Intel Agilex 7 Jagorar Mai Amfani da Tsaro na Na'urar

Intel ya himmatu ga tsaron samfur kuma yana ba da shawarar masu amfani don sanin kansu da albarkatun amincin samfuran da aka bayar. Ya kamata a yi amfani da waɗannan albarkatun a tsawon rayuwar samfurin Intel.

2. Shirye-shiryen Tsaron Tsaro

Ana tsara fasalulluka na tsaro masu zuwa don fitowar software na Intel Quartus Prime Pro Edition nan gaba:

Tabbacin Tsaro na Sake Tsara Sashe na Bitstream: Yana ba da ƙarin tabbaci cewa Rarraba Sake Tsari (PR) bitstreams ba za su iya shiga ko tsoma baki tare da wasu PR persona bitstreams ba.

Kashe Kai na Na'urar don Anti-T na Jikiamper: Yana yin gogewar na'urar ko amsawar sifilin na'urar da shirye-shiryen eFuses don hana na'urar sake daidaitawa.

3. Takardun Tsaro Akwai

Tebu mai zuwa yana lissafin daftarin da ke akwai don fasalulluka na tsaro na na'ura akan Intel FPGA da Tsarin ASIC:

Sunan Takardu	Manufar
Hanyar Tsaro don FPGAs na Intel da Tsarin Mai amfani da ASICs Jagora	Babban daftarin aiki wanda ke ba da cikakken bayanin fasalulluka na tsaro da fasahohi a cikin Maganin Shirye-shiryen Intel Kayayyaki. Taimaka wa masu amfani su zaɓi mahimman abubuwan tsaro don su cimma manufofin tsaro.
Intel Stratix 10 Jagorar Mai Amfani da Tsaro na Na'ura	Umarni don masu amfani da na'urorin Intel Stratix 10 don aiwatarwa abubuwan tsaro da aka gano ta amfani da Hanyar Tsaro Jagorar Mai Amfani.
Jagorar Mai Amfani da Tsaro na Na'urar Intel Agilex 7	Umarni don masu amfani da na'urorin Intel Agilex 7 don aiwatarwa abubuwan tsaro da aka gano ta amfani da Hanyar Tsaro Jagorar Mai Amfani.
Intel eASIC N5X Jagorar Mai Amfani da Tsaro na Na'ura	Umarni don masu amfani da na'urorin Intel eASIC N5X don aiwatarwa abubuwan tsaro da aka gano ta amfani da Hanyar Tsaro Jagorar Mai Amfani.
Intel Agilex 7 da Intel eASIC N5X HPS Cryptographic Services Jagorar Mai Amfani	Bayani ga injiniyoyin software na HPS akan aiwatarwa da kuma amfani da ɗakunan karatu na software na HPS don samun damar ayyukan sirri SDM ya bayar.
AN-968 Baƙin Maɓalli na Bayar da Sabis Mai Saurin Jagora	Cikakkun saitin matakai don saita Bakin Maɓalli na Baƙi hidima.

Tambayoyin da ake yawan yi

Tambaya: Menene manufar Jagorar Mai Amfani da Hanyar Tsaro?

A: Jagoran Mai amfani da Hanyar Tsaro yana ba da cikakkun bayanai na fasalulluka na tsaro da fasaha a cikin Kayayyakin Maganin Shirye-shiryen Intel. Yana taimaka wa masu amfani su zaɓi mahimman abubuwan tsaro don cimma manufofin tsaro.

Tambaya: A ina zan iya samun Jagorar Tsaro na Na'urar Intel Agilex 7?

A: Ana iya samun Jagorar Mai Amfani da Tsaro na Na'urar Intel Agilex 7 akan Cibiyar Albarkatun Intel da Zane website.

Tambaya: Menene sabis na Bayar da Maɓalli?

A: Sabis ɗin Bayar da Maɓalli na Baƙar fata sabis ne wanda ke ba da cikakkun matakan matakai don saita mahimman tanadi don ayyuka masu aminci.

View Fullscreen

Intel Agilex® 7 Jagorar Tsaron Mai Amfani
An sabunta don Intel® Quartus® Prime Design Suite: 23.1

Sigar Kan layi Aika Amsa

Saukewa: UG-20335

683823 2023.05.23

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 2

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 3

683823 | 2023.05.23 Aika Ra'ayoyin
1. Intel Agilex® 7

Tsaro na Na'ura ya ƙareview

Intel® yana ƙirƙira na'urorin Intel Agilex® 7 tare da keɓancewa, kayan aikin tsaro mai daidaitawa sosai da firmware.
Wannan takaddar ta ƙunshi umarni don taimaka muku amfani da Intel Quartus® Prime Pro software software don aiwatar da fasalulluka na tsaro akan na'urorin ku na Intel Agilex 7.
Bugu da ƙari, Hanyar Tsaro don Intel FPGAs da Tsarin Jagorar Mai amfani ASICs yana samuwa akan Cibiyar Albarkatun Intel & Zane. Wannan daftarin aiki ya ƙunshi cikakkun bayanai na fasalulluka na tsaro da fasaha waɗanda ke samuwa ta samfuran Intel Programmable Solutions don taimaka muku zaɓi abubuwan tsaro masu mahimmanci don cimma manufofin tsaro. Tuntuɓi Tallafin Intel tare da lambar tunani 14014613136 don samun damar Hanyar Tsaro don FPGAs na Intel da Tsarin Jagorar Mai amfani ASICs.
An tsara takaddun kamar haka: · Tabbatarwa da izini: Yana ba da umarnin ƙirƙira
maɓallan tantancewa da sarƙoƙin sa hannu, yi amfani da izini da sokewa, sa hannu kan abubuwa, da fasalulluka na tabbatar da shirin akan na'urorin Intel Agilex 7. · AES Bitstream Encryption: Yana ba da umarni don ƙirƙirar maɓallin tushen AES, ɓoyayyiyar tsarin bitstreams, da samar da maɓallin tushen AES ga na'urorin Intel Agilex 7. Samar da Na'ura: Yana ba da umarni don amfani da Intel Quartus Prime Programmer da Secure Device Manager (SDM) samar da firmware don tsara fasalin tsaro akan na'urorin Intel Agilex 7. Advanced Features: Yana ba da umarni don ba da damar abubuwan tsaro na ci-gaba, gami da amintaccen izini na gyara kuskure, cire maɓalli na Hard Processor (HPS), da sabunta tsarin nesa.
1.1. Alƙawari ga Tsaron Samfur
Amincewar Intel na dogon lokaci akan tsaro bai taɓa yin ƙarfi ba. Intel yana ba da shawarar sosai cewa ku saba da albarkatun tsaro na samfuranmu kuma kuyi shirin amfani da su tsawon rayuwar samfuran ku na Intel.
Bayani mai alaƙa · Tsaron Samfura a Intel · Shawarwari na Cibiyar Tsaro ta Samfur

Kamfanin Intel. An kiyaye duk haƙƙoƙi. Intel, tambarin Intel, da sauran alamun Intel alamun kasuwanci ne na Kamfanin Intel Corporation ko rassan sa. Intel yana ba da garantin aiwatar da samfuran FPGA da semiconductor zuwa ƙayyadaddun bayanai na yanzu daidai da daidaitaccen garanti na Intel, amma yana da haƙƙin yin canje-canje ga kowane samfuri da sabis a kowane lokaci ba tare da sanarwa ba. Intel ba ya ɗaukar wani nauyi ko alhaki da ya taso daga aikace-aikacen ko amfani da kowane bayani, samfur, ko sabis da aka kwatanta a nan sai dai kamar yadda Intel ya yarda da shi a rubuce. An shawarci abokan cinikin Intel su sami sabon sigar ƙayyadaddun na'urar kafin su dogara ga kowane bayanan da aka buga kuma kafin sanya oda don samfur ko ayyuka. *Wasu sunaye da tambura ana iya da'awarsu azaman mallakar wasu.

ISO 9001: 2015 Rajista

1. Intel Agilex® 7 Tsaro na Na'ura Ya Kareview 683823 | 2023.05.23

1.2. Shirye-shiryen Tsaron Tsaro

Abubuwan da aka ambata a wannan sashe an tsara su don sakin Intel Quartus Prime Pro Edition software nan gaba.

Lura:

Bayanin da ke cikin wannan sashe na farko ne.

1.2.1. Tabbataccen Tsaro na Sake Tsara Sashe na Bitstream
Sake saita ɓangarori (PR) ingantaccen tsaro na bitstream yana taimakawa samar da ƙarin tabbacin cewa PR persona bitstreams ba za su iya shiga ko tsoma baki tare da wasu PR persona bitstreams ba.

1.2.2. Kashe Kai na Na'urar don Anti-T na Jikiamper
Kisan kai na na'urar yana yin gogewar na'urar ko amsa sifilin na'urar da ƙari shirye-shiryen eFuses don hana na'urar sake daidaitawa.

1.3. Takardun Tsaro Akwai

Tebur mai zuwa yana ƙididdige takaddun da ke akwai don fasalulluka na tsaro na na'ura akan Intel FPGA da Tsarin ASIC:

Tebur 1.

Akwai Takardun Tsaro na Na'ura

Sunan Takardu
Hanyar Tsaro don Intel FPGAs da Tsarin Jagorar Mai Amfani da ASICs

Manufar
Babban daftarin aiki wanda ya ƙunshi cikakkun bayanai na fasalulluka na tsaro da fasaha a cikin Kayayyakin Maganin Shirye-shiryen Intel. An yi niyya don taimaka muku zaɓi abubuwan tsaro masu mahimmanci don cimma manufofin tsaro.

Takardun ID 721596

Intel Stratix 10 Jagorar Mai Amfani da Tsaro na Na'ura
Jagorar Mai Amfani da Tsaro na Na'urar Intel Agilex 7

Ga masu amfani da na'urorin Intel Stratix 10, wannan jagorar ya ƙunshi umarni don amfani da Intel Quartus Prime Pro Edition software don aiwatar da fasalulluka na tsaro da aka gano ta amfani da Jagorar Mai amfani da Hanyar Tsaro.
Ga masu amfani da na'urorin Intel Agilex 7, wannan jagorar ya ƙunshi umarni don amfani da Intel Quartus Prime Pro Edition software don aiwatar da fasalulluka na tsaro da aka gano ta amfani da Jagorar Mai amfani da Hanyar Tsaro.

683642 683823

Intel eASIC N5X Jagorar Mai Amfani da Tsaro na Na'ura

Ga masu amfani da na'urorin Intel eASIC N5X, wannan jagorar ya ƙunshi umarni don amfani da Intel Quartus Prime Pro Edition software don aiwatar da fasalulluka na tsaro da aka gano ta amfani da Jagoran Mai Amfani da Hanyar Tsaro.

626836

Intel Agilex 7 da Intel eASIC N5X HPS Jagorar Mai Amfani da Sabis na Cryptographic

Wannan jagorar ya ƙunshi bayanai don taimakawa injiniyoyin software na HPS a aiwatarwa da amfani da ɗakunan karatu na software na HPS don samun damar ayyukan sirrin da SDM ke bayarwa.

713026

AN-968 Baƙin Maɓalli na Bayar da Sabis Mai Saurin Jagora

Wannan jagorar ya ƙunshi cikakkun saitin matakai don saita sabis na Ba da Maɓalli na Baƙar fata.

739071

Wurin Intel Resource da
Cibiyar Zane
Intel.com
Intel.com
Intel Resource and Design Center
Intel Resource and Design Center
Intel Resource and Design Center

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 5

683823 | 2023.05.23 Aika Ra'ayoyin

Tabbatarwa da izini

Don ba da damar fasalulluka na na'urar Intel Agilex 7, kuna farawa ta amfani da Intel Quartus Prime Pro software software da kayan aikin haɗin gwiwa don gina sarkar sa hannu. Sarkar sa hannu ta ƙunshi maɓallin tushe, ɗaya ko fiye maɓallan sa hannu, da izini masu dacewa. Kuna amfani da sarkar sa hannu zuwa aikin Intel Quartus Prime Pro Edition ɗinku da haɗa shirye-shirye files. Yi amfani da umarnin a cikin Samar da Na'ura don tsara maɓallin tushen ku cikin na'urorin Intel Agilex 7.
Bayanai masu alaƙa
Samar da Na'ura a shafi na 25

2.1. Ƙirƙirar Sarkar Sa hannu
Kuna iya amfani da kayan aikin quartus_sign ko aikin agilex_sign.py don aiwatar da ayyukan sarkar sa hannu. Wannan takaddar tana ba da exampamfani da quartus_sign.
Don amfani da aiwatar da tunani, kun maye gurbin kira zuwa mai fassarar Python wanda aka haɗa tare da Intel Quartus Prime software kuma ku bar zaɓin –family=agilex; duk sauran zaɓuɓɓuka daidai suke. Don misaliample, umarnin quartus_sign da aka samo daga baya a wannan sashe
quartus_sign –family=agilex –operation=make_root root_public.pem root.qky za a iya canza shi zuwa daidai kira zuwa aiwatar da tunani kamar haka
pgm_py agilex_sign.py –operation=make_root root_public.pem tushen.qky

Intel Quartus Prime Pro software software ya haɗa da quartus_sign, pgm_py, da kayan aikin agilex_sign.py. Kuna iya amfani da kayan aikin harsashi na Nios® II, wanda ke saita masu canjin yanayi ta atomatik don samun damar kayan aikin.

Bi waɗannan umarnin don kawo harsashi na Nios II. 1. Kawo harsashi na Nios II.

