata fesoasoani firmware saini a'o le'i fa'aogaina le fa'atonuga o le lesitalaina o le PUF.
quartus_pgm -c 1 -mjtag -o “p;signed_provision_helper_image.rbf” –force quartus_pgm -c 1 -mjtag -o “e;help_data.puf;AGFB014R24A”
O le UDS IID PUF ua lesitala i le taimi o le gaosiga o masini, ma e le o avanoa mo le toe lesitala. Nai lo lena, e te faʻaaogaina le Polokalama e fuafua ai le nofoaga o le UDS PUF fesoasoani faʻamatalaga ile IPCS, download le .puf file tuusao, ona faaaoga lea o le UDS .puf file i le ala lava e tasi e pei o le .puf file maua mai se masini Intel Agilex 7.
Fa'aaoga le Polokalame Polokalama o lo'o i lalo e fa'atupu ai se tusitusiga file o lo'o i ai se lisi o URLs faasino i masini-faapitoa filei luga ole IPCS:
quartus_pgm -c 1 -mjtag -o “e;ipcs_urls.txt;AGFB014R24B” –ipcs_urls
4.9.2.2. Tapuni le AES Root Key
E te fa'atupuina le IID PUF afifi AES root key .wkey file e ala i le auina atu o se tusi faamaonia ua sainia i le SDM.
E mafai ona e fa'aogaina le Intel Quartus Prime Programmer e otometi ona gaosia, saini, ma lafo le tusi pasi e afifi ai lau ki a'a AES, pe e te fa'aogaina le Intel Quartus Prime Programming. File Generator e gaosia se tusi faamaonia e le'i sainia. E te sainia le tusi faamaonia e leʻi sainia e faʻaaoga ai au lava meafaigaluega poʻo le meafaigaluega saini a Quartus. Ona e faʻaaogaina lea o le Polokalama e lafo ai le tusi pasi saini ma afifi lau ki aʻa AES. E mafai ona fa'aoga le tusi pasi saini e fa'apolokalame ai masini uma e mafai ona fa'amaonia le filifili saini.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 35
4. Tuuina atu o masini 683823 | 2023.05.23
Ata 8.
Tapuni le Ki AES Fa'aaogā le Intel Quartus Prime Programmer
.pem Tumaoti
Ki
.qky
quartus_pgm
Afi le AES Key
AES.QSKigYnature RootCPhuabilnic Key
Fausia PUF afifi Ki
afifi AES Ki
SDM
.qek Fa'ailoga
Ki
.wkey PUF-Afifi
AES Ki
1. E mafai ona e faia le IID PUF afifi AES root key (.wkey) ma le Polokalama e fa'aaoga ai finauga nei:
· O le .qky file o lo'o i ai se filifili saini ma le fa'atagaga a le AES root key certificate
· O le private .pem file mo le ki mulimuli i le filifili saini
· O le .qek file uu le ki a'a AES
· O le 16-byte initialization vector (iv).
quartus_pgm -c 1 -mjtag –qky_file=aes0_sign_chain.qky –pem_file=aes0_sign_private.pem –qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”
2. I le isi itu, e mafai ona e fa'atupuina se IID PUF e le'i fa'ailogaina o lo'o afifiina ai le AES a'a tusi faamaonia ma le Polokalama. File Generator fa'aaoga finauga nei:
quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert
3. E te sainia le tusi pasi e le'i sainia ma au lava mea faigaluega saini po'o le meafaigaluega quartus_sign e fa'aaoga ai le poloaiga lenei:
quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert signed_aes.ccert
4. Ona e fa'aogaina lea o le Polokalama e lafo ai le tusipasi AES saini ma toe fa'afo'i le ki ua afifi (.wkey) file:
quarts_pgm -c 1 -mjtag –ccert_file=signed_aes.ccert -o “ei;aes.wkey;AGFB014R24A”
Fa'aaliga: E le mana'omia le fa'agaioiga i pe afai na e utaina muamua le ata o le fesoasoani firmware, mo example, e lesitala le PUF.
4.9.2.3. Fa'amatalaga Fesoasoani Fa'apolokalame ma afifi Ki i le QSPI Flash Memory
E te fa'aogaina le Quartus Programming File Fa'ata'ita'iga fa'akalafi fa'atupu e fausia ai se ata moli QSPI muamua o lo'o iai se vaeluaga PUF. E tatau ona e fa'atupuina ma fa'apolokalame se ata fa'apipi'i atoa e fa'aopoopo ai se vaeluaga PUF ile moli QSPI. Fausia o le PUF
Intel Agilex® 7 Device Security User Guide 36
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Ata 9.
vaevaega fa'amatalaga ma le fa'aogaina o fa'amaumauga fesoasoani PUF ma le ki afifi files mo le fa'atupuina ata moli e le lagolagoina e ala i le Polokalama File Faiga fa'atonu laina fa'aoga.
O laasaga nei o loʻo faʻaalia ai le fausiaina o se ata faʻapipiʻi faʻapipiʻi ma faʻamatalaga fesoasoani PUF ma afifi afifi:
1. I luga o le File menu, kiliki Polokalama File Galue. I luga o le Galuega Fa'atino Files tab fai filifiliga nei:
a. Mo Device Family filifili Agilex 7.
e. Mo Faiga Fa'atonu filifili le Active Serial x4.
i. Mo le fa'atonuga o le Output su'esu'e i lau galuega fa'atino file fa'atonuga. O lenei exampe fa'aaoga galuega_files.
o. Mo le Igoa, fa'ailoa se igoa mo le polokalame file e gaosia. O lenei exampe fa'aaoga galuega_file.
u. I lalo o le Faʻamatalaga filifili le polokalame files e gaosia. O lenei exampLe gaosia le JTAG Fa'atonuga tuusao File (.jic) mo le faʻatulagaina o masini ma le Raw Binary File o Ata Fesoasoani Polokalama (.rbf) mo ata fesoasoani masini. O lenei exampe filifili foi le Faafanua Manatu File (.map) ma Fa'amatalaga Fa'apolokalame Mata File (.rpd). Fa'amatalaga fa'apolokalame mata'utia file e na'o le mana'omia pe afai e te fuafua e fa'aoga se polokalame a le isi vaega i le lumana'i.
Polokalama File Generator – Fa'aoso Files Tab – Filifili JTAG Fa'atonu Fa'atonu
Faiga Fa'atonu Aiga
Tuuina atu file laupepa
Fa'amaumauga o mea e maua mai ai
JTAG Fa'asinoala (.jic) Manatu Fa'afanua File Fesoasoani Polokalama Raw Programming Data
I luga ole Ulufale Files tab, fai filifiliga nei: 1. Kiliki Add Bitstream ma su'esu'e i lau .sof. 2. Filifili lau .sof file ona kiliki lea Properties.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 37
4. Tuuina atu o masini 683823 | 2023.05.23
a. Ki'i le Enable signing tool. e. Mo Private key file filifili lau .pem file. i. Fa'aola le fa'ailoga fa'ailoga. o. Mo Encryption ki file filifili lau .qek file. u. Kiliki OK e toe foi i le faamalama muamua. 3. Ia fa'amaonia au fa'amatalaga fesoasoani PUF file, kiliki Add Raw Data. Suia le Files o le ituaiga fa'aulu fa'aulu i lalo i le Quartus Physical Unclonable Function File (*.puf). Su'e i lau .puf file. Afai o lo'o e fa'aogaina uma le IID PUF ma le UDS IID PUF, toe fai le laasaga lea ina ia .puf files mo PUF ta'itasi e fa'aopoopo e fai ma fa'aoga files. 4. Fa'ailoa lau ki AES afifi file, kiliki Add Raw Data. Suia le Files o le fa'aigoa lisi fa'alalo i lalo i le Quartus Wrapped Key File (*.wkey). Su'e i lau .wkey file. Afai na e afifiina ki AES e faʻaaoga uma ai le IID PUF ma le UDS IID PUF, toe fai le laasaga lea ina ia .wkey files mo PUF ta'itasi e fa'aopoopo e fai ma fa'aoga files.
Ata 10. Fa'ailoa mea e fai Files mo Configuration, Authentication, ma Encryption
Fa'aopoopo le Bitstream Fa'aopoopo Fa'amatalaga Mata'utia
Meatotino
Ki patino file
Fa'amae'a fa'ailoga Fa'ailoga ki
I luga o le Configuration Device tab, fai filifiliga nei: 1. Kiliki Add Device ma filifili lau masini moli mai le lisi o avanoa moli.
masini. 2. Filifili le masini faʻapipiʻi na e faʻaopoopoina ma kiliki Add Partition. 3. I totonu o le Edit Partition dialog box mo le Input file ma filifili lau .sof mai le
lisi pa'u i lalo. E mafai ona e taofia fa'aletonu pe fa'asa'o isi ta'iala i le pusa fa'atalanoaga Fa'asa'o Partition.