Zabin Windows
Linux

Bayani
A kan Fara menu, nuna zuwa Shirye-shiryen Intel FPGA Nios II EDS kuma danna Nios II Umurnin Shell.
A cikin harsashi umarni canza zuwa /nios2eds kuma gudanar da umarni mai zuwa:
./nios2_umarnin_shell.sh

The exampLes a cikin wannan sashe ɗauka sarkar sa hannu da daidaitawar bitstream files suna cikin kundin tsarin aiki na yanzu. Idan kun zabi bin tsohonampku ku key files ana kiyaye su file tsarin, wadanda exampmu ɗauki maɓalli files su ne

ISO 9001: 2015 Rajista

2. Tabbatarwa da izini 683823 | 2023.05.23
wanda yake a cikin kundin aiki na yanzu. Kuna iya zaɓar waɗanne kundayen adireshi za ku yi amfani da su, kuma kayan aikin suna tallafawa dangi file hanyoyi. Idan kun zaɓi kiyaye maɓalli files na ku file tsarin, dole ne a hankali sarrafa izinin shiga waɗancan files.
Intel ya ba da shawarar cewa a yi amfani da Module Tsaro na Hardware (HSM) na kasuwanci don adana maɓallan sirri da yin ayyukan sirri. Kayan aikin quartus_sign da aiwatar da tunani sun haɗa da Madaidaicin Maɓalli na Farko na Jama'a #11 (PKCS #11) Interface Programming Interface (API) don yin hulɗa tare da HSM yayin gudanar da ayyukan sarkar sa hannu. Agilex_sign.py reference aiwatarwa ya hada da abin dubawa da kuma wani tsohonampƘaddamarwa zuwa SoftHSM.
Kuna iya amfani da waɗannan exampmusaya don aiwatar da hanyar sadarwa zuwa HSM ɗin ku. Koma zuwa takaddun daga mai siyar da HSM don ƙarin bayani game da aiwatar da mu'amala zuwa da sarrafa HSM ɗin ku.
SoftHSM shine aiwatar da software na na'ura mai ƙira tare da ƙirar PKCS #11 wanda aikin OpenDNSSEC® ya samar. Kuna iya samun ƙarin bayani, gami da umarni kan yadda ake zazzagewa, ginawa, da shigar da OpenHSM, a aikin OpenDNSSEC. The exampLes a cikin wannan sashin yi amfani da SoftHSM version 2.6.1. The exampLes a cikin wannan sashin kuma yi amfani da kayan aikin pkcs11-kayan aiki daga OpenSC don yin ƙarin ayyukan PKCS #11 tare da alamar SoftHSM. Kuna iya samun ƙarin bayani, gami da umarni kan yadda ake zazzagewa, ginawa, da shigar da pkcs11tool daga OpenSC.
Bayanai masu alaƙa
· Mai sa hannu na yanki na tushen Manufofin aikin OpenDNSSEC don sarrafa sarrafa tsarin bin maɓallan DNSSEC.
Bayanin SoftHSM game da aiwatar da kantin sayar da bayanan sirri wanda ake samun dama ta hanyar dubawar PKCS #11.
OpenSC Yana ba da saitin ɗakunan karatu da abubuwan amfani waɗanda ke iya aiki tare da katunan wayo.
2.1.1. Ƙirƙirar Haɗin Maɓallai na Tabbatarwa akan Na gida File Tsari
Kuna amfani da kayan aikin quartus_sign don ƙirƙirar nau'ikan maɓallin tantancewa akan na gida file tsarin amfani da make_private_pem da make_public_pem kayan aiki. Kun fara samar da maɓalli na sirri tare da aikin make_private_pem. Kun saka madaidaicin lanƙwasa don amfani, maɓalli na sirri filesuna, da zaɓin ko don kare maɓalli na sirri tare da kalmar wucewa. Intel yana ba da shawarar yin amfani da madaidaicin sec384r1 da bin kyawawan ayyuka na masana'antu don ƙirƙirar ƙaƙƙarfan kalmar wucewar bazuwar akan duk maɓalli na sirri. files. Intel kuma ya ba da shawarar ƙuntatawa file izinin tsarin akan maɓalli na sirri .pem files don karantawa ta mai shi kawai. Kuna samun maɓallin jama'a daga maɓalli na sirri tare da aikin make_public_pem. Yana da taimako sanya sunan maɓalli .pem files siffantawa. Wannan daftarin aiki yana amfani da al'ada _ .pem a cikin wadannan examples.
1. A cikin harsashi na Nios II, gudanar da umarni mai zuwa don ƙirƙirar maɓalli na sirri. Maɓallin keɓaɓɓen, wanda aka nuna a ƙasa, ana amfani da shi azaman maɓallin tushen a baya misaliampkada hakan ya haifar da sarkar sa hannu. Intel Agilex 7 na'urorin suna goyan bayan maɓallan tushen da yawa, don haka ku

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 7

2. Tabbatarwa da izini 683823 | 2023.05.23

maimaita wannan matakin don ƙirƙirar adadin da ake buƙata na maɓallan tushen. ExampA cikin wannan takarda duk suna komawa zuwa maɓallin tushen farko, kodayake kuna iya gina sarƙoƙi na sa hannu a cikin irin wannan salon tare da kowane maɓallin tushe.

Zaɓi Tare da kalmar wucewa

Bayani
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem Shigar da kalmar wucewa lokacin da aka sa yin haka.

Ba tare da kalmar wucewa ba

quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 –no_passphrase tushen0_private.pem

2. Guda wannan umarni don ƙirƙirar maɓalli na jama'a ta amfani da maɓalli na sirri da aka samar a mataki na baya. Ba kwa buƙatar kare sirrin maɓalli na jama'a.
quartus_sign –family=agilex –operation=make_public_pem root0_private.pem tushen0_public.pem
3. Guda umarni kuma don ƙirƙirar maɓalli biyu da aka yi amfani da su azaman maɓallin sa hannu na ƙira a cikin sarkar sa hannu.
quartus_sign –family=agilex –operation=make_private_pem –curve=sec384r1 design0_sign_private.pem

quartus_sign –family=agilex –operation=make_public_pem design0_sign_private.pem design0_sign_public.pem

2.1.2. Ƙirƙirar Ƙirƙirar Maɓallai Maɓalli a cikin SoftHSM
SoftHSM exampLes a cikin wannan babin sun dace da kansu. Wasu sigogi sun dogara da shigarwar SoftHSM ɗinku da farawar alama a cikin SoftHSM.
Kayan aikin quartus_sign ya dogara da ɗakin karatu na PKCS #11 API daga HSM ɗin ku.
The exampa cikin wannan sashe ɗauka cewa an shigar da ɗakin karatu na SoftHSM zuwa ɗayan wurare masu zuwa: · /usr/local/lib/softhsm2.so akan Linux · C:SoftHSM2libsofthsm2.dll akan sigar 32-bit na Windows · C:SoftHSM2libsofthsm2-x64 dll akan sigar 64-bit na Windows.
Fara alama a cikin SoftHSM ta amfani da kayan aikin softhsm2-util:
softhsm2-util –init-token –label agilex-token –pin agilex-token-pin –so-pin agilex-so-pin –free
Matsalolin zaɓi, musamman alamar alama da fil ɗin token sune exampKada a yi amfani da duk wannan babi. Intel yana ba da shawarar ku bi umarni daga mai siyar ku na HSM don ƙirƙira da sarrafa alamu da maɓalli.
Kuna ƙirƙiri nau'i-nau'i na maɓallin tantancewa ta amfani da kayan aikin pkcs11 don yin hulɗa tare da alamar a cikin SoftHSM. Maimakon yin magana a sarari ga maɓalli na sirri da na jama'a .pem files a cikin file tsarin misaliampDon haka, kuna komawa zuwa maɓallan biyu ta alamar sa kuma kayan aiki yana zaɓar maɓallin da ya dace ta atomatik.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 8

Aika da martani

2. Tabbatarwa da izini 683823 | 2023.05.23

Gudun waɗannan umarni don ƙirƙirar maɓalli biyu da aka yi amfani da su azaman maɓallin tushen a baya exampda kuma maɓalli na biyu da aka yi amfani da su azaman maɓallin sa hannu na ƙira a cikin sarkar sa hannu:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC : sec384r1 - alamar amfani -label tushen0 -id 0
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC : secp384r1 - alamar amfani -label design0_sign -id 1

Lura:

Dole ne zaɓin ID na wannan matakin ya zama na musamman ga kowane maɓalli, amma HSM ne kawai ke amfani dashi. Wannan zaɓin ID ɗin bashi da alaƙa da ID ɗin soke maɓalli da aka sanya a cikin sarkar sa hannu.

2.1.3. Ƙirƙirar Shigar Sarkar Sa hannu
Maida tushen maɓalli na jama'a zuwa tushen shigarwar sarkar sa hannu, adana akan na gida file tsarin a tsarin Intel Quartus Prime key (.qky). file, tare da make_root aiki. Maimaita wannan mataki don kowane maɓallin tushen da kuka samar.
Gudun umarni mai zuwa don ƙirƙirar sarkar sa hannu tare da tushen shigarwa, ta amfani da maɓallin jama'a daga tushen file tsarin:
quartus_sign –family=agilex –operation=make_root –key_type = tushen mai shi0_public.pem tushen0.qky
Gudun umarni mai zuwa don ƙirƙirar sarkar sa hannu tare da tushen shigarwa, ta amfani da maɓallin tushen daga alamar SoftHSM da aka kafa a cikin sashin da ya gabata:
quartus_sign –family=agilex –operation=make_root –key_type=mai mallaka –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libh2 ” tushen0 tushen0.qky

2.1.4. Ƙirƙirar Shigar Maɓalli na Jama'a Sarkar Sa hannu
Ƙirƙiri sabon shigarwar maɓalli na jama'a don sarkar sa hannu tare da aikin append_key. Kuna ƙididdige sarkar sa hannu na farko, maɓallin keɓaɓɓen don shigarwa ta ƙarshe a cikin sa hannu na farko, maɓallin jama'a na gaba, izini da ID na sokewa da kuka sanya zuwa maɓalli na jama'a na gaba, da sabon sarkar sa hannu. file.
Ka lura cewa ɗakin karatu na softHSM baya samuwa tare da shigarwar Quartus kuma a maimakon haka yana buƙatar shigar da shi daban. Don ƙarin bayani game da softHSM koma zuwa Sashe Ƙirƙirar Sarkar Sa hannu a sama.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 9

2. Tabbatarwa da izini 683823 | 2023.05.23
Ya danganta da amfani da maɓallai akan file tsarin ko a cikin HSM, kuna amfani da ɗayan waɗannan example yayi umarni don saka zane0_sign maɓalli na jama'a zuwa tushen sa hannun sa hannu da aka ƙirƙira a cikin sashin da ya gabata:
quartus_sign –family=agilex –operation=append_key –previous_pem=tushen0_private.pem –previous_qky=tushen0.qky –izini=6 –cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family = agilex –operation = append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”-prename_key” tushen0 -previous_qky = tushen0.qky - izini = 6 -cancel = 0 -input_keyname = zane0_sign design0_sign_chain.qky
Kuna iya maimaita aikin append_key har zuwa sau biyu don iyakar maɓalli uku na jama'a tsakanin tushen shigarwa da shigarwar toshewar kai a kowace sarkar sa hannu ɗaya.
Mai zuwa exampKa ɗauka cewa ka ƙirƙiri wani maɓallin tabbatarwa na jama'a tare da izini iri ɗaya kuma an sanya ID 1 na sokewa da ake kira design1_sign_public.pem, kuma kuna haɗa wannan maɓalli zuwa sarkar sa hannu daga tsohon tsohon da ya gabata.ampda:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –izini=6 –cancel=1 –input_pem=design1_sign_public.pem designq1_kysign_chain.
quartus_sign –family = agilex –operation = append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”-prename_key” design0_sign –previous_qky= design0_sign_chain.qky –izni=6 –cancel=1 –input_keyname=design1_sign design1_sign_chain.qky
Na'urorin Intel Agilex 7 sun haɗa da ƙarin maɓalli na sokewa don sauƙaƙe amfani da maɓalli wanda zai iya canzawa lokaci-lokaci a tsawon rayuwar da aka bayar. Kuna iya zaɓar wannan maɓalli na sokewa ta hanyar canza hujjar zaɓin –cancel zuwa pts:pts_value.
2.2. Shiga Bitstream Kanfigareshan
Na'urorin Intel Agilex 7 suna goyan bayan ƙidayar Lambar Sigar Tsaro (SVN), waɗanda ke ba ku damar soke izinin abu ba tare da soke maɓalli ba. Kuna sanya ma'aunin SVN da madaidaicin ƙimar SVN yayin sanya hannu kan kowane abu, kamar sashin bitstream, firmware .zip. file, ko m takardar shaida. Kuna sanya ma'aunin SVN da ƙimar SVN ta amfani da zaɓin-cancel da svn_counter:svn_value azaman hujja. Ingantattun dabi'u na svn_counter sune svnA, svnB, svnC, da svnD. Svn_value lamba ce a cikin kewayon [0,63].

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 10

Aika da martani

2. Tabbatarwa da izini 683823 | 2023.05.23
2.2.1. Maɓallin Quartus File Ayyuka
Kuna ƙididdige sarkar sa hannu a cikin aikin Intel Quartus Prime software don ba da damar fasalin tantancewa don wannan ƙira. Daga menu na Ayyuka, zaɓi Na'urar Na'ura da Maɓallin Tsaron Zaɓuɓɓukan Pin File, sai a yi lilo zuwa sarkar sa hannu .qky file ka ƙirƙiri don sanya hannu kan wannan ƙirar.
Hoto 1. Kunna Saitin Bitstream Saitin Kanfigareshan

A madadin, zaku iya ƙara bayanin aiki mai zuwa zuwa Saitunan Firayim ɗin Intel Quartus ɗin ku file (.qsf):
saitin_aikin_duniya -suna QKY_FILE zane0_sign_chain.qky
Don samar da .sof file daga tsarin da aka haɗa a baya, wanda ya haɗa da wannan saitin, daga menu na sarrafawa, zaɓi Fara Fara Haɗa. Sabuwar fitarwa .sof file ya haɗa da ayyuka don ba da damar tantancewa tare da sarkar sa hannu da aka bayar.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 11

2. Tabbatarwa da izini 683823 | 2023.05.23
2.2.2. Haɗin gwiwar SDM Firmware
Kuna amfani da kayan aikin quartus_sign don cirewa, sa hannu, da shigar da .zip na SDM firmware mai dacewa file. Firmware da aka sanya hannu tare yana haɗa shi da shirye-shiryen file janareta kayan aiki lokacin da ka maida .sof file cikin tsarin tsarin bitstream .rbf file. Kuna amfani da waɗannan umarni masu zuwa don ƙirƙirar sabuwar sarkar sa hannu kuma sanya hannu kan firmware SDM.
1. Ƙirƙiri sabon sa hannu guda biyu.
a. Ƙirƙiri sabon sa hannu biyu na maɓallin sa hannu akan file tsarin:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 firmware1_private.pem
quartus_sign –family=agilex –operation=make_public_pem firmware1_private.pem firmware1_public.pem
b. Ƙirƙiri sabon maɓalli na sa hannu a cikin HSM:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen-mechanism ECDSA-KEY-PAIR-GEN –key-type EC : sec384r1 - alamar amfani - alamar firmware1 -id 1
2. Ƙirƙiri sabon sarkar sa hannu mai ɗauke da sabon maɓalli na jama'a:
quartus_sign –family=agilex –operation=append_key –previous_pem=tushen0_private.pem –previous_qky=tushen0.qky –izini=0x1 –cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family = agilex –operation = append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”-prename_key” tushen0 -previous_qky = tushen0.qky - izini = 1 -cancel = 1 -input_keyname = firmware1 firmware1_sign_chain.qky
3. Kwafi firmware .zip file daga tsarin shigar software na Intel Quartus Prime Pro Edition ( /na'urori/mai shirye-shirye/firmware/ agilex.zip) zuwa kundin aiki na yanzu.
quartus_sign –family=agilex –get_firmware=.
4. Shiga firmware .zip file. Kayan aiki yana buɗe .zip ta atomatik file kuma akayi alama duk firmware .cmf files, sannan ya sake gina .zip file don amfani da kayan aikin a cikin sassan masu zuwa:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip sign_agilex.zip
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib = /usr/local/lib/softhsm/libsofthsm2.so"

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 12

Aika da martani

2. Tabbatarwa da izini 683823 | 2023.05.23

-keyname=firmware1 –cancel=svnA:0 –qky=firmware1_sign_chain.qky agilex.zip sign_agilex.zip

2.2.3. Sa hannu kan Kanfigareshan Bitstream Ta amfani da umarnin quartus_sign
Don sanya hannu kan ƙa'idar daidaitawa ta amfani da umarnin quartus_sign, kun fara canza .sof file zuwa danyen binary mara sa hannu file (.rbf) tsari. Kuna iya ba da zaɓin saka firmware da aka sanya hannu ta amfani da zaɓin fw_source yayin matakin juyawa.
Kuna iya samar da raw bitstream mara sa hannu a cikin tsarin .rbf ta amfani da umarni mai zuwa:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
Gudun ɗaya daga cikin waɗannan umarni masu zuwa don sanya hannu kan bitstream ta amfani da kayan aikin quartus_sign dangane da wurin maɓallan ku:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf sign_bitstream.rbf
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib =/usr/local/lib/softhsm/libsofthsm2.so" -keyname = design0_sign –qky= design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf sign_bitstream.rbf
Kuna iya canza sa hannun .rbf files zuwa sauran sanyi bitstream file tsare-tsare.
Don misaliample, idan kana amfani da Jam* Standard Test and Programming Language (STAPL) Player don shirya bitstream akan JTAG, kuna amfani da umarni mai zuwa don canza .rbf file zuwa tsarin .jam wanda Jam STAPL Player ke buƙata:
quartus_pfg -c sign_bitstream.rbf sanya hannu_bitstream.jam

2.2.4. Taimako na Iko da yawa na Sake Tsara Sashe

Na'urorin Intel Agilex 7 suna goyan bayan ingantaccen ingantaccen izini da yawa, inda mai na'urar ke ƙirƙira da sanya alama a tsaye bitstream, kuma mai mallakar PR daban ya ƙirƙira da alamun PR persona bitstreams. Na'urorin Intel Agilex 7 suna aiwatar da goyon bayan izini da yawa ta hanyar sanya maɓalli na tushen tushen tabbaci na farko zuwa na'urar ko mai shi na bitstream da kuma sanya madaidaicin maɓallin maɓallin tabbatarwa na ƙarshe ga mai sake daidaitawa na ɗan adam bitstream.
Idan an kunna fasalin tantancewa, to dole ne a sanya hannu akan duk hotunan mutum na PR, gami da hotunan mutum na gida. Hotunan PR persona na iya sanya hannu ta ko dai mai na'urar ko ta mai PR; duk da haka, dole ne mai na'urar ya sanya hannu a kan magudanar ruwa a tsaye.

Lura:

Sake saita juzu'i mai ma'ana da ɓoyayyen ɓoyayyen ɗan adam lokacin da aka kunna goyan bayan izini da yawa ana tsara shi a cikin sakin gaba.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 13

2. Tabbatarwa da izini 683823 | 2023.05.23

Hoto na 2.

Aiwatar da goyan bayan izini da yawa na sake fasalin sashe yana buƙatar matakai da yawa:
1. Na'urar ko mai madaidaicin bitstream yana haifar da maɓallan tushe ɗaya ko fiye kamar yadda aka bayyana a Ƙirƙirar Maɓallin Maɓalli na Tabbatarwa a cikin SoftHSM a shafi na 8, inda zaɓin -key_type yana da mai ƙima.
2. Mai ikon sake daidaitawa na ɓangaren bitstream yana haifar da maɓallin tabbatarwa amma yana canza ƙimar zaɓin -key_type zuwa secondary_owner.
3. Dukansu a tsaye bitstream da masu ƙira na sake daidaitawa na ɓangare suna tabbatar da cewa an kunna Akwatin Tallafin Iko Mai yawa a cikin Na'urar Na'urar Ayyuka da Tsaron Zaɓuɓɓukan Pin.
Intel Quartus Prime Yana Haɓaka Saitunan Zaɓin Ikklisiya da yawa

4. Dukansu a tsaye bitstream da kuma masu ƙira na sake fasalin ɓangaren suna ƙirƙirar sarƙoƙi na sa hannu bisa tushen maɓallan su kamar yadda aka bayyana a Ƙirƙirar Sarkar Sa hannu a shafi na 6.
5. Dukansu a tsaye bitstream da masu ƙira na sake fasalin wani ɓangare suna canza ƙirarsu da aka haɗa zuwa tsarin .rbf files kuma sanya hannu kan .rbf files.
6. Na'urar ko mai shi a tsaye yana ƙirƙira da sanya hannu kan takardar shaidar izinin maɓalli na jama'a na PR.
quartus_pfg –ccert o ccert_type=PR_PUBKEY_PROG_AUTH ko mai_qky_file= "tushen0.qky; tushen1.qky" unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.cert sign_pr_pubkey_prog.ccert
quartus_sign –family = agilex –aiki = alamar –module = softHSM –module_args =”–token_label = s10-token –user_pin = s10-token-pin –hsm_lib =/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky= design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert sign_pr_pubkey_prog.ccert

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 14

Aika da martani

2. Tabbatarwa da izini 683823 | 2023.05.23

7. The na'urar ko a tsaye bitstream mai tanadi su Tantance kalmar sirri tushen hashes zuwa na'urar, sa'an nan shirye-shirye da PR jama'a key shirin izini m takardar shaidar, da kuma a karshe tanadi da m reconfiguration bitstream mai tushen key zuwa na'urar. Sashen Samar da Na'ura yana bayyana wannan tsarin samarwa.
8. An daidaita na'urar Intel Agilex 7 tare da yanki na tsaye .rbf file.
9. An sake saita na'urar Intel Agilex 7 tare da ƙirar mutum .rbf file.
Bayanai masu alaƙa
· Ƙirƙirar Sarkar Sa hannu a shafi na 6
· Ƙirƙirar Maɓallai Maɓallai na Tabbatarwa a cikin SoftHSM akan shafi na 8
· Samar da na'ura a shafi na 25

2.2.5. Tabbatar da Sarkar Sa hannu na Kanfigareshan Bitstream
Bayan kun ƙirƙiri sarƙoƙi na sa hannu da rattaba hannu kan raƙuman ruwa, za ku iya tabbatar da cewa bitstream da aka sa hannu yana daidaita na'urar da aka tsara tare da maɓallin tushen da aka bayar daidai. Kuna fara amfani da aikin fuse_info na umarnin quartus_sign don buga zanta na tushen maɓalli na jama'a zuwa rubutu file:
quartus_sign –family=agilex –operation=fuse_info tushen0.qky hash_fuse.txt

Sannan za ku yi amfani da zaɓin check_integrity na umarnin quartus_pfg don bincika sarkar sa hannu akan kowane sashe na rattaba hannu a cikin tsarin .rbf. Zaɓin check_integrity yana buga bayanai masu zuwa:
· Matsayin cikakken binciken amincin bitstream gabaɗaya
Abubuwan da ke cikin kowace shigarwa a cikin kowace sarkar sa hannu a haɗe zuwa kowane sashe a cikin bitstream .rbf file,
· Ƙimar fiusi da ake tsammani don hash na tushen maɓalli na jama'a na kowace sarkar sa hannu.
Ƙimar daga fitowar fuse_info yakamata ta dace da layin Fuse a cikin fitarwar check_integrity.
quartus_pfg -check_integrity sign_bitstream.rbf

Ga wani tsohonample na check_integrity umarni fitarwa:

Bayani: Umurni: quartus_pfg -check_integrity sign_bitstream.rbf Matsayin mutunci: Ok

Sashe

Saukewa: CMF

Bayanin Sa hannu…

Sarkar sa hannu #0 (shigarwa: -1, kashewa: 96)

Shiga #0

Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79

72978B22 0731B082 6F596899 40F32048 AD766A24

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 15

2. Tabbatarwa da izini 683823 | 2023.05.23

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Shiga #1

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B

C120C7E7A744C357346B424D52100A9

: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5

08A80F3FE7F156DEF0AE5FD95BDFE05

Shigar #2 Izinin Keychain: SIGN_CODE Keychain za a iya soke shi ta ID: 3 Sarkar sa hannu #1 (shigarori: -1, kashewa: 648)

Shiga #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Shiga #1

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D

74D982BC20A4772ABCD0A1848E9DC96

: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D

0DA7C6B53D83CF8A775A8340BD5A5DB

Shiga #2

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Shigar #3 Izinin maɓalli: SIGN_CODE Keychain za a iya soke ta ID: 15 Sarkar sa hannu #2 (shigar: -1, kashewa: 0) Sarkar sa hannu #3 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #4 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #5 (shigarori: -1, kashewa: 0) Sarkar sa hannu #6 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #7 (shiga: -1, kashewa: 0)

Nau'in Sashe: Mai siffanta Sa hannu na IO… Sarkar sa hannu #0 (shigarwa: -1, kashewa: 96)

Shiga #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 16

Aika da martani

2. Tabbatarwa da izini 683823 | 2023.05.23

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Shiga #1

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Shiga #2

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Shigar #3 Izinin maɓalli: SIGN_CORE Keychain za a iya soke ta ID: 15 Sarkar sa hannu #1 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #2 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #3 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #4 (shiga: -1, kashewa: 0) Sarkar sa hannu #5 (shigarwa: -1, kashewa: 0) Sa hannu #6 (shiga: -1, diyya: 0) Sa hannu sarkar #7 (shigarwa: -1, kashewa: 0)

Sashe

Saukewa: HPS

Bayanin Sa hannu…

Sarkar sa hannu #0 (shigarwa: -1, kashewa: 96)

Shiga #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Shiga #1

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30

09CE3F486200940E81D02E2F385D150

: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E

5AC33EE6D388B1A895AC07B86155E9D

Shiga #2

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 17

2. Tabbatarwa da izini 683823 | 2023.05.23

Shigar #3 Izinin maɓalli: SIGN_HPS Keychain za a iya soke shi ta ID: 15 Sarkar sa hannu #1 (shigar: -1, kashewa: 0) Sa hannu #2 (shigar: -1, kashewa: 0) Sarkar sa hannu #3 (shigarwa: -1, kashewa: 0) Sarkar sa hannu #4 (shiga: -1, kashewa: 0) Sarkar sa hannu #5 (shigarwa: -1, kashewa: 0) Sa hannu #6 (shiga: -1, diyya: 0) Sa hannu sarkar #7 (shigarwa: -1, kashewa: 0)

Nau'in Sashe: Bayanin Sa hannu na CORE… Sarkar sa hannu #0 (shigarwar: -1, kashewa: 96)

Shiga #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Shiga #1

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Shiga #2

Ƙirƙirar maɓalli…

Saukewa: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 18

Aika da martani

683823 | 2023.05.23 Aika Ra'ayoyin

AES Bitstream Encryption

Advanced Encryption Standard (AES) ɓoyayyen bitstream siffa ce da ke baiwa mai na'ura damar kare sirrin mallakar fasaha a cikin tsarin bitstream.
Don taimakawa kare sirrin maɓalli, saitin ɓoyayyen bitstream yana amfani da jerin maɓallan AES. Ana amfani da waɗannan maɓallan don rufaffen bayanan mai shi a cikin daidaitawar bitstream, inda aka rufaffen maɓalli na farko tare da maɓallin tushen AES.

3.1. Ƙirƙirar maɓallin AES Tushen

Kuna iya amfani da kayan aikin quartus_encrypt ko Stratix10_encrypt.py aiwatar da tunani don ƙirƙirar maɓallin tushen AES a cikin maballin ɓoyayyen software na Intel Quartus Prime (.qek) file.

Lura:

Stratix10_encrypt.py file Ana amfani dashi don Intel Stratix® 10, da na'urorin Intel Agilex 7.

Kuna iya zaɓin maɓallin tushe da aka yi amfani da shi don samo tushen tushen AES da maɓallin samo maɓalli, ƙimar tushen maɓallin AES kai tsaye, adadin maɓallan tsakiya, da matsakaicin amfani da kowane maɓallin tsaka-tsaki.

Dole ne ku saka dangin na'urar, fitarwa .qek file wuri, da kalmar wucewa lokacin da aka sa.
Gudun umarni mai zuwa don samar da maɓallin tushen AES ta amfani da bayanan bazuwar don maɓallin tushe da ƙididdiga masu mahimmanci don adadin maɓallan tsaka-tsaki da iyakar amfani da maɓalli.
Don amfani da aiwatar da tunani, kun maye gurbin kira zuwa mai fassarar Python wanda aka haɗa tare da Intel Quartus Prime software kuma ku bar zaɓin –family=agilex; duk sauran zaɓuɓɓuka daidai suke. Don misaliample, umarnin quartus_encrypt da aka samo daga baya a cikin sashin

quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek

za a iya jujjuya zuwa daidai kira zuwa aiwatar da tunani kamar haka pgm_py stratix10_encrypt.py –operation=MAKE_AES_KEY aes_root.qek

3.2. Saitunan boye-boye na Quartus
Don ba da damar boye-boye na bitstream don ƙira, dole ne ku ƙididdige zaɓuɓɓukan da suka dace ta amfani da Na'urar Na'urar Ayyuka da Kwamitin Tsaro na Zaɓuɓɓukan Pin. Za ka zaɓi Akwatin rajistan ɓoyayyen ɓoyayyiyar daidaitawa, da wurin ma'ajiyar maɓallin ɓoyewa da ake so daga menu na zaɓuka.

ISO 9001: 2015 Rajista

Hoto 3. Intel Quartus Prime Encryption Settings

3. AES Bitstream Rufewa 683823 | 2023.05.23

A madadin, zaku iya ƙara bayanin aiki mai zuwa zuwa saitunan Intel Quartus Prime na ku file .qsf:
saitin_global_assignment -suna ENCRYPT_PROGRAMMING_BITSTREAM akan saitin_global_assignment -suna PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
Idan kuna son ba da damar ƙarin ragi a kan ɓangarorin harin tashoshi na gefe, kuna iya kunna zazzagewar ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen da Kunna akwatin rajistan shiga.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 20

Aika da martani

3. AES Bitstream Rufewa 683823 | 2023.05.23

Canje-canje masu dacewa a cikin .qsf sune:
saitin_assignment_global_suna PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING akan saita_assignment_global_suna PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31

3.3. Rufewa Bitstream Kanfigareshan
Kuna rufaffen tsarin bitstream kafin sanya hannu akan bitstream. Intel Quartus Prime Programming File Kayan aikin janareta na iya rufawa ta atomatik kuma sanya hannu kan ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai ta amfani da ƙirar mai amfani da hoto ko layin umarni.
Kuna iya ƙirƙiri wani ɓangaren ɓoyayyen bitstream don amfani tare da kayan aikin quartus_encrypt da quartus_sign ko makamancin aiwatarwa.

3.3.1. Haɓaka Sirri na Bitstream Ta Amfani da Shirye-shiryen File Interface Mai Zane Mai Haɓakawa
Kuna iya amfani da Programming File Generator don ɓoyewa da sanya hannu kan hoton mai shi.

Hoto na 4.