Intel Agilex® 7 Device Security User Guide 38
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Ata 11. Fa'amaoti lau .sof Configuration Bitstream Vaeluaga
Mea Fa'atonu
Fa'asa'o Vaeluaga Fa'aopoopo .sof file
Faaopoopo Vaevaega
4. A e fa'aopoopoina le .puf ma le .wkey e fai ma fa'aoga files, le Polokalama File E otometi lava ona faia e le Generator se vaeluaga PUF i lau Mea Fa'atonu. Ina ia teuina le .puf ma le .wkey i le vaeluaga PUF, filifili le vaega PUF ma kiliki le Fa'atonu. I totonu o le Fa'asa'o Vaevaega fa'atalanoaga pusa, filifili lau .puf ma le .wkey files mai lisi pa'u i lalo. Afai e te aveese le vaeluaga PUF, e tatau ona e aveese ma toe faʻaopoopo le masini faʻatulagaina mo le Polokalama File Generator e fai se isi vaeluaga PUF. E tatau ona e mautinoa e te filifilia le .puf ma le .wkey sa'o file mo le IID PUF ma le UDS IID PUF.
Ata 12. Faaopoopo le .puf ma le .wkey files i le Vaeluaga PUF
Vaega PUF
Fa'atonu
Fa'atonu Vaevaega
Uta Uila
Filifili Fa'atupu
5. Mo le Flash Loader parameter filifili le Intel Agilex 7 masini aiga ma le igoa masini e fetaui ma lau Intel Agilex 7 OPN.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 39
4. Tuuina atu o masini 683823 | 2023.05.23
6. Kiliki Fa'atupu e fa'atupu ai le fa'atinoga files na e fa'amaoti i luga o le Output Files laupepa.
7. Le Polokalama File E faitau e Generator lau .qek file ma fa'atonu oe mo lau fa'aupuga. Fa'akomi lau fa'aupuga e tali atu i le fa'aulufale QEK fa'aupuga vave. Kiliki le Enter key.
8. Kiliki OK pe a fai Polokalama File E lipoti mai e Generator le fa'atupuina manuia.
E te fa'aogaina le Intel Quartus Prime Programmer e tusi ai le ata polokalame QSPI i le QSPI flash memory. 1. I luga ole lisi ole Intel Quartus Prime Tools filifili Polokalama. 2. I le Polokalama, kiliki Meafaigaluega Setup ona filifili lea o se Intel fesootai
FPGA Download Uaea. 3. Kiliki Faaopoopo File ma su'e i lau .jic file.
Ata 13. Polokalama .jic
Polokalama file
Polokalama/ Fa'atonu
JTAG filifili filifili
4. Aveese le filifilia o le pusa e fesoʻotaʻi ma le ata Fesoasoani. 5. Filifili Polokalama / Fa'atonu mo le galuega .jic file. 6. Ki'i le fa'amau Amata e fa'apolokalame ai lou quad SPI flash memory. 7. Taamilomilo malosi lau laupapa. O le mamanu na fa'apolokalameina i le quad SPI flash memory
e utaina le masini i le FPGA sini.
E tatau ona e fa'atupuina ma fa'apolokalame se ata fa'apipi'i atoa e fa'aopoopo ai se vaeluaga PUF i le fa'amalama quad SPI.
Afai ua i ai se vaeluaga PUF i le moli, e mafai ona faʻaaoga le Intel Quartus Prime Programmer e faʻaoga saʻo ai faʻamatalaga fesoasoani PUF ma afifi afifi. files. Mo example, afai e le manuia le faʻagaoioia, e mafai ona toe lesitala le PUF, toe afifi le ki AES, ma mulimuli ane naʻo le polokalame o le PUF files e aunoa ma le toe tusiina atoa o le moli.
Intel Agilex® 7 Device Security User Guide 40
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
E lagolagoina e le Intel Quartus Prime Programmer le fa'atonuga o lo'o mulimuli mai mo le PUF files i se vaeluaga PUF muamua:
· p: polokalame
v: fa'amaonia
· r: tape ese
· e: siaki avanoa
E tatau ona e mulimuli i tapula'a tutusa mo le lesitalaina o le PUF, tusa lava pe iai se vaeluaga PUF.
1. Fa'aaoga le i operation argument e uta ai le ata o le fesoasoani firmware mo le taotoga muamua. Mo example, o le faasologa o le poloaiga lea e toe lesitala ai le PUF, toe afifi le ki aʻa o le AES, tape le faʻamaumauga fesoasoani tuai a le PUF ma afifi ki, ona faʻapipiʻi lea ma faʻamaonia le faʻamatalaga fesoasoani fou a le PUF ma le ki aʻa AES.
quartus_pgm -c 1 -mjtag -o “ei;new.puf;AGFB014R24A” quartus_pgm -c 1 -mjtag –ccert_file=signed_aes.ccert -o “e;new.wkey;AGFB014R24A” quartus_pgm -c 1 -mjtag -o “r;old.puf” quartus_pgm -c 1 -mjtag -o “r;old.wkey” quartus_pgm -c 1 -mjtag -o “p;new.puf” quartus_pgm -c 1 -mjtag -o “p;new.wkey” quartus_pgm -c 1 -mjtag -o “v;new.puf” quartus_pgm -c 1 -mjtag -o “v;new.wkey”
4.9.2.4. Su'esu'e Tulaga Fa'atosina PUF ID Intrinsic
A uma ona e lesitala le Intrinsic ID PUF, afifi se ki AES, fa'atupu le polokalame moli files, ma fa'afou le quad SPI flash, e te fa'amalo le ta'amilosaga o lau masini e fa'aoso ai le fa'agaoioia ma le fa'atulagaina o le PUF mai le bitstream fa'ailoga. O loʻo lipotia e le SDM le tulaga faʻafouina o le PUF faʻatasi ai ma le tulaga faʻatulagaina. Afai e le mafai ona fa'agaoioia le PUF, o le SDM e lipoti atu le tulaga sese o le PUF. Fa'aaoga le quartus_pgm fa'atonuga e su'e ai le tulaga fa'atulagaina.
1. Fa'aoga le fa'atonuga lea e fesiligia ai le tulaga o le fa'agaoioiga:
quartus_pgm -c 1 -mjtag –status –status_type=”CONFIG”
O le sample mea e maua mai i le fa'agaioiga manuia:
Fa'amatalaga (21597): Tali a CONFIG_STATUS Meafaigaluega o lo'o fa'agaoioi ile fa'aoga fa'aoga 00006000 RESPONSE_CODE=OK, LENGTH=6 00000000 STATE=IDLE 00160300 Version C000007B MSEL=QSPI_NORMAL, nSTATUS=1, nSTATUS=1, nSTATUS=1, nSTATUS=XNUMX, nSTATUS=XNUMX
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Mea sese 00000000 Mea sese Tali a PUF_STATUS 00002000 _IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 41
4. Tuuina atu o masini 683823 | 2023.05.23
Afai o lo'o e fa'aaogaina na'o le IID PUF po'o le UDS IID PUF, ma e te le'i fa'apolokalameina se fa'amatalaga fesoasoani .puf file mo PUF i le QSPI flash, e le fa'agaoioia le PUF ma o le tulaga PUF e atagia mai ai e le aoga fa'amatalaga fesoasoani a le PUF. O le exampLe fa'aalia le tulaga PUF pe a le'i fa'apolokalameina fa'amaumauga fesoasoani a le PUF mo PUF e lua:
Tali a PUF_STATUS 00002000 RESPONSE_CODE=Ua lelei, LENGTH=2 00000002 USER_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0
4.9.2.5. Tulaga o le PUF i le Flash Memory
Le nofoaga o le PUF file e ese mo mamanu e lagolagoina RSU ma mamanu e le lagolagoina le vaega RSU.
Mo mamanu e le lagolagoina le RSU, e tatau ona e aofia ai le .puf ma le .wkey files pe a e faia fa'afouina ata moli. Mo mamanu e lagolagoina le RSU, e le toe fa'asolo e le SDM vaega fa'amaumauga a le PUF i le taimi o fa'afouga fa'afouga o le falegaosimea po'o le fa'aogaina o ata.
Laulau 2.
Fa'asologa o Vaevaega Flash e aunoa ma le lagolago a le RSU
Fa'ase'e o le Flash (i paita)
Tele (i paita)
Mataupu
Fa'amatalaga
0K 256K
256K 256K
Fa'atonuga Pulea Firmware Fa'atonuga Pulega Firmware
Firmware e fa'aoga ile SDM.
512K
256K
Fa'atonu Pulea Firmware
768K
256K
Fa'atonu Pulea Firmware
1M
32K
PUF kopi fa'amaumauga 0
Fa'asologa o fa'amaumauga mo le teuina o fa'amaumauga fesoasoani PUF ma le kopi a'a AES ua afifiina PUF 0
1M+32K
32K
PUF kopi fa'amaumauga 1
Fa'asologa o fa'amaumauga mo le teuina o fa'amaumauga fesoasoani PUF ma le kopi a'a AES ua afifiina PUF 1
Laulau 3.
Fa'asologa o Vaevaega Flash ma le lagolago a le RSU
Fa'ase'e o le Flash (i paita)
Tele (i paita)
Mataupu
Fa'amatalaga
0K 512K
512K 512K
Fa'ai'uga firmware Fa'ai'uga firmware
Firmware e iloa ma utaina le ata aupito maualuga le faamuamua.
1M 1.5M
512K 512K
Fa'ai'uga firmware Fa'ai'uga firmware
2M
8K + 24K
Fa'amatalaga firmware fa'ai'uga
Faaofuofu
Fa'apolopolo mo Fa'ai'uga fa'aoga firmware.
2M + 32K
32K
Fa'apolopolo mo SDM
Fa'apolopolo mo SDM.
2M + 64K
Fesuia'i
Ata falegaosimea
O se ata faigofie e te fatuina e fai ma faʻamaumauga pe a le mafai ona utaina isi ata talosaga. O lenei ata e aofia ai le CMF o loʻo taʻavale i luga o le SDM.
Sosoo ai
32K
PUF kopi fa'amaumauga 0
Fa'asologa o fa'amaumauga mo le teuina o fa'amaumauga fesoasoani PUF ma le kopi a'a AES ua afifiina PUF 0
faaauau…
Intel Agilex® 7 Device Security User Guide 42
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Fa'ase'e o le Flash (i paita)
Tele (i paita)
Sosoo +32K 32K
Anotusi PUF kopi fa'amaumauga 1
Sosoo ai + 256K 4K Sosoo ai +32K 4K Sosoo ai +32K 4K
Kopi laulau vaeluaga 0 kopi laulau vaeluaga 1 kopi poloka poloka fa'asino CMF 0
Sosoo +32K _
CMF fa'asino poloka kopi kopi 1
Fesuia'i Fesuia'i
Fesuia'i Fesuia'i
Ata fa'aoga 1 Ata fa'aoga 2
4.9.3. Tulaga Black Key
Fa'amatalaga
Fa'asologa o fa'amaumauga mo le teuina o fa'amaumauga fesoasoani PUF ma le kopi a'a AES ua afifiina PUF 1
Fa'asologa o fa'amaumauga e faafaigofie ai le puleaina o le teuina o moli.
Se lisi o fa'asinomaga ile fa'aoga ata ile fa'asologa ole fa'amuamua. A e faʻaopoopoina se ata, o le ata e sili ona maualuga.
O se kopi lona lua o le lisi o faʻamatalaga i ata faʻaoga.
Lau ata talosaga muamua.
Lau ata talosaga lona lua.
Fa'aaliga:
E fesoasoani le Intel Quartus PrimeProgrammer i le fa'atuina o se feso'ota'iga fa'amautu fa'amaonia i le va o le masini Intel Agilex 7 ma le 'au'aunaga tu'uina atu ki uliuli. O le feso'ota'iga malupuipuia e fa'atūina e ala i le https ma mana'omia le tele o tusi pasi fa'amaonia e fa'aaoga ai se tusitusiga file.
A faʻaaoga le Black Key Provisioning, e fautuaina e Intel e te aloese mai le faʻafesoʻotaʻi fafo o le TCK pine e toso i luga pe toso i lalo se mea faʻafefe aʻo faʻaaoga pea mo JTAG. Ae ui i lea, e mafai ona e fa'afeso'ota'i le pine TCK i le VCCIO SDM sapalai eletise e fa'aaoga ai le 10 k tete'e. O le taʻiala o loʻo i ai i le Pin Connection Guidelines e faʻafesoʻotaʻi ai le TCK i le 1k toso i lalo o loʻo aofia ai mo le taofiofia o le pisa. Ole suiga ile ta'ita'iga ile 10k toso i luga tete'e e le afaina ai le fa'aogaina ole masini. Mo nisi fa'amatalaga e uiga i le feso'ota'iina o le pine TCK, fa'asino ile Intel Agilex 7 Pin Connection Guidelines.
O le Thebkp_tls_ca_certcertificate e fa'amaonia lau fa'ata'ita'iga tu'uina atu o 'au'aunaga ki uliuli i lau fa'ata'ita'iga fa'apolokalame fa'apolokalame ki uliuli. Thebkp_tls_*certificates e fa'amaonia lau fa'ata'ita'iga fa'apolokalame tu'uina atu ki uliuli i lau fa'ata'ita'iga tu'ufa'atasiga o le ki uliuli.
E te fatuina se tusitusiga file o loʻo i ai faʻamatalaga talafeagai mo le Intel Quartus Prime Programmer e faʻafesoʻotaʻi i le auaunaga tuʻuina atu ki uliuli. Ina ia amataina le tuʻuina atu o ki uliuli, faʻaoga le faʻaoga laina laina Polokalama e faʻamaoti ai le ki uliuli e tuʻuina atu ai filifiliga tusitusiga. file. E otometi lava le fa'asoaina o ki uliuli. Mo le avanoa i le 'au'aunaga tu'uina atu ki uliuli ma fa'amaumauga fa'atatau, fa'amolemole fa'afeso'ota'i le Intel Support.
E mafai ona e faʻatagaina le tuʻuina atu o le ki uliuli e faʻaaoga ai lequartus_pgmcommand:
quartus_pgm -c -m – masini –bkp_options=bkp_options.txt
O finauga o le poloaiga e faʻamaonia ai faʻamatalaga nei:
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 43
4. Tuuina atu o masini 683823 | 2023.05.23
· -c: numera uaea · -m: fa'amanino le faiga polokalame e pei o le JTAG · –meafaigaluega: fa'ailoa mai se fa'asinomaga o masini i le JTAG filifili. O le tau masani o le 1. · –bkp_options: fa'ailoa mai se tusitusiga file o lo'o iai avanoa e tu'uina atu ai ki uliuli.
Fa'amatalaga Fa'atatau Intel Agilex 7 Device Family Pin Connection Guidelines
4.9.3.1. Filifiliga Avanoa Ki Black
O le ki uliuli e tu'uina atu filifiliga o se tusitusiga file pasi atu i le Polokalama e ala i le quartus_pgm poloaiga. O le file o lo'o iai fa'amatalaga mana'omia e fa'aoso ai le tu'uina atu o ki uliuli.
O le mea lenei o se example o le bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = root.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pem_prok1234b = https://192.167.5.5:5000 bkp_proxy_user = sui_fa'aoga bkp_proxy_password = proxy_password
Laulau 4.
Filifiliga Avanoa Ki Black
O lenei laulau o lo'o fa'aalia ai filifiliga e mana'omia e fa'aoso ai le tu'uina atu o ki uliuli.
Filifiliga Igoa
Ituaiga
Fa'amatalaga
bkp_ip
Manaomia
Fa'amaoti le tuatusi IP server o lo'o fa'agaoioia le 'au'aunaga tu'uina atu ki uliuli.
bkp_port
Manaomia
Fa'ailoa mai le uafu tautua tu'uina atu ki uliuli e mana'omia e fa'afeso'ota'i ile server.
bkp_cfg_id
Manaomia
Fa'ailoa le ki uliuli o lo'o tu'uina atu le fa'asologa o fa'asologa ID.
O le 'au'aunaga tu'uina atu ki lanu uliuli e fa'atupuina ai le fa'asologa o fa'atonuga o le ki uliuli e aofia ai le ki a'a AES, fa'atulagaina eFuse mana'omia, ma isi fa'atagaga tu'uina atu ki uliuli. O le numera o lo'o tu'uina atu i le taimi o le fa'atulagaina o le 'au'aunaga tu'uina atu ki uliuli e fa'ailoa mai ai le fa'asologa o le fa'atonuga o le ki uliuli.
Fa'aaliga: E tele masini e mafai ona fa'asino i le ki uliuli e tasi e tu'uina atu ai le fa'asologa o auaunaga.
bkp_tls_ca_cert
Manaomia
O le aʻa TLS tusi faamaonia na faʻaaogaina e faʻamaonia ai le tuʻuina atu o auaunaga ki le Intel Quartus Prime Programmer (Programmer). O se Pulega Tusi Fa'amaonia faatuatuaina mo le fa'ata'ita'iga tu'uina atu o 'au'aunaga ki uliuli e tu'uina atu lenei tusi pasi.