1. A kan Intel Quartus Prime File menu zaɓi Programming File Generator. 2. Akan Fitowa Files tab, saka fitarwa file rubuta don daidaitawar ku
makirci.
Fitowa File Ƙayyadaddun bayanai

Fitar da tsarin saiti file tab
Fitowa file nau'in

3. Akan Shigarwa Files shafin, danna Ƙara Bitstream kuma bincika zuwa .sof ɗin ku. 4. Don saka boye-boye da zaɓuɓɓukan tantancewa zaɓi .sof kuma danna
Kayayyaki. a. Kunna Kunna kayan aikin sa hannu. b. Don Keɓaɓɓen maɓalli file zaɓi maɓallin sa hannu na sirri .pem file. c. Kunna Ƙarshen ɓoyewa.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 21

3. AES Bitstream Rufewa 683823 | 2023.05.23

Hoto na 5.

d. Don maɓallin ɓoyewa file, zaɓi AES .qek file. Shigar (.sof) File Properties don Tantancewa da boye-boye

Kunna tantancewa Ƙayyade tushen sirri .pem
Kunna boye-boye Ƙayyade maɓallin ɓoyewa
5. Don samar da sa hannu da rufaffen bitstream, akan Input Files shafin, danna Generate. Akwatunan maganganu na kalmar sirri sun bayyana don shigar da kalmar wucewar ku don maɓallin AES ɗin ku .qek file da sanya hannu na keɓaɓɓen maɓalli .pem file. Shirye-shiryen file janareta ya ƙirƙiri ɓoyayyiyar fitarwa da sa hannu_filerbf ku.
3.3.2. Haɓaka Sirri na Bitstream Ta Amfani da Shirye-shiryen File Interface Interface Command Generator
Ƙirƙirar ɓoyayyiyar ɓoyayyiyar tsari da sanya hannu a cikin tsarin .rbf tare da ƙirar layin umarni quartus_pfg:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o signing=ON -o pem_file= design0_sign_private.pem
Kuna iya canza ɓoyayyiyar ɓoyayyiyar tsari da sanya hannu a cikin tsarin .rbf zuwa wani tsarin bitstream file tsare-tsare.
3.3.3. Rufaffen Fayil ɗin Kanfigareshan Bitstream Generation Amfani da Mu'amalar Layin Umurni
Kuna iya ƙirƙirar ɓoyayyen ɓoyayyen shirye-shirye file don kammala ɓoyewa kuma sanya hannu kan hoton daga baya. Ƙirƙirar ɓoyayyen ɓoyayyen shirye-shirye file a cikin tsarin .rbf tare da dubawar layin thequartus_pfgcommand: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 22

Aika da martani

3. AES Bitstream Rufewa 683823 | 2023.05.23
Kuna amfani da kayan aikin layin umarni na quartus_encrypt don kammala ɓoye ɓoyayyen bitstream:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
Kuna amfani da kayan aikin layin umarni na quartus_sign don sanya hannu kan ɓoyayyen tsarin bitstream:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf sign_encrypted_top.rbf
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib =/usr/local/lib/softhsm/libsofthsm2.so" -keyname = design0_sign –qky= design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf sign_encrypted_top.rbf
3.3.4. Sake saita ɓoyayyen ɓoyayyen ɓoyayyen Bitstream
Kuna iya kunna ɓoyayyen bitstream akan wasu ƙirar Intel Agilex 7 FPGA waɗanda ke amfani da sake fasalin ɓangarori.
Ƙirar sake fasalin ɓangarori ta amfani da Tsarin Sake Tsare-tsaren Sake Tsara (HPR), ko Tsayayyen Sake Tsare-tsaren Sake Canji (SUPR) ba sa goyan bayan ɓoyayyen bitstream. Idan ƙirar ku ta ƙunshi yankuna PR da yawa, dole ne ku ɓoye duk mutane.
Don ba da damar ɓoye ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen bitibi, bi hanya iri ɗaya a duk sake fasalin ƙira. 1. A kan Intel Quartus Prime File menu, zaɓi Ayyukan Na'urar Na'urar
da Tsaro Zaɓuɓɓukan Pin. 2. Zaɓi wurin ma'ajiyar maɓalli da ake so.
Hoto 6. Sake saita ɓoyayyen ɓoyayyen ɓoyayyiyar Bitstream Saitin

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 23

3. AES Bitstream Rufewa 683823 | 2023.05.23
A madadin, zaku iya ƙara bayanin aiki mai zuwa a cikin saitunan Quartus Prime file .qsf:
saita_assignment_global_name -ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION on
Bayan kun haɗa ƙirar tushe da bita, software ɗin tana haifar da a.soffile kuma daya ko fiye.pmsffiles, wakiltar mutane. 3. Ƙirƙiri rufaffiyar shirye-shirye da sanya hannu files daga.sof da.pmsf files a cikin irin wannan salon zuwa ƙira ba tare da kunna sake fasalin wani yanki ba. 4. Maida wanda aka harhada.pmsf file zuwa wani bangare rufaffen.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. Ƙarshe ɓoye ɓoyayyiyar bitstream ta amfani da kayan aikin layin umarni na quartus_encrypt:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. Shiga rufaffen tsari bitstream ta amfani da kayan aikin layin umarni na quartus_sign:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbf sign_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –qky design0_sign_chain.qky –cancel=svnA:0 –keyname= design0_sign encrypted_persona1.rbf sign_encrypted_persona1.rbf

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 24

Aika da martani

683823 | 2023.05.23 Aika Ra'ayoyin

Samar da Na'ura

Ana tallafawa samar da fasalin tsaro na farko a cikin firmware na samar da SDM. Yi amfani da Intel Quartus Prime Programmer don loda firmware na samar da SDM da aiwatar da ayyukan samarwa.
Kuna iya amfani da kowane nau'in JTAG zazzage kebul don haɗa Mai shirye-shiryen Quartus zuwa na'urar Intel Agilex 7 don aiwatar da ayyukan samarwa.
4.1. Amfani da SDM Provision Firmware
Intel Quartus Prime Programmer yana ƙirƙira ta atomatik kuma yana loda hoton mataimaka na asali lokacin da kuka zaɓi aikin farawa da umarni don tsara wani abu banda tsarin bitstream.
Dangane da umarnin shirye-shirye da aka kayyade, hoton ma'aikaci na tsohowar masana'anta yana ɗaya daga cikin nau'ikan biyu:
Samar da hoton mai taimako–ya ƙunshi sashe ɗaya na bitstream mai ɗauke da firmware na samarwa SDM.
Hoton mai taimakawa QSPI – ya ƙunshi sassa biyu na bitstream, ɗaya yana ɗauke da babban firmware na SDM da ɓangaren I/O ɗaya.
Kuna iya ƙirƙirar hoton mataimaka na asali file don loda cikin na'urarka kafin yin kowane umarni na shirye-shirye. Bayan shirya zantan maɓallin tushen tantancewa, dole ne ka ƙirƙira kuma ka sanya hannu kan tsohon ma'aikacin ma'aikata na QSPI saboda ɓangaren I/O da aka haɗa. Idan kuma kun tsara tsarin tsaro na firmware mai haɗin gwiwa eFuse, dole ne ku ƙirƙiri samarwa da tsoffin hotuna na masana'anta na QSPI tare da haɗin gwiwar firmware. Kuna iya amfani da hoton ma'aikata da aka sanya hannu tare da tsoho mai taimako akan na'urar da ba a samar da ita kamar yadda na'urar da ba a samar da ita ta yi watsi da sarƙoƙin sa hannun sa hannun Intel ba akan firmware SDM. Koma zuwa Amfani da Tsohuwar Hoton Taimako na Masana'antar QSPI akan Na'urori Masu Mallaka a shafi na 26 don ƙarin cikakkun bayanai game da ƙirƙira, sa hannu, da amfani da tsohowar ma'aikata ta QSPI hoton mataimaka.
Hoton mataimaka na asali na samarwa yana aiwatar da aikin samarwa, kamar tsara zantan tushen maɓalli, fis ɗin saitin tsaro, rajistar PUF, ko samar da maɓallin maɓalli. Kuna amfani da Intel Quartus Prime Programming File Kayan aikin layin umarni na janareta don ƙirƙirar hoton taimako na samarwa, ƙayyadaddun zaɓin helper_image, sunan helper_na'urar ku, subtype ɗin mai taimako, da zaɓin .zip firmware mai haɗin gwiwa. file:
quartus_pfg -helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o fw_source=signed_agilex.zip sign_provision_helper_image.rbf
Shirya hoton mataimaki ta amfani da kayan aikin Intel Quartus Prime Programmer:
kwartus_pgm -c 1 -mjtag -o "p; sanya hannu_provision_helper_image.rbf" -force

ISO 9001: 2015 Rajista

4. Samar da Na'urar 683823 | 2023.05.23

Lura:

Kuna iya barin aikin farawa daga umarni, gami da exampa cikin wannan babin, bayan ko dai shirya hoton mataimaki na tanadi ko yin amfani da umarnin da ya ƙunshi aikin farawa.

4.2. Amfani da Tsohuwar Hoton Mataimakin Ma'aikata na QSPI akan Na'urorin Mallaka
Intel Quartus Prime Programmer yana ƙirƙira ta atomatik kuma yana loda hoton mataimaka na asali na QSPI lokacin da kuka zaɓi aikin farawa don shirye-shiryen filasha QSPI. file. Bayan tsara zantan maɓallin tushen tabbaci, dole ne ka ƙirƙira da sa hannu kan hoton mataimakan tsoho na masana'antar QSPI, sannan ka tsara hoton ma'aikacin QSPI da aka sanya hannu daban kafin shirya filasha QSPI. 1. Kuna amfani da Intel Quartus Prime Programming File Kayan aikin layin umarni na Generator zuwa
ƙirƙiri hoton mataimaki na QSPI, ƙididdige zaɓin helper_image, nau'in helper_na'urar ku, ƙaramin nau'in hoton mai taimako QSPI, da zaɓin .zip firmware da aka haɗa. file:
quartus_pfg -helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. Kuna sanya hannu kan hoton ma'aikata na QSPI:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf sign_qspi_helper_image.rbf
3. Kuna iya amfani da kowace QSPI flash programming file tsari. Mai zuwa exampKada a yi amfani da tsarin bitstream wanda aka canza zuwa .jic file tsari:
quartus_pfg -c Sign_bitstream.rbf Sign_flash.jic -o device=MT25QU128 -o flash_loader=AGFB014R24A -o yanayin=ASX4
4. Kuna tsara hoton mataimaki da aka sanya hannu ta amfani da kayan aikin Intel Quartus Prime Programmer:
kwartus_pgm -c 1 -mjtag -o "p; sanya hannu_qspi_helper_image.rbf" -force
5. Kuna tsara hoton .jic don yin walƙiya ta amfani da kayan aikin Intel Quartus Prime Programmer:
kwartus_pgm -c 1 -mjtag -o "p; sanya hannu_flash.jic"

4.3. Tabbatarwa Tushen Samar da Maɓalli
Don tsara tushen hashes na mai shi zuwa fis na zahiri, da farko dole ne ka loda firmware na tanadi, na gaba shirin mai tushen hashes, sannan nan da nan yi sake saitin wutar lantarki. Ba a buƙatar sake saitin wutar lantarki idan shirye-shiryen tushen maɓalli ya hashes zuwa fis ɗin kama-da-wane.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 26

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23
Don tsara tushen hashes na tushen tabbatarwa, kuna tsara hoton mataimaka na tanadin firmware kuma ku gudanar da ɗayan umarni masu zuwa don tsara tushen maɓallin .qky. files.
// Don na zahiri (marasa canzawa) eFuses quartus_pgm -c 1 -mjtag -o "p; tushen0.qky; tushen1.qky; tushen2.qky" -non_volatile_key
// Don kama-da-wane (mai canzawa) eFuses quartus_pgm -c 1 -mjtag -o "p; tushen0.qky; tushen1.qky; tushen2.qky"
4.3.1. Sake Tsara Jumla Tsakanin Maɓallin Maɓalli da yawa
Bayan samar da na'urar ko a tsaye yankin bitstream tushen keys, ka sake load da na'urar samar da mataimaki image, shirin da sanya hannu PR jama'a key shirin izni m takardar shaidar, sa'an nan samar da PR persona bitstream mai tushen key.
// Don na zahiri (marasa canzawa) eFuses quartus_pgm -c 1 -mjtag -o "p; tushen_pr.qky" -pr_pubkey -non_volatile_key
// Don kama-da-wane (mai canzawa) eFuses quartus_pgm -c 1 -mjtag -o "p;p; tushen_pr.qky" -pr_pubkey
4.4. Shirye-shiryen Maɓallin Sokewar ID Fuses
Farawa da sigar software ta Intel Quartus Prime Pro Edition 21.1, shirye-shiryen Intel da fis ɗin sokewar maɓalli na mai mallakar yana buƙatar amfani da ƙaramin takardar shedar sa hannu. Kuna iya sanya hannu kan ƙaƙƙarfan takaddar ID na soke maɓalli tare da sarkar sa hannu wacce ke da izinin sa hannun sashin FPGA. Ka ƙirƙiri ƙaramin takaddun shaida tare da shirye-shirye file janareta umurnin line kayan aiki. Kuna sanya hannu kan takardar shaidar da ba a sanya hannu ba ta amfani da kayan aikin quartus_sign ko aiwatar da tunani.
Na'urorin Intel Agilex 7 suna goyan bayan bankuna daban-daban na ID na sokewar maɓalli na kowane maɓallin tushen. Lokacin da aka tsara takaddun takaddun ID na maɓalli na sokewa a cikin Intel Agilex 7 FPGA, SDM yana ƙayyade wane tushen maɓalli ya sanya hannu kan takaddun takaddun kuma yana busa fuse ID na maɓallin sokewa wanda yayi daidai da maɓallin tushen.
Mai zuwa exampƘirƙirar takardar shedar soke maɓalli na Intel don ID maɓalli na Intel 7. Kuna iya maye gurbin 7 tare da ID na soke maɓalli na Intel daga 0-31.
Gudun umarni mai zuwa don ƙirƙirar ƙaramin takardar shaidar sokewar maɓalli na Intel mara sa hannu:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 unsigned_cancel_intel7.ccert
Gudun ɗaya daga cikin waɗannan umarni don sanya hannu kan ƙaƙƙarfan takardar shedar sokewar maɓalli na Intel mara sa hannu:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.cert sign_cancel_intel7.ccert
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib = /usr/local/lib/softhsm/libsofthsm2.so"

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 27

4. Samar da Na'urar 683823 | 2023.05.23
–keyname= design0_sign –qky= design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.cert sign_cancel_intel7.ccert
Gudanar da umarni mai zuwa don ƙirƙirar ƙaƙƙarfan takardar shedar sokewar maɓalli mara sa hannu:
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 unsigned_cancel_owner2.ccert
Gudun ɗaya daga cikin waɗannan umarni don sanya hannu kan ƙaƙƙarfan takaddar ID na soke maɓalli mara sa hannu:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.cert sign_cancel_owner2.cert
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib =/usr/local/lib/softhsm/libsofthsm2.so" -keyname = design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.cert sanya hannu_cancel_owner2.ccert
Bayan kun ƙirƙiri ƙaramin takardar shaidar sokewar maɓalli da aka sanya hannu, kuna amfani da Intel Quartus Prime Programmer don tsara ƙaramin takardar shaidar zuwa na'urar ta hanyar J.TAG.
// Don na zahiri (marasa canzawa) eFuses quartus_pgm -c 1 -mjtag -o "pi; signed_cancel_intel7.ccert" -non_volatile_key quartus_pgm -c 1 -mjtag -o "pi; sa hannu_cancel_owner2.ccert" -non_volatile_key
//Don kama-da-wane (mai canzawa) eFuses quartus_pgm -c 1 -mjtag -o "pi; signed_cancel_intel7.ccert" quartus_pgm -c 1 -mjtag -o "pi; sa hannu_cancel_owner2.ccert"
Hakanan kuna iya aika ƙaramar takardar shedar zuwa SDM ta amfani da FPGA ko akwatin saƙo na HPS.
4.5. Soke Tushen Maɓallai
Na'urorin Intel Agilex 7 suna ba ku damar soke tushen hashes lokacin da wani maɓallin maɓallin tushen da ba a soke ya kasance ba. Kuna soke tushen hash ta hanyar fara daidaita na'urar tare da ƙira wanda sarkar sa hannun sa ke da tushe a cikin wata maɓalli na maɓalli na daban, sannan ku tsara takardar shedar ƙaramar sokewar maɓalli ta sa hannu. Dole ne ku sanya hannu kan takardar shaidar sokewar maɓalli na zanta tare da sarkar sa hannu mai tushe a cikin maɓallin tushen da za a soke.
Gudun umarni mai zuwa don samar da ƙaramin takardar shedar sokewar maɓalli mara sa hannu:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 28

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23

Gudun ɗaya daga cikin waɗannan umarni don sanya hannu kan takardar shedar sokewar maɓalli mara sa hannu ba tare da sanya hannu ba:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert sign_root_cancel.ccert
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib =/usr/local/lib/softhsm/libsofthsm2.so" -keyname = design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert sanya hannu_root_cancel.ccert
Kuna iya tsara ƙaƙƙarfan takardar shedar sokewar tushen maɓalli ta hanyar JTAG, FPGA, ko akwatunan saƙo na HPS.

4.6. Shirye-shiryen Counter Fuses
Kuna sabunta Lambar Sigar Tsaro (SVN) da Pseudo Time Stamp (PTS) fuses ta amfani da ƙananan takaddun shaida.

Lura:

SDM tana kiyaye mafi ƙarancin ƙimar ƙima da aka gani yayin daidaitawar da aka ba da ita kuma baya karɓar takaddun ƙima lokacin da ƙimar ƙima ta yi ƙasa da mafi ƙarancin ƙima. Dole ne ku sabunta duk abubuwan da aka sanya wa ma'auni kuma ku sake saita na'urar kafin shirya takardar shedar ƙaramar ƙima.

Guda ɗaya daga cikin waɗannan umarni masu zuwa waɗanda suka dace da takardar shaidar ƙara ƙima da kuke son samarwa.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63>unsigned_svnA.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63>unsigned_svnB.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63>unsigned_svnC.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63>unsigned_svnD.ccert

Ƙimar ƙima ta 1 tana ƙirƙira takardar shaidar haɓaka ƙimar ƙima. Shirye-shiryen takardar shedar ƙaramar ƙarin izini tana ba ku damar tsara ƙarin takaddun shaida na ƙara ƙima don sabunta ma'aunin ƙididdiga. Kuna amfani da kayan aikin quartus_sign don sanya hannu kan takaddun takaddun takaddun daidai gwargwado zuwa maɓalli na soke takaddun takaddun ID.
Kuna iya tsara ƙaƙƙarfan takardar shedar sokewar tushen maɓalli ta hanyar JTAG, FPGA, ko akwatunan saƙo na HPS.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 29

4. Samar da Na'urar 683823 | 2023.05.23

4.7. Tabbataccen Maɓalli na Sabis na Abubuwan Abubuwan Bayanai
Kuna amfani da Intel Quartus Prime Programmer don samar da Maɓallin Tushen Sabis na Abubuwan Tsaro (SDOS). Mai shirye-shirye ta atomatik yana loda hoton taimakon firmware na tanadi don samar da maɓallin tushen SDOS.
quartus_pgm c 1 mjtag -makullin_tushen_service -maɓallin_mara_mai canzawa

4.8. Samar da Fuse Saitin Tsaro
Yi amfani da Intel Quartus Prime Programmer don bincika fis ɗin saitin tsaro na na'ura kuma rubuta su zuwa .fuse na tushen rubutu. file mai bi:
kwartus_pgm -c 1 -mjtag -o “ei;programming_file.fuse; AGFB014R24B”

Zaɓuɓɓuka · i: Mai shirye-shirye yana loda hoton mataimakan na'urar zuwa na'urar. e: Mai shirye-shirye yana karanta fuse daga na'urar kuma ya adana shi a cikin .fuse file.

The .fus file ya ƙunshi jerin nau'i-nau'i-darajar suna-ƙimar fiusi. Ƙimar ta ƙididdige ko an busa fis ko abin da ke cikin filin fuse.

Mai zuwa example yana nuna tsarin .fuse file:

# Firmware mai haɗin gwiwa

= "Ba a busa"

# Kashe Izinin Na'ura

= "Ba a busa"

# Na'urar ba ta da tsaro

= "Ba a busa"

# Kashe kuskuren HPS

= "Ba a busa"

# Kashe rajistar ID na ciki na PUF

= "Ba a busa"

# A kashe JTAG

= "Ba a busa"

# Kashe maɓallin ɓoye-ɓoye na PUF

= "Ba a busa"

# Kashe maɓallin ɓoyewar mai shi a cikin BBRAM = "Ba a busa ba"

# Kashe maɓallin ɓoyewar mai shi a cikin eFuses = "Ba a busa ba"

# Kashe tushen tushen maɓalli na jama'a 0

= "Ba a busa"

# Kashe tushen tushen maɓalli na jama'a 1

= "Ba a busa"

# Kashe tushen tushen maɓalli na jama'a 2

= "Ba a busa"

# Kashe eFuses na zahiri

= "Ba a busa"

# Tilasta agogon SDM zuwa oscillator na ciki = "Ba a busa ba"

# Ƙaddamar sabunta maɓallin ɓoyewa

= "Ba a busa"

# sokewar maɓalli bayyananne na Intel

= "0"

# Kulle eFuses tsaro

= "Ba a busa"

# Shirin maɓallin ɓoyayyen mai shi yayi

= "Ba a busa"

# Shirin maɓallin ɓoyayyen mai shi ya fara

= "Ba a busa"

# sokewar maɓalli bayyananne 0

= ""

# sokewar maɓalli bayyananne 1

= ""

# sokewar maɓalli bayyananne 2

= ""

# Mai shi ya yi fus

0x00000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000

0000000000000000000000”

# Mai tushen tushen jama'a hash 0

0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Mai tushen tushen jama'a hash 1

0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Mai tushen tushen jama'a hash 2

0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Girman maɓalli na tushen jama'a

= "Babu"

# PTS counter

= "0"

# PTS counter base

= "0"

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 30

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23

# QSPI fara jinkiri # RMA Counter # SDMIO0 shine I2C # SVN counter A # SVN counter B # SVN counter C # SVN counter D

= "10ms" = "0" = "Ba a busa" = "0" = "0" = "0" = "0"

Gyara .fus file don saita saitin tsaro da kuke so. Layin da ya fara da # ana ɗaukarsa azaman layin sharhi. Don tsara fuse saitin tsaro, cire jagorar # kuma saita ƙimar zuwa Blown. Don misaliample, don ba da damar haɗin haɗin haɗin gwiwar Firmware tsaro fuse, gyara layin farko na fuse file zuwa mai zuwa:
Firmware mai haɗin gwiwa = "Blown"

Hakanan kuna iya keɓancewa da tsara Fuses ɗin Mai shi dangane da buƙatunku.
Kuna iya amfani da umarni mai zuwa don yin rajistan shiga, shirin, da kuma tabbatar da tushen maɓallin jama'a mai shi:
kwartus_pgm -c 1 -mjtag -o "ibpv; tushen0.qky"

Zaɓuɓɓuka · i: Yana ɗora hoton taimakon firmware na samarwa zuwa na'urar. b: Yana yin cak na sarari don tabbatar da fis ɗin saitin tsaro da ake so ba
riga an busa. p: Shirya fuse. v: Yana tabbatar da maɓallin da aka tsara akan na'urar.
Bayan yayi programming da .qky file, za ku iya bincika bayanan fiusi ta hanyar sake duba bayanan fius don tabbatar da hash ɗin maɓalli na jama'a da mai girman maɓalli na jama'a suna da ƙima marasa sifili.
Yayin da ba za a iya rubuta waɗannan filayen ta hanyar .fuse file Hanyar, ana haɗa su yayin aikin binciken aikin tantancewa don tabbatarwa: · Na'urar da ba ta da tsaro · Izinin na'urar kashewa · Kashe tushen hash maɓalli na jama'a 0 · Kashe tushen hash ɗin maɓalli na mai shi An fara shirin ɓoye sirrin maɓalli · Maɓallin ɓoyayyen mai shi ya yi · Soke maɓalli · Maɓallin maɓalli na jama'a · Girman maɓalli na jama'a · Maɓallin maɓalli na jama'a hash 1 · Tushen maɓalli na jama'a hash

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 31

4. Samar da Na'urar 683823 | 2023.05.23
PTS counter · PTS counter base · QSPI fara tashi jinkiri · RMA counter · SDMIO0 is I2C · SVN counter A · SVN counter B · SVN counter C · SVN counter D
Yi amfani da Intel Quartus Prime Programmer don tsara .fuse file koma na'urar. Idan ka ƙara zaɓin i, Programmer ɗin yana loda firmware ta atomatik don tsara tsarin saitin tsaro.
// Don na zahiri (marasa canzawa) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fus" -maɓallin_mai canzawa
//Don kama-da-wane (mai canzawa) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fus"
Kuna iya amfani da umarni mai zuwa don tabbatar da hash ɗin tushen maɓallin na'urar daidai yake da .qky da aka bayar a cikin umarnin:
kwartus_pgm -c 1 -mjtag -o "v; tushen0_another.qky"
Idan maɓallan ba su yi daidai ba, Programmer ya gaza tare da saƙon kuskuren da ya gaza aiki.
4.9. AES Tushen Samar da Maɓalli
Dole ne ku yi amfani da takardar shedar ƙaramar maɓalli na tushen AES don tsara maɓallin tushen AES zuwa na'urar Intel Agilex 7.
4.9.1. AES Tushen Ƙarfafa Takaddun Shaida
Kuna amfani da kayan aikin layin umarni na quartus_pfg don canza maɓallin tushen AES .qek file cikin ƙaramin takardar shedar .cert. Kuna ƙididdige wurin ajiyar maɓalli yayin ƙirƙirar ƙaƙƙarfan takardar shedar. Kuna iya amfani da kayan aikin quartus_pfg don ƙirƙirar takardar shaidar da ba a sanya hannu ba don sa hannu a gaba. Dole ne ka yi amfani da sa hannu sarkar tare da AES tushen key takardar shaidar sa hannu izni, izini bit 6, kunna domin samun nasarar shiga AES tushen m takardar shaidar.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 32

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23
1. Ƙirƙiri ƙarin maɓalli biyu da aka yi amfani da su don sanya hannu kan takaddun takaddun maɓalli na AES ta amfani da ɗayan umarni mai zuwa exampda:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 aesccert1_private.pem
quartus_sign –family=agilex –operation=make_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-kayan aiki –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen inji ECDSA-KEY-PAIR-GEN –key-type EC: secp384r1 - alamar amfani -lakabin aesccert1 -id 2
2. Ƙirƙirar sarkar sa hannu tare da saitin izini daidai ta amfani da ɗaya daga cikin umarni masu zuwa:
quartus_sign –family=agilex –operation=append_key –previous_pem=tushen0_private.pem –previous_qky=tushen0.qky –izini=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccert1_sign_chain.
quartus_sign –family = agilex –operation = append_key –module = softHSM -module_args =”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -prename_key” tushen0 -previous_qky = tushen0.qky - izini = 0x40 -cancel = 1 -input_keyname = aesccert1 aesccert1_sign_chain.qky
3. Ƙirƙirar takardar shedar ƙarancin AES mara izini don wurin ajiyar maɓalli na tushen AES da ake so. Akwai zaɓuɓɓukan ma'auni na tushen AES masu zuwa:
EFUSE_WRAPPED_AES_KEY
IID_PUF_WRAPPED_AES_KEY
UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
BBRAM_IID_PUF_WRAPPED_AES_KEY
BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
// Ƙirƙiri maɓallin tushen eFuse AES wanda ba a sanya hannu ba kwartus_pfg –ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.ccert
4. Sa hannu kan ƙaƙƙarfan takaddun shaida tare da umarnin quartus_sign ko aiwatar da tunani.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_sign_chain.qky unsigned_ 1. an sanya hannu 1.karfi
quartus_sign -family = agilex -operation = alamar -module = softHSM -module_args ="-token_label = agilex-token -user_pin = agilex-token-pin -hsm_lib = /usr/local/lib/softhsm/libsofthsm2.so"

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 33

4. Samar da Na'urar 683823 | 2023.05.23

-keyname=aesccert1 –qky=aesccert1_sign_chain.qky unsigned_ 1. an sanya hannu 1.karfi
5. Yi amfani da Intel Quartus Prime Programmer don tsara takaddun takaddun tushe na AES zuwa na'urar Intel Agilex 7 ta hanyar J.TAG. Intel Quartus Prime Programmer ya sabawa shirye-shiryen eFuses na kama-da-wane lokacin amfani da ƙaramin takardar shedar EFUSE_WRAPPED_AES_KEY.
Kuna ƙara zaɓin -non_volatile_key don ƙayyadaddun fis na zahiri.
// Don na zahiri (ba maras canzawa) eFuse AES tushen maɓallin quartus_pgm -c 1 -mjtag -o "pi; sanya hannu_efuse1.ccert" -maɓallin_non_volatile

// Don kama-da-wane (mai canzawa) eFuse AES tushen maɓallin quartus_pgm -c 1 -mjtag -o "pi; sanya hannu_efuse1.ccert"

//Don BBRAM AES tushen maɓallin quartus_pgm -c 1 -mjtag -o "pi; sanya hannu_bbram1.ccert"

SDM samar da firmware da babban firmware suna goyan bayan shirye-shiryen tushen takardar shaidar AES. Hakanan kuna iya amfani da mu'amalar akwatin saƙo na SDM daga masana'anta na FPGA ko HPS don tsara takaddun maɓalli na AES.

Lura:

Umurnin quartus_pgm baya goyan bayan zaɓuɓɓuka b da v don ƙananan takaddun shaida(.ccert).

4.9.2. ID® PUF AES Tushen Samar da Maɓalli
Aiwatar da Intrinsic* ID PUF nannade AES Key ya haɗa da matakai masu zuwa: 1. Rijista ID na ciki PUF ta hanyar JTAG. 2. Kunna maɓallin tushen AES. 3. Shirya bayanan mataimaka da nannade maɓalli cikin ƙwaƙwalwar filasha quad SPI. 4. Neman Matsayin kunnawa ID na ciki PUF.
Amfani da fasaha na ID na ciki yana buƙatar keɓan yarjejeniyar lasisi tare da ID na ciki. Software na Intel Quartus Prime Pro Edition yana ƙuntata ayyukan PUF ba tare da lasisin da ya dace ba, kamar yin rajista, naɗa maɓalli, da shirye-shiryen bayanan PUN zuwa filasha QSPI.