Afai e te fa'agaoioia le Polokalama i luga o se komepiuta ma le Microsoft® Windows® operating system (Windows), e tatau ona e fa'apipi'i le tusipasi lea i le faleoloa o tusipasi a le Windows.
bkp_tls_prog_cert
Manaomia
O se tusi faamaonia na faia mo le faʻataʻitaʻiga o le Polokalama tuʻuina atu ki uliuli (BKP Programmer). O le https client certificate na fa'aaogaina e iloa ai le BKP polokalame fa'ata'ita'iga
faaauau…
Intel Agilex® 7 Device Security User Guide 44
Lauina Manatu
4. Tuuina atu o masini 683823 | 2023.05.23
Filifiliga Igoa
Ituaiga
bkp_tls_prog_key
Manaomia
bkp_tls_prog_key_pass Filifili
bkp_proxy_address bkp_proxy_user bkp_proxy_password
Filifili Filifiliga Filifilia
Fa'amatalaga
i le 'au'aunaga tu'uina atu ki uliuli. E tatau ona e fa'apipi'i ma fa'ataga lenei tusi fa'amaonia i le 'au'aunaga tu'uina atu ki lanu uliuli a'o le'i amataina se sauniga tu'uina atu ki uliuli. Afai e te faʻatautaia le Polokalama i luga o Windows, e le maua lenei filifiliga. I lenei tulaga, o le bkp_tls_prog_key ua uma ona aofia ai lenei tusi faamaonia.
Le ki patino e fetaui ma le tusipasi BKP Programmer. O le ki e fa'amaonia ai le fa'asinomaga o le BKP Programmer fa'ata'ita'iga ile 'au'aunaga tu'uina atu ki uliuli. Afai e te faʻatautaia le Polokalama i luga o Windows, o le .pfx file tu'ufa'atasia le tusipasi bkp_tls_prog_cert ma le ki patino. Ole filifiliga bkp_tlx_prog_key e pasia le .pfx file i le bkp_options.txt file.
Le upu faataga mo le bkp_tls_prog_key private key. E le mana'omia i le ki uliuli e tu'uina atu ai filifiliga fetuutuuna'i (bkp_options.txt) tusitusiga file.
Fa'ailoa mai le server sui URL tuatusi.
Fa'ailoa mai le igoa ole igoa ole server sui.
Fa'amaoti mai le upu fa'amaonia fa'amaonia sui.
4.10. Fa'aliliuina Owner Root Key, AES Root Key Certificates, ma Fuse files ia Jam STAPL File Fa'atulagaga
E mafai ona e fa'aogaina le quartus_pfg command-line command e liliu ai .qky, AES root key .ccert, ma .fuse files i le Jam STAPL Format File (.jam) ma Jam Byte Code Format File (.jbc). E mafai ona e faʻaogaina nei mea files e fa'apolokalame Intel FPGAs e fa'aaoga ai le Jam STAPL Player ma le Jam STAPL Byte-Code Player, i le faasologa.
O le .jam po'o le .jbc e tasi o lo'o i ai le tele o galuega e aofia ai se fa'apipi'i ata ma polokalame fesoasoani firmware, siaki avanoa, ma le fa'amaonia o polokalame ki ma fuse.
Lapata'iga:
A e fa'aliliuina le AES root key .ccert file ia .jam le faatulagaga, le .jam file o lo'o i ai le ki AES ile fa'amatalaga manino ae fa'anenefu. O lea la, e tatau ona e puipuia le .jam file pe a teu le ki AES. E mafai ona e faia lenei mea e ala i le tuʻuina atu o le ki AES i se siosiomaga malupuipuia.
Nei o exampfa'atonuga o le liua o le quartus_pfg:
quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jam quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qypky;root2.qky. c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device=AGFB014 helper_device=AGFB24RXNUMXA tulaga. fuse settings_fuse.jbc
Mo nisi fa'amatalaga e uiga i le fa'aogaina o le Jam STAPL Player mo polokalame masini va'ai i le AN 425: Fa'aaogaina o le Polokalama Fa'apolokalame Fa'atonu-Line Jam STAPL.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 45
4. Tuuina atu o masini 683823 | 2023.05.23
Fa'atonu tulafono nei e fa'apolokalame ai le tagata e ona a'a fa'amaufa'ailoga autu ma le fa'ailoga AES:
//Ia uta le bitstream fesoasoani ile FPGA. // O le fesoasoani bitstream e aofia ai aiaiga firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//Ia fa'apolokalame le tagata e ona a'a ki fa'alaua'itele ile virtual eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//Ia fa'apolokalame le tagata e ona a'a ki lautele i totonu eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//Ia fa'apolokalame le pule ole PR e a'a le ki fa'alaua'itele ile virtual eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//Ia fa'apolokalame le pule ole PR e a'afia ki fa'alaua'itele ile eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//Ia fa'apolokalame le ki fa'ailoga AES CCERT ile BBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//Ia fa'apolokalame le AES encryption key CCERT i le tino eFuses quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Fa'amatalaga Fa'afeso'ota'i AN 425: Fa'aaogaina o le Polokalama o Mea Fa'atonu
Intel Agilex® 7 Device Security User Guide 46
Lauina Manatu
683823 | 2023.05.23 Auina Manatu
Avatu Fa'apitoa
5.1. Saogalemu Fa'atagaga Debug
Ina ia mafai ai le Fa'atagaina o le Debug Saogalemu, e mana'omia e le pule o le debug ona fa'atupuina se pa'aga fa'amaonia ma fa'aoga le Intel Quartus Prime Pro Programmer e fa'atupu ai se fa'amatalaga masini. file mo le masini o loʻo faʻatautaia le ata debug:
quartus_pgm -c 1 -mjtag -o “ei;device_info.txt;AGFB014R24A” –dev_info
O lo'o fa'aaogaina e le tagata e ona le masini le meafaigaluega quartus_sign po'o le fa'atinoga o fa'asinomaga e fa'apipi'i ai se fa'aulufalega fa'apitoa mo tagata lautele i se filifili saini e fa'amoemoe mo fa'agaioiga debug e fa'aaoga ai le ki fa'alaua'itele mai lē e ona le debug, fa'atagaga talafeagai, fa'amatalaga fa'amatalaga masini. file, ma isi tapula'a talafeagai:
quartus_sign –family=agilex –operation=append_key –previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky –permission=0x6 –cancel=1 –dev_info=device_info.txt –restriction=”1,2,17,18″=input_pem debug_authorization_public_key.pem secure_debug_auth_chain.qky
E toe auina atu e lē e ona le masini le filifili saini atoa i lē e ona le debug, lea e fa'aogaina le filifili saini ma latou ki patino e saini ai le ata debug:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
E mafai ona e faʻaogaina le quartus_pfg poloaiga e asiasia ai le filifili saini o vaega taʻitasi o lenei faʻamaufaʻailoga faʻamautu faʻamaufaʻailogaina e pei ona taua i lalo:
quartus_pfg –check_integrity authorized_debug_design.rbf
O le gaioiga o lenei poloaiga e lolomi ai le faʻatapulaʻaina o tau 1,2,17,18 o le ki faʻasalalau lautele na faʻaaogaina e gaosia ai le bitstream saini.
Ona mafai lea e le pule o le debug ona fa'apolokalame le mamanu fa'apolopolo fa'atagaina saogalemu:
quartus_pgm -c 1 -mjtag -o “p;authorized_debug_design.rbf”
E mafai e lē e ana le masini ona fa'aleaogaina le fa'atagaina o le debug fa'amautu e ala i le fa'aleaogaina o le ID fa'aleaogaina manino o lo'o tu'uina atu i le filifili saini fa'atagaina o le debug saogalemu.
5.2. HPS Debug Certificates
Fa'ataga na'o avanoa fa'atagaina ile HPS debug access port (DAP) e ala ile JTAG e mana'omia ai ni laasaga se tele:
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
5. Avanoa Avanoa 683823 | 2023.05.23
1. Kiliki le Intel Quartus Prime software Assignments menu ma filifili Device Device ma Pin Options Configuration tab.
2. I le Configuration tab, fa'afeso'ota'i le HPS debug access port (DAP) e ala i le filifilia o HPS Pins po'o SDM Pins mai le lisi pa'ū, ma fa'amautinoa e le filifilia le pusa fa'ataga HPS debug e aunoa ma ni tusi faamaonia.