4.9.2.1. Shigar da ID na ciki na PUF
Don yin rajistar PUF, dole ne ku yi amfani da firmware na tanadin SDM. Firmware na tanadi dole ne ya zama farkon firmware da aka ɗora bayan sake zagayowar wutar lantarki, kuma dole ne ku ba da umarnin rajistar PUF kafin kowane umarni. Firmware na samarwa yana goyan bayan wasu umarni bayan yin rajistar PUF, gami da nannade tushen tushen AES da shirye-shiryen quad SPI, duk da haka, dole ne ku sake zagayowar na'urar don loda tsarin bitstream.
Kuna amfani da Intel Quartus Prime Programmer don jawo rajistar PUF da samar da bayanan taimakon PUF .puf file.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 34

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23

Hoto na 7.

Shigar da ID na ciki na PUF
Quartus_pgm PUF Rijistar

Shiga bayanan mataimakan PUF

Amintaccen Manajan Na'ura (SDM)

wrapper.puf Bayanan Taimako
Mai shirye-shirye ta atomatik yana loda hoton mataimaki na firmware lokacin da ka ƙayyade duka aikin i da hujjar .puf.
kwartus_pgm -c 1 -mjtag -o "ei;help_data.puf; AGFB014R24A"
Idan kuna amfani da firmware mai haɗin gwiwa, kuna tsara hoton mataimaki na firmware mai haɗin gwiwa kafin amfani da umarnin yin rajista na PUF.
kwartus_pgm -c 1 -mjtag -o "p; sanya hannu_provision_helper_image.rbf" -force quartus_pgm -c 1 -mjtag -o "e;help_data.puf; AGFB014R24A"
An yi rajistar UDS IID PUF yayin kera na'ura, kuma babu don sake yin rajista. Madadin haka, kuna amfani da Programmer don tantance wurin bayanan mataimakan UDS PUF akan IPCS, zazzage .puf file kai tsaye, sannan amfani da UDS .puf file kamar yadda .puf file An cire shi daga na'urar Intel Agilex 7.
Yi amfani da umarni na Programmer mai zuwa don samar da rubutu file dauke da jerin sunayen URLs yana nuna takamaiman na'urar filena IPCS:
kwartus_pgm -c 1 -mjtag -o “e;ipcs_urls.txt; AGFB014R24B" -ipcs_urls
4.9.2.2. Kunna maɓallin AES Tushen
Kuna samar da IID PUF nannade AES tushen maɓallin .wkey file ta hanyar aika takardar shedar sa hannu ga SDM.
Kuna iya amfani da Intel Quartus Prime Programmer don samarwa ta atomatik, sanya hannu, da aika takaddun shaida don nannade maɓallin tushen AES ɗin ku, ko kuna iya amfani da Intel Quartus Prime Programming. File Generator don samar da takardar shaidar da ba a sanya hannu ba. Kuna sanya hannu kan takardar shaidar da ba a sanya hannu ba ta amfani da kayan aikin ku ko kayan aikin sa hannu na Quartus. Kuna amfani da Programmer don aika takardar shaidar da aka sanya hannu kuma ku nannade maɓallin tushen AES ɗin ku. Ana iya amfani da takardar shedar sanya hannu don tsara duk na'urorin da za su iya inganta sarkar sa hannu.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 35

4. Samar da Na'urar 683823 | 2023.05.23

Hoto na 8.

Kunna Maɓallin AES Ta Amfani da Intel Quartus Prime Programmer
.pem Mai zaman kansa
Maɓalli

.qky

kwartus_pgm

Kunna AES Key

AES.QSKigYnature RootCPhuabilnic Key

Ƙirƙirar Maɓallin nannade PUF

Maɓallin AES na nannade

SDM

.qek boye-boye
Maɓalli

.wkey PUF-nade
Farashin AES

1. Kuna iya ƙirƙirar IID PUF nannade AES tushen maɓalli (.wkey) tare da Programmer ta amfani da dalilai masu zuwa:
· Da .qky file dauke da sa hannu sarkar tare da AES tushen takardar shaidar izni
· Mai zaman kansa .pem file don maɓalli na ƙarshe a cikin sarkar sa hannu
· Da .q file rike da maɓallin tushen AES
16-byte farawa vector (iv).

kwartus_pgm -c 1 -mjtag -qky_file= aes0_sign_chain.qky -pem_file=aes0_sign_private.pem -qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”

2. A madadin, za ka iya haifar da unsigned IID PUF wrapping AES tushen takardar shaidar tare da Programming File Generator ta amfani da dalilai masu zuwa:

quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert

3. Kuna sanya hannu kan takardar shaidar da ba a sanya hannu ba tare da kayan aikin sa hannu ko kayan aikin quartus_sign ta amfani da umarni mai zuwa:

quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert sign_aes.ccert

4. Sai ku yi amfani da Programmer don aika takardar shaidar AES da aka sanya hannu kuma ku dawo da makullin nannade (.wkey) file:

kwata_pgm -c 1 -mjtag -cert_file= sanya hannu_aes.ccert -o “ei; aes.wkey; AGFB014R24A”

Lura: Aikin i bai zama dole ba idan a baya kun ɗora hoton mataimaki na firmware, don misaliample, don yin rajistar PUF.

4.9.2.3. Bayanin Taimako na Shirye-shiryen da Maɓallin Nannade zuwa Ƙwaƙwalwar Flash QSPI
Kuna amfani da Quartus Programming File Keɓantaccen hoto na janareta don gina hoton filasha na QSPI na farko mai ɗauke da ɓangaren PUF. Dole ne ku ƙirƙira da tsara dukkan hoton shirye-shiryen walƙiya don ƙara ɓangaren PUF zuwa filasha QSPI. Ƙirƙirar PUF

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 36

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23

Hoto na 9.

rabon bayanai da amfani da bayanan mataimakan PUF da makullin nannade files don tsara hoton filasha ba a tallafawa ta hanyar Shirye-shiryen File Tsarin layin umarni na janareta.
Matakan da ke gaba suna nuna gina hoton shirye-shiryen walƙiya tare da bayanan mataimakan PUF da maɓallin nannade:
1. Na File menu, danna Programming File Generator. Akan Fitowa Files tab yi zabin masu zuwa:
a. Don Iyalin Na'ura zaɓi Agilex 7.
b. Don yanayin Kanfigareshan zaɓi Active Serial x4.
c. Don kundin adireshi bincika abubuwan fitarwa na ku file directory. Wannan example amfani da fitarwa_files.
d. Don Suna, saka suna don shirye-shiryen file da za a samar. Wannan example amfani da fitarwa_file.
e. A ƙarƙashin Bayani zaɓi shirye-shiryen files don samar da. Wannan example yana haifar da JTAG Tsarin kai tsaye File (.jic) don daidaita na'urar da Raw Binary File Hoton Taimakon Shirin (.rbf) don hoton mai taimakon na'ura. Wannan exampHakanan yana zaɓar taswirar ƙwaƙwalwar ajiya na zaɓi File (.map) da Raw Programming Data File (.rpd). Da raw programming data file wajibi ne kawai idan kuna shirin amfani da mai tsara shirye-shirye na ɓangare na uku a nan gaba.
Shirye-shirye File Generator - fitarwa Files Tab - Zaɓi JTAG Kanfigareshan Kai tsaye

Yanayin Kanfigareshan Iyali na Na'ura
Fitowa file tab
Littafin fitarwa
JTAG Taswirar ƙwaƙwalwa ta kai tsaye (.jic). File Shirye-shiryen Taimakon Raw Programming Data
Akan Shigarwa Files shafin, yi waɗannan zaɓuɓɓuka masu zuwa: 1. Danna Add Bitstream kuma bincika zuwa .sof ɗinku. 2. Zaɓi .sof ɗin ku file sannan ka danna Properties.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 37

4. Samar da Na'urar 683823 | 2023.05.23
a. Kunna Kunna kayan aikin sa hannu. b. Don Keɓaɓɓen maɓalli file zaɓi .pem ɗin ku file. c. Kunna Ƙarshen ɓoyewa. d. Don maɓallin ɓoyewa file zaži .qk file. e. Danna Ok don komawa zuwa taga da ta gabata. 3. Don tantance bayanan mataimakan ku PUF file, danna Ƙara Raw Data. Canza Files na nau'in menu mai saukarwa zuwa Quartus Physical Unclonable Aiki File (* .wuta). Yi lilo zuwa .puf ɗin ku file. Idan kana amfani da duka IID PUF da UDS IID PUF, maimaita wannan matakin don .puf files ga kowane PUF ana ƙara su azaman shigarwa files. 4. Don saka makullin AES ɗin ku nannade file, danna Ƙara Raw Data. Canza Files na nau'in menu na saukarwa zuwa Maɓallin Nannade Quartus File (*.wkey). Shiga zuwa .wkey naka file. Idan kun nannade maɓallan AES ta amfani da IID PUF da UDS IID PUF, maimaita wannan matakin don .wkey files ga kowane PUF ana ƙara su azaman shigarwa files.
Hoto 10. Ƙayyade Input Files don Kanfigareshan, Tabbatarwa, da ɓoyewa

Ƙara Bitstream Ƙara Raw Data
Kayayyaki
Keɓaɓɓen maɓalli file
Ƙarshe maɓallin ɓoyayyen ɓoyewa
A shafin Configuration Device, yi zaɓuɓɓuka masu zuwa: 1. Danna Ƙara Na'ura kuma zaɓi na'urar filasha daga lissafin da ke akwai.
na'urori. 2. Zaɓi na'urar daidaitawa da kuka ƙara kuma danna Add Partition. 3. A cikin akwatin maganganu na Edit Partition don Input file kuma zaɓi .sof ɗinku daga cikin
jerin zaɓuka. Kuna iya riƙe abubuwan da ba daidai ba ko gyara wasu sigogi a cikin akwatin maganganu na Gyara Sashe.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 38

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23
Hoto 11. Ƙayyade .sof Kanfigareshan Bitstream Partition ɗin ku

Na'urar Kanfigareshan
Gyara Rarraba Ƙara .sof file

Ƙara Rarraba

4. Lokacin da ka ƙara .puf da .wkey azaman shigarwa files, Programming File Generator yana ƙirƙirar ɓangaren PUF ta atomatik a cikin Na'urar Kanfigareshan ku. Don adana .puf da .wkey a cikin ɓangaren PUF, zaɓi ɓangaren PUF kuma danna Shirya. A cikin akwatin maganganu na Edit Partition, zaɓi .puf ɗin ku da .wkey files daga jerin zaɓuka. Idan ka cire ɓangaren PUF, dole ne ka cire kuma ka sake ƙara na'urar daidaitawa don Shirye-shiryen File Generator don ƙirƙirar wani bangare na PUF. Dole ne ku tabbatar da cewa kun zaɓi daidai .puf da .wkey file don IID PUF da UDS IID PUF, bi da bi.
Hoto 12. Ƙara .puf da .wkey files zuwa PUF Partition

Farashin PUF

Gyara

Gyara Rarraba

Flash Loader

Zaɓi Ƙirƙira

5. Don ma'aunin Flash Loader zaɓi zaɓi dangin na'urar Intel Agilex 7 da sunan na'urar da ta dace da Intel Agilex 7 OPN ɗin ku.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 39

4. Samar da Na'urar 683823 | 2023.05.23
6. Danna Generate don samar da fitarwa files cewa ka ayyana a kan Output Files tab.
7. The Programming File Generator yana karanta .qek file kuma yana sa ku ga kalmar wucewar ku. Buga kalmar wucewar ku don amsawa ga Saurin shigar da kalmar wucewar QEK. Danna maɓallin Shigar.
8. Danna Ok lokacin da Programming yake File Generator yayi rahoton tsarar da suka yi nasara.
Kuna amfani da Intel Quartus Prime Programmer don rubuta hoton shirye-shiryen QSPI zuwa ƙwaƙwalwar filasha QSPI. 1. A menu na Intel Quartus Prime Tools zaɓi Programmer. 2. A cikin Programmer, danna Hardware Setup sannan ka zabi Intel mai alaka
FPGA Zazzage Cable. 3. Danna Ƙara File sannan kayi lilo zuwa .jic dinka file.
Hoto 13. Shirin .jic

Shirye-shirye file

Shirin / Sanya

JTAG scan sarkar
4. Cire akwatin da ke da alaƙa da hoton Taimako. 5. Zaɓi Shirin/Sanya don fitar da .jic file. 6. Kunna maballin farawa don tsara ƙwaƙwalwar filasha ta quad SPI. 7. Zagayowar wutar lantarki ta allo. An tsara ƙira zuwa ƙwaƙwalwar filasha quad SPI
na'urar daga baya tana lodawa cikin FPGA da aka yi niyya.
Dole ne ku ƙirƙira da tsara dukkan hoton shirye-shiryen walƙiya don ƙara ɓangaren PUF zuwa filasha SPI quad.
Lokacin da ɓangaren PUF ya riga ya wanzu a cikin walƙiya, yana yiwuwa a yi amfani da Intel Quartus Prime Programmer don samun damar bayanan taimakon PUF kai tsaye da maɓallin nannade. files. Domin misaliampko, idan kunnawa bai yi nasara ba, yana yiwuwa a sake yin rajistar PUF, sake nannade maɓallin AES, sannan kawai shirya PUF files ba tare da an sake rubuta dukkan filasha ba.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 40

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23
Intel Quartus Prime Programmer yana goyan bayan hujjar aiki mai zuwa don PUF files a cikin ɓangaren PUF da ya rigaya ya kasance:
· p: shirin
v: tabbatar
· r: goge
b: cak
Dole ne ku bi hani iri ɗaya don rajistar PUF, ko da akwai ɓangaren PUF.
1. Yi amfani da hujjar i aiki don loda hoton mataimaki na firmware don aiki na farko. Domin misaliampLe, jerin umarni masu zuwa suna sake yin rajistar PUF, sake nannade maɓallin tushen AES, goge tsoffin bayanan mataimakan PUF da maɓallin nannade, sannan shirya kuma tabbatar da sabon bayanan mataimakan PUF da maɓallin tushen AES.
kwartus_pgm -c 1 -mjtag -o “ei; new.puf; AGFB014R24A” quartus_pgm -c 1 -mjtag -cert_file= sanya hannu_aes.ccert -o "e;new.wkey; AGFB014R24A" quartus_pgm -c 1 -mjtag -o "r; old.puf" quartus_pgm -c 1 -mjtag -o "r; old.wkey" quartus_pgm -c 1 -mjtag -o “p;new.puf” quartus_pgm -c 1 -mjtag -o “p;new.wkey” quartus_pgm -c 1 -mjtag -o "v;new.puf" quartus_pgm -c 1 -mjtag -o "v;new.wkey"
4.9.2.4. Tambaya Matsayin Kunna ID na ciki PUF
Bayan ka shigar da ID na Intrinsic PUF, kunsa maɓallin AES, samar da shirye-shiryen walƙiya files, kuma sabunta filasha na quad SPI, kuna zagayawa na'urarku don kunna kunnawa da daidaitawa na PUF daga ɓoyayyen bitstream. SDM yana ba da rahoton matsayin kunnawa PUF tare da yanayin daidaitawa. Idan kunnawar PUF ta gaza, maimakon SDM ta ba da rahoton matsayin kuskuren PUF. Yi amfani da umarnin quartus_pgm don neman yanayin daidaitawa.
1. Yi amfani da umarni mai zuwa don tambayar halin kunnawa:
kwartus_pgm -c 1 -mjtag -status -status_type = "CONFIG"
Ga sampfitarwa daga kunnawa mai nasara:
Bayani (21597): Martanin CONFIG_STATUS Na'urar tana gudana a cikin yanayin mai amfani 00006000 RESPONSE_CODE=OK, LALLAI=6 00000000 STATE=IDLE 00160300 Shafin C000007B MSEL=QSPI_NORMAL1,nSTACONSE_CODE,nSTATE
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Kuskure wurin 00000000 Kuskure cikakkun bayanai, Martanin PUF_STATUS 00002000 2 USER_IID MATSAYI=PUF_ACTIVATION_SUCCESS,
AMINCI_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID MATSAYI=PUF_ACTIVATION_SUCCESS,
AMINCI_DIAGNOSTIC_SCORE=5, TEST_MODE=0

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 41

4. Samar da Na'urar 683823 | 2023.05.23

Idan kawai kuna amfani da ko dai IID PUF ko UDS IID PUF, kuma ba ku tsara bayanan taimako ba .puf file ga ko dai PUF a cikin filasha QSPI, PUF baya kunnawa kuma matsayin PUF yana nuna cewa bayanan mataimakan PUF basu da inganci. Mai zuwa example yana nuna matsayin PUF lokacin da ba a tsara bayanan mataimaki na PUF don PUF ba:
Martanin PUF_STATUS 00002000 RESPONSE_CODE= Ok, LURA=2 00000002 USER_IID MATSAYI=PUF_DATA_CORRUPTED,
AMINCI_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID MATSAYI=PUF_DATA_CORRUPTED,
AMINCI_DIAGNOSTIC_SCORE=0, TEST_MODE=0

4.9.2.5. Wurin PUF a cikin ƙwaƙwalwar Flash
Wurin PUF file ya bambanta don ƙira waɗanda ke goyan bayan RSU da ƙira waɗanda ba sa goyan bayan fasalin RSU.

Don ƙira waɗanda basa goyan bayan RSU, dole ne ku haɗa da .puf da .wkey files lokacin da ka ƙirƙiri sabunta hotunan filasha. Don ƙira da ke goyan bayan RSU, SDM ba ta sake rubuta sassan bayanan PUF yayin sabunta hoton masana'anta ko aikace-aikace.

Tebur 2.

Fassarar Ƙarshe na Flash ba tare da Tallafin RSU ba

Kashe Flash (a cikin bytes)

Girman (a cikin bytes)

Abubuwan da ke ciki

Bayani

0k 256k

256k 256k

Firmware Gudanarwar Kanfigareshan Tsarin Gudanarwar Firmware Kanfigareshan Gudanarwa Firmware

Firmware wanda ke aiki akan SDM.

512K

256K

Firmware Gudanarwar Kanfigareshan

768K

256K

Firmware Gudanarwar Kanfigareshan

32K

Bayanan Bayani na PUF0

Tsarin bayanai don adana bayanan taimako na PUF da PUF-nannade AES kwafin maɓallin tushen 0

1M+32K

32K

Bayanan Bayani na PUF1

Tsarin bayanai don adana bayanan taimako na PUF da PUF-nannade AES kwafin maɓallin tushen 1

Tebur 3.

Fassarar Ƙarshe na Flash tare da Tallafin RSU

Kashe Flash (a cikin bytes)

Girman (a cikin bytes)

Abubuwan da ke ciki

Bayani

0k 512k

512k 512k

Firmware yanke shawara Firmware yanke shawara

Firmware don ganowa da ɗaukar hoto mafi fifiko.

1m 1.5m ku

512k 512k

Firmware yanke shawara Firmware yanke shawara

8K + 24K

Tabbatar da bayanan firmware

Padding

An tanada don amfani da firmware na yanke shawara.

2M + 32K

32K

An tanada don SDM

An tanada don SDM.

2M + 64K

Mai canzawa

Hoton masana'anta

Hoto mai sauƙi wanda kuka ƙirƙira azaman madadin idan duk sauran hotunan aikace-aikacen sun kasa lodawa. Wannan hoton ya ƙunshi CMF da ke aiki akan SDM.

Na gaba

32K

Bayanan Bayani na PUF0

Tsarin bayanai don adana bayanan taimako na PUF da PUF-nannade AES kwafin maɓallin tushen 0
ci gaba…

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 42

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23

Kashe Flash (a cikin bytes)

Girman (a cikin bytes)

Na gaba +32K 32K

Kwafin bayanan PUF 1

Na gaba + 256K 4K Gaba +32K 4K Gaba +32K 4K

Kwafi na ɓangaren ɓangaren tebur 0 Kwafin Ƙarshe na Ƙaƙwalwar Ƙaƙwalwar Ƙaƙwalwar Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙaƙwalwa na Ƙaƙwalwa 1 CMF Ƙwararren Ƙwararren Ƙwararren Ƙwaƙwalwa 0

Na gaba +32K _

CMF pointer block kwafin 1

Mai Sauyawa Mai Sauƙi

Hoton aikace-aikace 1 Hoton aikace-aikace 2

4.9.3. Bakin Maɓalli Bayarwa

Bayani
Tsarin bayanai don adana bayanan taimako na PUF da PUF-nannade AES kwafin maɓallin tushen 1
Tsarin bayanai don sauƙaƙe sarrafa ma'ajiyar filasha.
Lissafin masu nuni ga hotunan aikace-aikacen bisa ga fifiko. Lokacin da kuka ƙara hoto, hoton ya zama mafi girma.
Kwafin na biyu na jerin masu nuni ga hotunan aikace-aikacen.
Hoton aikace-aikacenku na farko.
Hoton aikace-aikacenku na biyu.

Lura:

TheIntel Quartus PrimeProgrammer yana taimakawa wajen kafa ingantaccen haɗin gwiwa tsakanin na'urar Intel Agilex 7 da sabis na ba da maɓalli na baki. An kafa amintaccen haɗin kai ta https kuma yana buƙatar takaddun shaida da yawa da aka gano ta amfani da rubutu file.
Lokacin amfani da Bayar da Maɓallin Maɓalli, Intel yana ba da shawarar ka guji haɗa fitin TCK a waje don cirewa ko ja ƙasa da resistor yayin da kake amfani da shi don J.TAG. Koyaya, zaku iya haɗa fil ɗin TCK zuwa wutar lantarki ta VCCIO SDM ta amfani da resistor 10k. Jagorar data kasance a cikin Jagororin Haɗin Pin don haɗa TCK zuwa 1k mai juye ƙasa an haɗa shi don kashe amo. Canjin jagora zuwa resistor 10k ba ya shafar aikin na'urar. Don ƙarin bayani game da haɗa fil ɗin TCK, koma zuwa Intel Agilex 7 Ka'idodin Haɗin Haɗin Pin.
Thebkp_tls_ca_certcertificate yana tabbatar da misalin sabis ɗin samar da maɓalli na baƙar fata zuwa misalin mai samar da maɓalli na baƙar fata. Thebkp_tls_*takaddun shaida sun tabbatar da misalin maɓalli na samar da maɓalli na maɓalli zuwa misalin sabis ɗin samar da maɓalli na baƙar fata.
Kuna ƙirƙirar rubutu file dauke da mahimman bayanai don Intel Quartus Prime Programmer don haɗawa zuwa sabis na ba da maɓalli na baƙar fata. Don fara samar da maɓalli na baƙar fata, yi amfani da duban layin umarni na Programmer don ƙididdige rubutun zaɓuɓɓukan tanadin maɓalli file. Bakin maɓalli sannan yana ci gaba ta atomatik. Don samun dama ga sabis na samar da maɓalli na baƙar fata da takaddun alaƙa, tuntuɓi Tallafin Intel.
Kuna iya kunna samar da maɓallin baƙar fata ta amfani da thequartus_pgmcommand:
kwartus_pgm -c -m - na'ura –bkp_options=bkp_options.txt
Ƙididdigar umarnin umarni sun ƙayyade bayanai masu zuwa:

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 43

4. Samar da Na'urar 683823 | 2023.05.23

· -c: lambar kebul · -m: ƙayyade yanayin shirye-shirye kamar JTAG · -na'ura: yana ƙayyade ma'anar na'ura akan JTAG sarkar. Tsohuwar ƙimar ita ce 1. · –bkp_options: tana ƙayyade rubutu file dauke da zabin samar da maɓalli na baki.
Bayani mai dangantaka Intel Agilex 7 Jagoran Haɗin Haɗin Iyali na Na'urar

4.9.3.1. Zaɓuɓɓukan Bayar da Maɓalli
Zaɓuɓɓukan samar da maɓalli na baƙar fata rubutu ne file wuce zuwa Programmer ta hanyar quartus_pgm umurnin. The file ya ƙunshi bayanin da ake buƙata don haifar da samar da maɓalli na baki.
Mai zuwa shine tsohonample na bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = tushen.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pem bkp_tls_prog_1234 192.167.5.5:5000 bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password

Tebur 4.

Zaɓuɓɓukan Bayar da Maɓalli
Wannan tebur yana nuna zaɓuɓɓukan da ake buƙata don haifar da samar da maɓalli na baki.

Zabin Sunan

Nau'in

Bayani

bkp_ip

Da ake bukata

Yana ƙayyadaddun adireshin IP na uwar garken da ke aiki da sabis na ba da maɓalli na baƙar fata.

bkp_port

Da ake bukata

Yana ƙayyade tashar samar da maɓalli na baƙar fata da ake buƙata don haɗawa zuwa uwar garken.

bkp_cfg_id

Da ake bukata

Gano baƙar maɓalli na samar da daidaitaccen kwarara ID.
Sabis na ba da maɓalli na baƙar fata yana haifar da ƙayyadaddun tsarin samar da maɓallin baƙar fata gami da maɓallin tushen AES, saitunan eFuse da ake so, da sauran zaɓuɓɓukan ba da izinin maɓalli na baki. Lambar da aka sanya yayin saitin sabis na samar da maɓalli yana gano ƙayyadaddun tsarin samar da maɓallin baƙar fata.
Lura: Na'urori da yawa na iya komawa zuwa maɓalli iri ɗaya na samar da tsarin sabis.

bkp_tls_ca_cert

Da ake bukata

Tushen takardar shaidar TLS da aka yi amfani da ita don gano ayyukan samar da maɓalli na baƙar fata zuwa Intel Quartus Prime Programmer (Programmer). Amintacciyar Hukumar Takaddun shaida don misalin sabis na ba da maɓalli na baƙar fata ta ba da wannan takaddun shaida.
Idan kana gudanar da Programmer a kwamfuta tare da tsarin aiki na Microsoft® Windows® (Windows), dole ne ka shigar da wannan takaddun shaida a cikin kantin sayar da takaddun shaida na Windows.

bkp_tls_prog_cert

Da ake bukata

Takaddun shaida da aka ƙirƙira don misalin Black key Provider Programmer (BKP Programmer). Wannan ita ce takardar shaidar abokin ciniki ta https da aka yi amfani da ita don gano wannan misali na shirye-shiryen BKP
ci gaba…

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 44

Aika da martani

4. Samar da Na'urar 683823 | 2023.05.23

Zabin Sunan

Nau'in

bkp_tls_prog_key

Da ake bukata

bkp_tls_prog_key_pass Na zaɓi

bkp_proxy_address bkp_proxy_user bkp_proxy_password

Zaɓin Zaɓuɓɓuka na zaɓi

Bayani
zuwa sabis na samar da maɓallin maɓalli. Dole ne ku shigar da ba da izini wannan takaddun shaida a cikin sabis na ba da maɓalli na baƙar fata kafin fara zaman samar da maɓalli na baki. Idan kuna gudanar da Programmer akan Windows, babu wannan zaɓin. A wannan yanayin, bkp_tls_prog_key ya riga ya ƙunshi wannan takaddun shaida.
Maɓallin keɓaɓɓen madaidaici daidai da takaddun shirye-shiryen BKP. Maɓallin yana tabbatar da ainihin misalin BKP Programmer zuwa sabis na ba da maɓalli na baki. Idan kuna gudanar da Programmer akan Windows, .pfx file yana haɗa takardar shaidar bkp_tls_prog_cert da maɓalli na sirri. Zaɓin bkp_tlx_prog_key ya wuce .pfx file a cikin bkp_options.txt file.
Kalmar sirri don maɓallin keɓaɓɓen bkp_tls_prog_key. Ba a buƙata a cikin zaɓin daidaitawar maɓalli na baƙar fata (bkp_options.txt) rubutu file.
Yana ƙayyade uwar garken wakili URL adireshin
Yana ƙayyade sunan mai amfani na uwar garken wakili.
Yana ƙayyadaddun kalmar sirri ta proxy.

4.10. Maida Tushen Maɓalli, AES Tushen Maɓallin Takaddun shaida, da Fuse files zuwa Jam STAPL File Tsarin tsari

Kuna iya amfani da umarnin layin umarni na quartus_pfg don canza .qky, maɓallin tushen AES .ccert, da .fuse files zuwa Tsarin Jam STAPL File (.jam) da Tsarin Code na Jam Byte File (jbc). Kuna iya amfani da waɗannan files don tsara Intel FPGAs ta amfani da Jam STAPL Player da Jam STAPL Byte-Code Player, bi da bi.

.jam ko .jbc guda ɗaya ya ƙunshi ayyuka da yawa waɗanda suka haɗa da daidaitawar hoto da shirye-shirye na firmware, duba mara kyau, da tabbatar da shirye-shiryen maɓalli da fuse.

Tsanaki:

Lokacin da kuka canza maɓallin tushen AES .ccert file zuwa .jam format, da .jam file yana ƙunshe da maɓallin AES a bayyane amma ruɓaɓɓen tsari. Saboda haka, dole ne ka kare .jam file lokacin adana maɓallin AES. Kuna iya yin haka ta hanyar samar da maɓallin AES a cikin amintaccen yanayi.