Ata 14. Fa'ailoa mai a le HPS po'o SDM Pins mo le HPS DAP
HPS debug avanoa avanoa (DAP)
I le isi itu, e mafai ona e setiina le tofiga i lalo i le Quartus Prime Settings .qsf file:
seti_global_assignment -igoa HPS_DAP_SPLIT_MODE “SDM PINS”
3. Faʻapipiʻi ma uta le mamanu i nei faʻatulagaga. 4. Fausia se filifili saini fa'atasi ai ma fa'atagaga talafeagai e saini ai se HPS debug
tusi faamaonia:
quartus_sign –family=agilex –operation=append_key –previous_pem=root_private.pem –previous_qky=root.qky –permission=0x8 –ccel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_cert_sign_chain.
5. Talosagaina se tusi faamaonia debug HPS e le'i sainia mai le masini o lo'o uta ai le mamanu debug:
quartus_pgm -c 1 -mjtag -o “e;unsigned_hps_debug.cert;AGFB014R24A”
6. Saini le tusi fa'ailoga HPS e le'i sainia e fa'aaoga ai le meafaigaluega quartus_sign po'o le fa'atinoina o fa'amatalaga ma le filifili saini HPS debug:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert signed_hps_debug.cert
Intel Agilex® 7 Device Security User Guide 48
Lauina Manatu
5. Avanoa Avanoa 683823 | 2023.05.23
7. Toe auina atu le tusi faamaonia debug HPS saini i le masini ina ia mafai ai ona maua le avanoa i le HPS debug access port (DAP):
quartus_pgm -c 1 -mjtag -o “p;signed_hps_debug.cert”
O le HPS debug certificate e na'o le aoga mai le taimi na gaosia ai seia oʻo i le isi taamilosaga eletise o le masini poʻo seʻia oʻo ina utaina se isi ituaiga poʻo se faʻamatalaga o le firmware SDM. E tatau ona e gaosia, saini, ma fa'apolokalame le saini a le HPS debug certificate, ma fa'atino uma fa'agaioiga debug, a'o le'i fa'aola uila le masini. E mafai ona e fa'aleaogaina le saini a le HPS debug certificate e ala i le fa'aogaina o le masini.
5.3. Fa'ailoga Fa'avae
E mafai ona e faia se fa'aaliga fa'amaoni fa'asino (.rim) file fa'aaogaina polokalame file meafaigaluega afi:
quartus_pfg -c saini_encrypted_top.rbf top_rim.rim
Mulimuli i laasaga nei e faʻamautinoa ai le faʻamaoniga o le faʻavae i lau mamanu: 1. Faʻaaoga le Intel Quartus Prime Pro Programmer e faʻapipiʻi lau masini i le
mamanu na e faia ai se fa'aaliga fa'amaoni fa'asino mo. 2. Fa'aoga se fa'amaoniga fa'amaonia tulaga e lesitala ai le masini e ala i le tu'uina atu o fa'atonuga i le
SDM e ala i le SDM pusameli e fatu ai le ID ID masini ma le firmware tusi faamaonia i le toe uta. 3. Fa'aaoga le Intel Quartus Prime Pro Programmer e toe fa'atulaga lau masini ma le mamanu. 4. Fa'aoga le fa'amaoniga fa'amaonia o le tulaga e tu'uina atu ai fa'atonuga i le SDM e maua ai le ID masini fa'amaonia, firmware, ma fa'ailoga fa'ailoga. 5. Fa'aoga le fa'amaoniga fa'amaonia e tu'uina atu ai le fa'atonuga o le pusameli a le SDM e maua ai fa'amaoniga fa'amaonia ma siaki e le tagata fa'amaonia le fa'afo'i mai.
E mafai ona e fa'atinoina lau lava au'aunaga fa'amaonia e fa'aoga ai le SDM pusameli fa'atonu, po'o le fa'aoga ole Intel platform au'aunaga fa'amaonia fa'amaonia. Mo nisi fa'amatalaga e uiga i polokalama fa'amaonia o le fa'amaonia o le Intel platform, avanoa, ma fa'amaumauga, fa'afeso'ota'i le Intel Support.
Fa'amatalaga Fa'atatau Intel Agilex 7 Device Family Pin Connection Guidelines
5.4. Fa'aletino Anti-Tamper
E te mafaia le fa'aletino anti-tamper fa'atusa e fa'aaoga ai laasaga nei: 1. Filifilia o le tali mana'omia i se t ua iloaamper mea na tupu 2. Fa'atulagaina o le tamper auala e iloa ai ma tapula'a 3. E aofia ai le anti-tamper IP i lau fuafuaga faʻataʻitaʻiga e fesoasoani e pulea anti-tamper
mea tutupu
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 49
5. Avanoa Avanoa 683823 | 2023.05.23
5.4.1. Aneti-Tamper Tali
E te fa'atagaina le fa'aanti-t fa'aletinoamper e ala i le filifilia o se tali mai le Anti-tamptali: lisi pa'u i lalo i luga o le Meafaigaluega Tofiga ma Filifiliga Pin Saogalemu Anti-Tamper tab. Ona o le faaletonu, o le anti-tamper tali ua le atoatoa. E lima vaega o le anti-tampe maua tali. A e filifilia lau tali e mana'omia, o filifiliga e mafai ai se tasi pe sili atu auala e iloa ai e mafai.
Ata 15. Avanoa Anti-Tamper Filifiliga Tali
O le tofiga tutusa i le Quartus Prime settings .gsf file o mea nei:
seti_global_assignment -igoa ANTI_TAMPER_RESPONSE “O LE FA'AALIGA MAILIE TA'E LOKA MA LE ZEROIZATION”
A e fa'aogaina se anti-tamper tali, e mafai ona e filifilia ni pine I/O fa'apitoa SDM avanoa e lua e fa'aulu ai le tample su'esu'eina o mea na tutupu ma le tulaga o le tali i le fa'aaogaina o le Fa'atonuga Mea Fa'atonu ma Filifiliga Fa'amau Fa'amau Fa'ailoga Fa'amalama Pin Options.
Intel Agilex® 7 Device Security User Guide 50
Lauina Manatu
5. Avanoa Avanoa 683823 | 2023.05.23
Ata 16. Avanoa SDM fa'apitoa I/O Pins mo Tamper Su'esu'ega Mea na tupu
E mafai fo'i ona e faia fa'atonuga pine nei i fa'atulagaga file: seti_global_assignment -igoa USE_TAMPER_DETECT SDM_IO15 seti_global_assignment -igoa ANTI_TAMPER_RESPONSE_FAILED SDM_IO16
5.4.2. Aneti-Tamper Su'esu'ega
E mafai ona e fa'aogaina le alaleo, vevela, ma voltagu fa'ailoga foliga o le SDM. Ole su'esu'ega FPGA e fa'alagolago ile aofia ai ole Anti-Tamper Lite Intel FPGA IP i lau mamanu.
Fa'aaliga:
SDM taimi ma voltagmaampO auala e su'esu'e ai e fa'alagolago i fa'amatalaga i totonu ma meafaigaluega e fua ai e mafai ona eseese i masini. Ua fautuaina e Intel ia e fa'avasega le amio a tamper fa'atonuga su'esu'e.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 51
5. Avanoa Avanoa 683823 | 2023.05.23
Auala tampe fa'agaoioi le su'esu'ega i le puna o le uati fa'atulagaina. Ina ia fa'aagaioi le taimi tamper su'esu'ega, e tatau ona e fa'amaoti se filifiliga e ese mai i le Oscillator i totonu i le fa'aupuga o le uati o le Configuration dropdown i luga o le Assignments Device Device ma Pin Options General tab. E tatau ona e mautinoa o le Run configuration CPU mai totonu o le oscillator checkbox e mafai ona faʻaogaina aʻo leʻi faʻaogaina le taimi tamper su'esu'ega. Ata 17. Fa'atulaga le SDM ile Oscillator i totonu
Ina ia mafai ona faatele tamper su'esu'ega, filifili le Fa'agaoi taimi tamper detection checkbox ma filifili le Faatele tamper su'esu'ega va'aiga mai le lisi fa'alalo. Ata 18. Fa'agaoioi Auala Tamper Su'esu'ega
Intel Agilex® 7 Device Security User Guide 52
Lauina Manatu
5. Avanoa Avanoa 683823 | 2023.05.23
I le isi itu, e mafai ona e fa'agaoioia Frequency Tamper Su'esu'ega e ala i le faia o suiga nei i le Quartus Prime Settings .qsf file:
seti_global_assignment -igoa AUTO_RESTART_CONFIGURATION OFF set_global_assignment -igoa DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ seti_global_assignment -igoa RUN_CONFIG_CPU_FROM_INT_OSC ON set_global_assignment -igoa_global_assignmentAMPER_DETECTION ON set_global_assignment -igoa FREQUENCY_TAMPER_DETECTION_RANGE 35
Ina ia mafai ai le vevela tamper su'esu'ega, filifili le Enable temperature tamper detection checkbox ma filifili le vevela mana'omia pito i luga ma pito i lalo i fanua e fetaui. O le pito i luga ma le pito i lalo o loʻo faʻanofoina e ala i le le mafai ona faʻaogaina le maualuga o le vevela mo le masini ua filifilia i le mamanu.
Ina ia mafai ai voltagmaamper detection, e te filifilia se tasi po'o mea uma e lua o le Enable VCCL voltagmaamper su'esu'ega po'o Fa'aagaoi le VCCL_SDM voltagmaamper detection checkboxes ma filifili le Voltagmaamper iloa fa'aoso pasenetagu i le fanua talafeagai.
Ata 19. Enabling Voltage Tamper Su'esu'ega
I le isi itu, e mafai ona e fa'aogaina Voltage Tamper Su'esu'ega e ala i le fa'amaotiina o tofiga nei ile .qsf file:
seti_global_assignment -igoa ENABLE_TEMPERATURE_TAMPER_DETECTION ON set_global_assignment -igoa TEMPERATURE_TAMPER_UPPER_BOUND 100 seti_global_assignment -igoa ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION ON set_global_assignment -igoa ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION ON
5.4.3. Aneti-Tamper Lite Intel FPGA IP
O le Anti-Tamper Lite Intel FPGA IP, o lo'o maua ile IP catalog ile Intel Quartus Prime Pro Edition software, fa'afaigofie feso'ota'iga lua i le va o lau mamanu ma le SDM mo tamper mea tutupu.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 53
Ata 20. Anti-Tamper Lite Intel FPGA IP
5. Avanoa Avanoa 683823 | 2023.05.23
O le IP e maua ai faʻailoga nei e te faʻafesoʻotaʻi i lau mamanu pe a manaʻomia:
Laulau 5.
Anti-Tamper Lite Intel FPGA IP I/O Fa'ailoga
Igoa Faailoga
Fa'atonuga
Fa'amatalaga
gpo_sdm_at_event gpi_fpga_at_event
Galuega faatino sao
SDM fa'ailo i le FPGA ie fa'atatau na maua e se SDM iamper mea na tupu. O le FPGA logic e tusa ma le 5ms e fai ai so'o se fa'amama mana'omia ma tali atu i le SDM e ala i le gpi_fpga_at_response_done ma le gpi_fpga_at_zeroization_done. O le SDM o loʻo faʻaauau i le tamper tali tali pe a fai gpi_fpga_at_response_done pe a uma ona leai se tali e maua i le taimi atofaina.
FPGA faʻalavelave i SDM na e fuafuaina anti-tamper detection circuit ua maua iamper mea na tupu ma le SDM tampe tatau ona fa'aoso le tali.
gpi_fpga_at_response_done
Ulufale
FPGA faʻalavelave i le SDM o le FPGA logic na faʻatinoina le faʻamamaina manaʻomia.
gpi_fpga_at_zeroization_d tasi
Ulufale
Faailoga FPGA i le SDM o le FPGA logic ua maeʻa soʻo se mea e manaʻomia e leai se faʻamaumauga o faʻamaumauga. O lenei faailo o le samptaʻitaʻia pe a faʻamaonia le gpi_fpga_at_response_done.
5.4.3.1. Fa'asalalau Fa'amatalaga
O le numera o le fa'aliliuina o le IP (XYZ) e suia mai le tasi polokalame fa'akomepiuta i le isi. Se suiga i:
· X o loʻo faʻaalia ai se suiga tele o le IP. Afai e te faʻafouina lau Intel Quartus Prime software, e tatau ona e toe faʻafouina le IP.
· Y faʻaalia le IP e aofia ai foliga fou. Toe fa'afouina lau IP e fa'aofi ai nei foliga fou.
· Z o loʻo faʻaalia ai le IP e aofia ai suiga laiti. Toe fa'afouina lau IP e fa'aofi ai nei suiga.
Laulau 6.
Anti-Tamper Lite Intel FPGA IP Fa'amatalaga Fa'amatalaga
IP Version
Aitema
Fa'amatalaga 20.1.0
Intel Quartus Prime Version
21.2
Aso Fa'asalalau
2021.06.21
Intel Agilex® 7 Device Security User Guide 54
Lauina Manatu
5. Avanoa Avanoa 683823 | 2023.05.23
5.5. Fa'aaogaina o Fuafuaga Puipuiga o le Fuafuaga fa'atasi ma Fa'afouina Faiga Fa'amamao
Faʻafouina Faʻamatalaga Mamao (RSU) o se Intel Agilex 7 FPGAs faʻaaliga e fesoasoani i le faʻafouina o le faʻatulagaga files i se auala malosi. O le RSU e fetaui lelei ma foliga saogalemu o mamanu e pei o le faʻamaoni, faʻamaufaʻailoga faʻatasi, ma faʻailoga bitstream aua e le faʻalagolago le RSU i mea o loʻo i totonu o le faʻatulagaina o bitstreams.
Fausia ata RSU ma .sof Files
Afai o lo'o e teuina ki fa'apitoa i lou lotoifale filefaiga, e mafai ona e gaosia ata RSU ma mamanu foliga saogalemu e faaaoga ai se tafega faigofie ma .sof files e fai ma fa'aoga. Ina ia gaosia ata RSU ma le .sof file, e mafai ona e mulimuli i faʻatonuga i le Vaega Fausiaina Faʻamatalaga Faʻafouina Faʻamatalaga Faʻamatalaga Files Fa'aaogaina le Polokalama File Faia o le Intel Agilex 7 Configuration User Guide. Mo .sof uma file fa'amaoti i luga o le Fa'aaofia Files tab, kiliki le Properties… button ma faʻamaonia tulaga talafeagai ma ki mo mea faigaluega saini ma faʻailoga. Le polokalame file meafaigaluega afi e otometi lava ona faʻailoga ma faʻailoga fale gaosimea ma ata faʻaoga aʻo fatuina le polokalame RSU files.
I le isi itu, afai o loʻo e teuina ki faʻapitoa i se HSM, e tatau ona e faʻaogaina le meafaigaluega quartus_sign ma faʻaaoga ai le .rbf files. O le vaega o totoe o lenei vaega o loʻo faʻamatalaina ai suiga i le tafe e gaosia ai ata RSU ma le .rbf files e fai ma fa'aoga. E tatau ona e fa'ailoga ma saini le .rbf format files a'o le'i filifilia e fai ma sao files mo ata RSU; ae ui i lea, o le RSU boot info file e le tatau ona fa'ailogaina ae na'o le saini. Le Polokalama File E le lagolagoina e Generator le suia o meatotino o le .rbf format files.
O le exampo lo'o fa'aalia le suiga mana'omia i le fa'atonuga o lo'o i le Vaega Fa'atupuina o Fa'amatalaga Fa'afou Fa'amatalaga Mamao Files Fa'aaogaina le Polokalama File Faia o le Intel Agilex 7 Configuration User Guide.
Fausiaina o le Ata Muamua RSU Fa'aaogā .rbf Files: Suiga Poloaiga
Mai le Fausiaina o le Ata Muamua RSU Fa'aaogaina .rbf Files vaega, suia le poloaiga i le Laasaga 1. ina ia mafai ai le mamanu saogalemu foliga e pei ona manaʻomia e faʻaaoga ai faʻatonuga mai vaega muamua o lenei pepa.
Mo example, e te faʻamaonia se firmware sainia file afai o lo'o e fa'aogaina le firmware cosigning, ona fa'aoga lea o le Quartus encryption tool e fa'ailoga ai .rbf ta'itasi file, ma mulimuli ane fa'aaoga le meafaigaluega quartus_sign e saini ai file.
I le laasaga 2, afai ua e faʻatagaina le faʻapipiʻiina o le firmware, e tatau ona e faʻaogaina se filifiliga faaopoopo i le fausiaina o le boot .rbf mai le ata fale gaosimea. file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
A mae'a ona e faia le fa'amatalaga fa'aa'e .rbf file, fa'aoga le meafaigaluega quartus_sign e saini ai le .rbf file. E le tatau ona e fa'ailogaina le fa'amatalaga o le fa'aauma .rbf file.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 55
5. Avanoa Avanoa 683823 | 2023.05.23
Fausiaina o se Ata Fa'atonu: Fa'atonuga Fa'atonu
Ina ia fa'atupuina se ata tusi talosaga ma foliga saogalemu mamanu, e te suia le poloaiga i le Fausiaina o se Ata Fa'aoga e fa'aoga ai se .rbf fa'atasi ai ma le fa'aogaina o le puipuiga o le mamanu, e aofia ai le firmware saini fa'atasi pe a mana'omia, nai lo le .sof muamua. file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Fausiaina o se Fa'afouga Fa'afouga Ata: Fa'atonu Fa'atonu
A mae'a ona e faia le fa'amatalaga fa'aa'e .rbf file, e te fa'aogaina le meafaigaluega quartus_sign e saini ai le .rbf file. E le tatau ona e fa'ailogaina le fa'amatalaga o le fa'aauma .rbf file.
Ina ia fa'atupuina se ata fa'afouina o le fale gaosi RSU, e te fa'aleleia le fa'atonuga mai le Fa'atupuina o se Fa'afouga Fa'afouga Ata e fa'aoga ai le .rbf. file fa'atasi ai ma le fa'aogaina o foliga saogalemu ma fa'aopoopo le filifiliga e fa'ailoa ai le fa'aogaina o le firmware saini fa'atasi:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
Fa'amatalaga Fa'atatau Intel Agilex 7 Configuration User Guide
5.6. SDM Cryptographic Au'aunaga
O le SDM i le Intel Agilex 7 masini e tu'uina atu auaunaga fa'ata'oto e mafai e le FPGA fabric logic po'o le HPS ona talosagaina e ala i le atigipusa meli SDM ta'itasi. Mo nisi fa'amatalaga e uiga i fa'atonuga o le pusameli ma fa'asologa o fa'amaumauga mo auaunaga fa'ata'oto uma a le SDM, fa'asino ile Fa'aopoopoga B ile Metotia Puipuia mo Intel FPGAs ma Structured ASICs User Guide.
Ina ia maua le atigipusa meli SDM i le FPGA fabric logic mo SDM cryptographic services, e tatau ona e vave fa'aalia le Pusa Meli Client Intel FPGA IP i lau mamanu.
Fa'asinomaga fa'ailoga e maua ai le SDM pusa meli mai le HPS o lo'o aofia i le ATF ma le Linux code na saunia e Intel.
Fa'amatalaga Fa'afeso'ota'i Pusa Meli Client Intel FPGA IP Ta'iala mo Tagata Fa'aoga
5.6.1. Fa'ataga Fa'ataga Fa'atau
O lo'o tu'uina atu e le Intel se fa'atinoga fa'asinomaga mo HPS software lea e fa'aogaina ai le fa'ailoga fa'ataga fa'ataga fa'atau e fa'amaonia ai le fa'amaoniaina o polokalama fa'apipi'i HPS mai le s muamua.tage fa'apipi'i uta i luga o le fatu Linux.
Fa'amatalaga Fa'atatau Intel Agilex 7 SoC Secure Boot Demo Design
Intel Agilex® 7 Device Security User Guide 56
Lauina Manatu
5. Avanoa Avanoa 683823 | 2023.05.23
5.6.2. Saogalemu Auaunaga Mea Mea
E te tu'uina atu fa'atonuga e ala i le pusameli SDM e fa'atino ai le fa'ailoga mea ma le decryption SDOS. E mafai ona e fa'aogaina le ata SDOS pe a uma ona tu'uina atu le ki a'a SDOS.
Fa'amatalaga Fa'afeso'ota'i Fa'amaumauga Saogalemu A'a Auaunaga A'a Fa'aagaaga ile itulau 30
5.6.3. SDM Cryptographic Primitive Services
E te tu'uina atu fa'atonuga e ala i le pusameli SDM e amata ai galuega fa'atino a le SDM cryptographic primitive service. E mana'omia e nisi au'aunaga fa'apitoa fa'amatalaga fa'amatalaga e tu'u atu i ma mai le SDM nai lo le mea e mafai ona talia e le pusameli. I nei tulaga, o le faʻatonuga o le faʻatulagaina e suia e tuʻuina atu ai faʻamatalaga i faʻamaumauga i le mafaufau. E le gata i lea, e tatau ona e suia le faʻaogaina o le Pusa Meli Client Intel FPGA IP e faʻaoga ai le SDM cryptographic primitive services mai le FPGA fabric logic. E tatau foi ona e setiina le Enable Crypto Service parameter i le 1 ma faʻafesoʻotaʻi le atinaʻe fou o le AXI initiator i se manatua i lau mamanu.
Ata 21. Fa'aagaoioia SDM Cryptographic Services i le Pusa Meli Client Intel FPGA IP
5.7. Fa'atonuga Puipuiga ole Bitstream (FM/S10)
FPGA Bitstream Saogalemu filifiliga o se aofaʻiga o faiga faʻavae e faʻatapulaʻa ai le faʻailoga faʻapitoa poʻo le faʻaogaina i totonu o se vaitaimi faʻatulagaina.
Bitstream Security filifiliga e aofia ai fuʻa e te setiina i le Intel Quartus Prime Pro Edition software. O nei fu'a e otometi lava ona kopi i totonu o fetuutuunaiga bitstreams.
E mafai ona e fa'amalosia tumau filifiliga saogalemu i luga o se masini e ala i le fa'aogaina o le fa'aoga saogalemu eFuse.
Mo le faʻaogaina o soʻo se tulaga saogalemu i le bitstream fetuutuunai poʻo masini eFuses, e tatau ona e faʻatagaina le faʻamaoniga faʻapitoa.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 57
5. Avanoa Avanoa 683823 | 2023.05.23
5.7.1. Filifilia ma Fa'agaoioi Filifiliga Saogalemu
Ina ia filifili ma fa'atagaina filifiliga saogalemu, fai e pei ona taua i lalo: Mai le lisi o Tofiga, filifili Meafaigaluega Masini ma Pin Filifiliga Saogalemu Sili Filifiliga... Ata 22. Filifilia ma Fa'agaoioi Filifiliga Puipuiga
Ona filifili lea o tau mai le lisi pa'ū mo filifiliga saogalemu e te manaʻo e faʻatagaina e pei ona faʻaalia i le faʻasologa o loʻo mulimuli mai.ampLe:
Ata 23. Filifilia o Tulaga Taua mo Filifiliga Puipuiga
Intel Agilex® 7 Device Security User Guide 58
Lauina Manatu
5. Avanoa Avanoa 683823 | 2023.05.23
O lo'o mulimuli mai suiga tutusa i le Quartus Prime Settings .qsf file:
seti_global_assignment -igoa SECU_OPTION_DISABLE_JTAG "I luga o le siakiina" Seti_Global_acfigments -nanments o le (OFF_ENCYFANDA " Urty_Pecuses i luga o le seti_global_ageningments -names_Distable_eby_ay_ast_astment_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_est_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_antation_dyest_ast_ast_ast_ast_anjest_est_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ast_ading_est_ast_ast_ast_ast_est_adwety Cryption_key_in_Faecuses i le seti_Global_asenty -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -igoa SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM ON set_global_assignment -igoa SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 59
683823 | 2023.05.23 Auina Manatu
Fa'afitauli
O lenei mataupu o loʻo faʻamatalaina ai mea sese masani ma faʻamatalaga lapatai e te ono fetaiaʻi aʻo e taumafai e faʻaoga foliga saogalemu o masini ma faiga e foia ai.
6.1. Fa'aaogaina o Poloaiga a le Quartus i se mea sese a le Windows Environment
Error quartus_pgm: poloaiga e leʻi maua Faʻamatalaga Faʻaalia lenei mea sese pe a taumafai e faʻaaoga poloaiga Quartus i totonu ole NIOS II Shell ile Windows environment e ala ile faʻaogaina ole WSL. Resolution O lenei poloaiga e galue i le siosiomaga Linux; Mo Windows hosts, faʻaaoga le poloaiga lenei: quartus_pgm.exe -h Faʻapea foi, faʻaoga tutusa le syntax i isi Quartus Prime poloaiga e pei ole quartus_pfg, quartus_sign, quartus_encrypt i isi poloaiga.
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
6. Fa'afitauli 683823 | 2023.05.23
6.2. Fausiaina o se Lapata'iga Tuto'atasi
Lapataiga:
O le upu fa'amaonia ua manatu e le saogalemu. E fautuaina e Intel ia le itiiti ifo ma le 13 mataitusi o upu faʻaulu e faʻaaoga. E fautuaina oe e sui le uputatala e ala i le faʻaaogaina o le OpenSSL executable.
openssl ec -in -i fafo -ae256
Fa'amatalaga
O lenei lapataiga e fesoʻotaʻi ma le malosi o upu faʻamaonia ma faʻaalia pe a taumafai e faʻatupu se ki faʻapitoa e ala i le tuʻuina atu o tulafono nei:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp3841 root.pem
I'uga Fa'aaoga le openssl executable e fa'ama'oti ai se fa'aupuga umi ma malosi.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 61
6. Fa'afitauli 683823 | 2023.05.23
6.3. Fa'aopoopoina o se Saini Ki i le Quartus Project Error
Sese…File o lo'o iai fa'amatalaga autu autu...
Fa'amatalaga
A mae'a ona fa'aopoopo se ki saini .qky file i le poloketi Quartus, e tatau ona e toe faʻapipiʻi le .sof file. A e fa'aopoopoina le .sof toe fa'afouina file i le masini filifilia e ala i le faʻaaogaina o le Quartus Programmer, o le savali sese o loʻo taʻu mai ai o le file o lo'o iai fa'amatalaga autu autu:
Ua le mafai ona faaopoopofile-path-name> i le Polokalama. O le file o lo'o i ai fa'amatalaga autu autu (.qky). Ae ui i lea, e le lagolagoina e le Polokalama le vaega o le sainia o le bitstream. E mafai ona e faʻaogaina Polokalama File Generator e faaliliu ai le file i le Raw Binary ua sainia file (.rbf) mo le faʻatulagaina.
I'ugafono
Fa'aaoga le Quartus Polokalama file afi afi e faaliliu ai le file i totonu o le Raw Binary ua sainia File .rbf mo le fa'atulagaina.
Fa'amatalaga Feso'ota'i Saini Fa'atonuga Bitstream Fa'aaogā le quartus_sign Poloaiga ile itulau 13
Intel Agilex® 7 Device Security User Guide 62
Lauina Manatu
6. Fa'afitauli 683823 | 2023.05.23
6.4. Fausiaina o Polokalama Palemia Quartus File sa Le manuia
Sese
Sese (20353): X o ki fa'alaua'itele mai le QKY e le fetaui ma ki fa'apitoa mai PEM file.
Sese (20352): Ua le mafai ona sainia le bitstream e ala i le python script agilex_sign.py.
Sese: Quartus Prime Programming File Ua le manuia le afi.
Fa'amatalaga Afai e te taumafai e saini se bitstream fetuutuunai e fa'aaoga ai se ki patino sese .pem file po'o se .pem file e le fetaui ma le .qky faaopoopo i le poloketi, o loʻo faʻaalia mea sese masani i luga. I'uga Fa'amautinoa e te fa'aogaina le ki patino .pem e saini ai le bitstream.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 63
6. Fa'afitauli 683823 | 2023.05.23
6.5. Fa'asagaga Sese le iloa
Sese
Sese (23028): Le iloa le finauga "ûc". Va'ai ile -fesoasoani mo finauga fa'aletulafono.
Sese (213008): Polokalama filifiliga filifili "ûp" e le tusa ai ma le tulafono. Va'ai i -fesoasoani mo fa'atonuga fa'apolokalame fa'aletulafono.
Fa'amatalaga Afai e te kopiina ma fa'apipi'i filifiliga laina fa'atonu mai se .pdf file i le Windows NIOS II Shell, atonu e te fetaiaʻi ma faʻamatalaga le iloa faʻamatalaga e pei ona faʻaalia i luga. I'uga I tulaga fa'apea, e mafai ona e tu'uina ma le lima le fa'atonuga nai lo le faapipiiina mai le laupapa kilipa.
Intel Agilex® 7 Device Security User Guide 64
Lauina Manatu
6. Fa'afitauli 683823 | 2023.05.23
6.6. Bitstream Encryption Option Fa'aletonu Sese
Sese
Le mafai ona fa'amae'aina le fa'ailoga mo le file design .sof ona sa tuufaatasia ma le filifiliga encryption bitstream ua le atoatoa.
Fa'amatalaga Afai e te taumafai e fa'ailoga le bitstream e ala i le GUI poʻo le laina-faʻatonu pe a uma ona e tuʻufaʻatasia le poloketi faʻatasi ai ma le filifiliga encryption bitstream ua le atoatoa, ua teena e Quartus le poloaiga e pei ona faʻaalia i luga.
I'uga Fa'amautinoa e te tu'ufa'atasia le poloketi fa'atasi ai ma le filifiliga fa'ailoga bitstream e mafai e ala i le GUI po'o le laina fa'atonu. Ina ia mafai lenei filifiliga ile GUI, e tatau ona e siaki le pusa siaki mo lenei filifiliga.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 65
6. Fa'afitauli 683823 | 2023.05.23
6.7. Fa'ailoaina le Ala Sa'o ile Ki
Sese
Sese (19516): Fa'asaoina Polokalama File Sese mea fa'atupu fa'atupu: Le mafai ona maua 'key_file'. Ia mautinoa o le file o loʻo tu i le nofoaga faʻamoemoeina pe faʻafouina le seti.sec
Sese (19516): Fa'asaoina Polokalama File Sese mea fa'atupu fa'atupu: Le mafai ona maua 'key_file'. Ia mautinoa o le file o loʻo tu i le nofoaga faʻamoemoeina pe faʻafouina le faʻatulagaga.
Fa'amatalaga
Afai o lo'o e fa'aogaina ki o lo'o teuina i luga o le file faiga, e tatau ona e faʻamautinoa latou te faʻamaonia le ala saʻo mo ki faʻaaogaina mo le faʻailoga ma le sainia o le bitstream. Afai o le Polokalama File E le mafai e le generator ona iloa le ala sa'o, o fa'amatalaga sese o lo'o i luga.
I'ugafono
Va'ai ile Quartus Prime Settings .qsf file e su'e ala sa'o mo ki. Ia mautinoa e te fa'aogaina ala feso'ota'i nai lo ala fa'ato'atoa.
Intel Agilex® 7 Device Security User Guide 66
Lauina Manatu
6. Fa'afitauli 683823 | 2023.05.23
6.8. Fa'aaogāina o le Fa'aaogāga e le'i Lagolagoina File Ituaiga
Sese
quartus_pfg -c design.sof output_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o saini=ON -o pem_file=sign_private.pem
Sese (19511): Le galuega faatino e le lagolagoina file ituaiga (ebf). Fa'aaoga le "-l" po'o le "–list" filifiliga e fa'aali ai le lagolago file fa'ailoga fa'amatalaga.
Fa'amatalaga A'o fa'aogaina le Quartus Programming File Generator e fa'atupu le fa'ailoga fa'ailoga ma sainia bitstream, e mafai ona e va'ai i le mea sese o lo'o i luga pe a fai o se mea e le lagolagoina file ituaiga ua faamaoti. I'uga Fa'aaoga le -l po'o le -list filifiliga e va'ai ai i le lisi o lagolago file ituaiga.
Lauina Manatu
Intel Agilex® 7 Device Security User Guide 67
683823 | 2023.05.23 Auina Manatu
7. Intel Agilex 7 Device Security User Guide Archives
Mo fa'amatalaga lata mai ma muamua o lenei ta'iala fa'aoga, fa'asino ile Intel Agilex 7 Device Security User Guide. Afai e le o lisiina se IP po'o se polokalama faakomepiuta, e fa'aoga le ta'iala mo le IP muamua po'o le polokalama faakomepiuta.
Intel Corporation. Ua taofia aia tatau uma. Intel, le Intel logo, ma isi fa'ailoga Intel o fa'ailoga fa'ailoga a le Intel Corporation po'o ona lala. E fa'amaonia e Intel le fa'atinoina o ana oloa FPGA ma semiconductor i fa'amatalaga o lo'o iai nei e tusa ai ma le fa'atonuga masani a Intel, ae fa'asaoina le aia tatau e fai ai suiga i so'o se oloa ma auaunaga i so'o se taimi e aunoa ma se fa'aaliga. E leai se tiute po'o se noataga e afua mai i le talosaga po'o le fa'aogaina o so'o se fa'amatalaga, oloa, po'o se auaunaga o lo'o fa'amatalaina i i'i se'i vagana ua malilie i ai i se faiga tusitusia e Intel. Ua fautuaina tagata fa'atau Intel ina ia maua le fa'amatalaga lata mai o fa'amatalaga masini a'o le'i fa'alagolago i so'o se fa'amatalaga fa'asalalau ma a'o le'i tu'uina atu oka mo oloa po'o tautua. *O isi igoa ma fa'ailoga e mafai ona ta'ua o se meatotino a isi.
ISO 9001:2015 Resitala
683823 | 2023.05.23 Auina Manatu
8. Toe Iloiloga Tala'aga mo le Intel Agilex 7 Device Security User Guide
Tusitusiga Faʻamatalaga 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09
Pepa / Punaoa
 |
Intel Agilex 7 Saogalemu Meafaigaluega [pdf] Tusi Taiala Agilex 7 Saogalemu Meafaigaluega, Agilex 7, Saogalemu Meafaigaluega, Puipuiga |