Ga tsohonamples na umarnin juyawa quartus_pfg:

quartus_pfg -c -o helper_device=AGFB014R24A “tushen0.qky; tushen1.qky; tushen2.qky” TushenKey.jam quartus_pfg -c -o helper_device=AGFB014R24A “tushen0.qqky;root1.qky;root2. c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device = AGFB014 settings - AGFB24 er_device= AGFB014R24A saituna. fuse settings_fuse.jbc

Don ƙarin bayani game da amfani da Jam STAPL Player don shirye-shiryen na'ura koma zuwa AN 425: Amfani da Command-Line Jam STAPL Magani don Shirye-shiryen Na'ura.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 45

4. Samar da Na'urar 683823 | 2023.05.23
Gudun waɗannan umarni don tsara tushen maɓalli na jama'a da maɓallin ɓoye AES:
//Don loda bitstream mai taimako cikin FPGA. // Bitstream mai taimako ya haɗa da samar da firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//Don tsara tushen maɓallin jama'a mai shi zuwa cikin eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//Don tsara tushen maɓallin jama'a mai shi zuwa eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//Don tsara tushen maɓallin jama'a mai mallakar PR cikin eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//Don tsara tushen maɓallin jama'a mai mallakar PR zuwa eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//Don tsara maɓallin ɓoyewar AES CCERT cikin BBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//Don tsara maɓallin ɓoyewar AES CCERT cikin eFuses quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Bayani mai alaƙa AN 425: Amfani da Hanyar-Layin Jam STAPL Magani don Shirye-shiryen Na'ura

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 46

Aika da martani

683823 | 2023.05.23 Aika Ra'ayoyin

Abubuwan Ci gaba

5.1. Amintaccen Izinin gyara kuskure
Don ba da izinin Amintaccen Debug, mai kuskure yana buƙatar samar da maɓalli na tantancewa kuma yayi amfani da Intel Quartus Prime Pro Programmer don samar da bayanin na'urar. file don na'urar da ke gudanar da hoton gyara kuskure:
kwartus_pgm -c 1 -mjtag -o "ei; na'urar_info.txt; AGFB014R24A" -dev_info
Mai na'urar yana amfani da kayan aikin quartus_sign ko aiwatar da tunani don ƙara shigar da maɓalli na jama'a na sharaɗi zuwa sarkar sa hannu da aka yi niyya don ayyukan gyara kuskure ta amfani da maɓallin jama'a daga mai gyara kuskure, izini masu mahimmanci, rubutun bayanin na'urar. file, da ƙarin ƙuntatawa:
quartus_sign –family=agilex –operation=append_key –previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky –izini=0x6 –cancel=1 –dev_info=na’urar_info.txt –halitta=1,2,17,18,inpu. debug_authorization_public_key.pem amin_debug_auth_chain.qky
Mai na'urar yana aika da cikakken sa hannu ga mai gyara kuskuren, wanda ke amfani da sarkar sa hannu da maɓalli na sirri don sanya hannu kan hoton cire kuskure:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
Kuna iya amfani da umarnin quartus_pfg don duba sa hannun sa hannu na kowane sashe na wannan amintaccen warware matsalar bitstream kamar haka:
quartus_pfg -check_integrity authorized_debug_design.rbf
Fitowar wannan umarni yana buga ƙimar ƙuntatawa 1,2,17,18 na maɓalli na jama'a na sharadi wanda aka yi amfani da shi don samar da rattaba hannu akan bitstream.
Mai cire kuskuren sannan zai iya tsara ƙirar gyara kuskuren da aka amince dashi:
kwartus_pgm -c 1 -mjtag -o "p; izini_debug_design.rbf"
Mai na'urar na iya soke amintaccen izinin gyara kuskure ta hanyar soke fayyace ID na soke maɓalli da aka sanya a cikin amintaccen sa hannun sa hannu na cire kuskure.
5.2. HPS Debug Takaddun shaida
Ƙaddamar da damar izini kawai zuwa tashar jiragen ruwa na gyara kuskuren HPS (DAP) ta hanyar JTAG dubawa yana buƙatar matakai da yawa:

ISO 9001: 2015 Rajista

5. Abubuwan Ci gaba 683823 | 2023.05.23
1. Danna menu na Intel Quartus Prime software Assignments kuma zaɓi Na'urar Na'ura da Kundin Kanfigareshan Zaɓuɓɓuka.
2. A cikin Kanfigareshan shafin, kunna HPS debug access port (DAP) ta zaɓi ko dai HPS Pins ko SDM Fil daga menu na zaɓuka, da kuma tabbatar da Bada debug HPS ba tare da takaddun shaida ba.
Hoto 14. Ƙayyade Ko dai HPS ko SDM Fil don HPS DAP

HPS debug access port (DAP)
A madadin, zaku iya saita aikin da ke ƙasa a cikin Saitunan Firayim Minista na Quartus .qsf file:
saita_global_assignment -suna HPS_DAP_SPLIT_MODE "SDM PINS"
3. Tattara da ɗora ƙira tare da waɗannan saitunan. 4. Ƙirƙirar sarkar sa hannu tare da izini masu dacewa don sanya hannu kan gyara kuskuren HPS
takardar shaidar:
quartus_sign –family=agilex –operation=append_key –previous_pem=tushen_private.pem –previous_qky=tushen.qky –izini=0x8 –cancel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_chaint.
5. Nemi takardar shedar gyara kuskuren HPS mara sa hannu daga na'urar inda aka ɗora ƙirƙira ƙira:
kwartus_pgm -c 1 -mjtag -o "e; unsigned_hps_debug.cert; AGFB014R24A"
6. Sa hannu kan takardar shedar kuskuren HPS da ba a sanya hannu ba ta amfani da kayan aikin quartus_sign ko aiwatar da tunani da sarkar sa hannu na gyara kuskuren HPS:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert sign_hps_debug.cert

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 48

Aika da martani

5. Abubuwan Ci gaba 683823 | 2023.05.23
7. Aika sa hannu kan takardar shaidar gyara kuskuren HPS zuwa na'urar don ba da damar shiga tashar tashar gyara kuskure ta HPS (DAP):
kwartus_pgm -c 1 -mjtag -o "p; sanya hannu_hps_debug.cert"
Takaddun gyara kuskuren HPS yana aiki ne kawai daga lokacin da aka ƙirƙira shi har zuwa zagaye na gaba na wutar lantarki na na'urar ko har sai an loda wani nau'i ko nau'in firmware na SDM daban. Dole ne ku ƙirƙira, sa hannu, da tsara sa hannu kan takardar shaidar gyara kuskuren HPS, kuma ku aiwatar da duk ayyukan gyara kuskure, kafin yin keken na'urar. Kuna iya ɓata takardar shedar kuskuren HPS da aka sa hannu ta hanyar yin keken wuta na na'urar.
5.3. Shaidar Platform
Kuna iya samar da madaidaicin bayanin (.rim) file amfani da programming file kayan aikin janareta:
quartus_pfg -c sign_encrypted_top.rbf top_rim.rim
Bi waɗannan matakan don tabbatar da shaidar dandamali a cikin ƙirar ku: 1. Yi amfani da Intel Quartus Prime Pro Programmer don daidaita na'urarka tare da
zane da kuka ƙirƙiri bayanin mutuncin tunani don. 2. Yi amfani da mai tabbatar da dandamali don yin rajistar na'urar ta hanyar ba da umarni zuwa ga
SDM ta akwatin saƙo na SDM don ƙirƙirar takardar shaidar ID na na'urar da takaddun firmware akan sake lodawa. 3. Yi amfani da Intel Quartus Prime Pro Programmer don sake saita na'urarka tare da ƙira. 4. Yi amfani da mai tabbatar da dandamali don ba da umarni ga SDM don samun ID na na'urar shaida, firmware, da takaddun shaida. 5. Yi amfani da mai tabbatarwa don bayar da umarnin akwatin saƙo na SDM don samun shaidar shaida kuma mai tabbatar yana duba shaidar da aka dawo.
Kuna iya aiwatar da sabis ɗin tabbatarwa naku ta amfani da umarnin akwatin saƙo na SDM, ko amfani da sabis na tabbatar da dandamali na Intel. Don ƙarin bayani game da software na tabbatar da dandamali na Intel, samuwa, da takaddun shaida, tuntuɓi Tallafin Intel.
Bayani mai dangantaka Intel Agilex 7 Jagoran Haɗin Haɗin Iyali na Na'urar
5.4. Jiki Anti-Tamper
Kuna kunna anti-t ta jikiamper fasali ta amfani da matakai masu zuwa: 1. Zaɓin amsar da ake so zuwa ga tamper taron 2. Haɓaka abin da ake so tamphanyoyin ganowa da sigogi 3. Ciki har da anti-tamper IP a cikin dabarun ƙira don taimakawa sarrafa anti-tamper
abubuwan da suka faru

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 49

5. Abubuwan Ci gaba 683823 | 2023.05.23
5.4.1. Anti-Tamper Responses
Kuna kunna anti-t ta jikiamper ta hanyar zabar amsa daga Anti-tampAmsa: Jerin zaɓuka akan Na'urar Na'urar Ayyuka da Tsaro Anti-T Zaɓuɓɓukan Pinampta tab. Ta hanyar tsoho, anti-tamper amsa ba a kashe. Rukuni biyar na anti-tampakwai amsa. Lokacin da kuka zaɓi martanin da kuke so, ana kunna zaɓuɓɓukan don kunna ɗaya ko fiye hanyoyin ganowa.
Hoto 15. Akwai Anti-Tampko Zaɓuɓɓukan Amsa

Ayyukan da suka dace a cikin saitunan Quartus Prime .gsf file shine kamar haka:
saitin_assignment_duniya -suna ANTI_TAMPER_AMSA "NA'AURAR SANARWA GAGE KULLUM DA ZEROIZATION"
Lokacin da ka kunna anti-tampko da yake, kuna iya zaɓar nau'ikan SDM guda biyu da aka keɓe don fitar da tampGano abubuwan da suka faru da matsayi na amsawa ta amfani da Na'urar Na'urar Ayyuka da Tagar Zaɓuɓɓukan Kanfigareshan Kanfigareshan Pin Zabuka.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 50

Aika da martani

5. Abubuwan Ci gaba 683823 | 2023.05.23
Hoto 16. Akwai SDM sadaukar I/O Fil don Tamper Gano Abubuwan da suka faru

Hakanan kuna iya yin ayyukan fil masu zuwa a cikin saitunan file: set_global_assignment -suna USE_TAMPER_DETECT SDM_IO15 saitin_assignment_duniya -suna ANTI_TAMPER_RESPONSE_FAILED SDM_IO16

5.4.2. Anti-Tamper Ganewa

Kuna iya kunna mitar, zazzabi, da voltage gano fasali na SDM. Gano FPGA ya dogara da haɗawa da Anti-Tamper Lite Intel FPGA IP a cikin ƙirar ku.

Lura:

Mitar SDM da voltagdaampHanyoyin gano er sun dogara da nassoshi na ciki da na'urorin aunawa waɗanda zasu iya bambanta a cikin na'urori. Intel yana ba da shawarar cewa ka siffanta halayen tampsaitin ganowa.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 51

5. Abubuwan Ci gaba 683823 | 2023.05.23
Mitar tampganowa yana aiki akan tushen agogon daidaitawa. Don kunna mita tampGanewar haka, dole ne ka saka wani zaɓi banda Oscillator na Ciki a cikin zazzage tushen agogon Kanfigareshan akan Na'urar Na'urar Ayyuka da Gabaɗaya Zaɓuɓɓukan Fil. Dole ne ku tabbatar da cewa Run sanyi CPU daga akwatin rajistan oscillator na ciki an kunna kafin kunna mitar tampganowa. Hoto 17. Saitin SDM zuwa Oscillator na ciki
Don kunna mita tampganowa, zaɓi Kunna mitar tampAkwatin binciken ganowa kuma zaɓi Mitar da ake so tampkewayon ganowa daga menu na zaɓuka. Hoto 18. Ƙaddamar da Mitar Tamper Ganewa

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 52

Aika da martani

5. Abubuwan Ci gaba 683823 | 2023.05.23
A madadin, zaku iya kunna Frequency TampGanewa ta yin canje-canje masu zuwa zuwa Saitunan Firayim na Quartus .qsf file:
saitin_global_assignment -name AUTO_RESTART_CONFIGURATION KASHE saitin_assignment_global_name DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ saitin_global_assignment -suna RUN_CONFIG_CPU_FROM_INT_OSC ON saiti_FROM_INT_OSC ON saiti_FROM_INT_OSC ON saiti_FROM_INT_OSCAMPER_DETECTION ON saitin_assignment_global_name FREQUENCY_TAMPER_DETECTION_RANGE 35
Don kunna zafin jiki tampganowa, zaɓi Kunna zafin jiki tampAkwatin binciken ganowa kuma zaɓi zafin da ake so babba da ƙananan iyakoki a cikin filayen da suka dace. Ana cika manyan iyakoki na sama da ƙasa ta tsohuwa tare da kewayon yanayin zafi mai alaƙa don na'urar da aka zaɓa a cikin ƙira.
Don kunna voltagdaampganowa, ka zaɓi ko dai ko duka biyun Enable VCCL voltagdaampgano ko Kunna VCCL_SDM voltagdaampAkwatunan bincike na ganowa kuma zaɓi Voltagdaamper gano mai jawo kashitage a cikin filin da ya dace.
Hoto 19. Kunna Voltagkuma Tamper Ganewa

A madadin, zaku iya kunna Voltagkuma TampGanewa ta hanyar tantance ayyuka masu zuwa a cikin .qsf file:
saitin_assignment_global_suna ENABLE_TEMPERATURE_TAMPER_DETECTION ON saitin_assignment_global_suna TEMPERATURE_TAMPER_UPPER_BOUND saitin_assignment_duniya 100 -suna ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION ON saitin_assignment_global_suna ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION ON
5.4.3. Anti-Tampko Lite Intel FPGA IP
Anti-Tamper Lite Intel FPGA IP, samuwa a cikin kasidar IP a cikin Intel Quartus Prime Pro Edition software, yana sauƙaƙe sadarwa tsakanin ƙirar ku da SDM don t.ampabubuwan da suka faru.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 53

Hoto 20. Anti-Tampko Lite Intel FPGA IP

5. Abubuwan Ci gaba 683823 | 2023.05.23

IP ɗin yana ba da sigina masu zuwa waɗanda kuka haɗa zuwa ƙirar ku kamar yadda ake buƙata:

Tebur 5.

Anti-Tamper Lite Intel FPGA IP I/O Sigina

Sunan siginar

Hanyar

Bayani

gpo_sdm_at_event gpi_fpga_at_event

Fitarwa Input

Siginar SDM zuwa dabarar masana'anta na FPGA wanda SDM ya gano aampya faru. Ma'anar FPGA yana da kusan 5ms don yin kowane tsaftacewa da ake so da amsa ga SDM ta gpi_fpga_at_response_done da gpi_fpga_at_zeroization_done. SDM ya ci gaba tare da tampAyyukan amsawa lokacin da aka tabbatar da gpi_fpga_at_response_done ko bayan ba a sami amsa ba a cikin lokacin da aka keɓe.
FPGA ta katse zuwa SDM wanda ke tsara anti-tamper detection circuitry an gano aamper taron da SDM tampYa kamata a jawo martani.

gpi_fpga_at_response_yi

Shigarwa

FPGA ta katse zuwa SDM cewa dabarar FPGA ta aiwatar da tsaftacewar da ake so.

gpi_fpga_at_zeroization_d daya

Shigarwa

Siginar FPGA zuwa SDM cewa dabarar FPGA ta kammala duk wani sifili da ake so na bayanan ƙira. Wannan siginar shine sampjagoranci lokacin da aka tabbatar da gpi_fpga_at_response_done.

5.4.3.1. Bayanin Saki

Lambar sigar sigar IP (XYZ) tana canzawa daga sigar software zuwa wata. Canji a:
X yana nuna babban bita na IP. Idan ka sabunta software na Quartus Prime na Intel, dole ne ka sabunta IP ɗin.
Y yana nuna IP ɗin ya ƙunshi sabbin abubuwa. Sake haɓaka IP ɗin ku don haɗa waɗannan sabbin fasalolin.
Z yana nuna IP ɗin ya ƙunshi ƙananan canje-canje. Sake haɓaka IP ɗin ku don haɗa waɗannan canje-canje.

Tebur 6.

Anti-Tamper Lite Intel FPGA IP Bayanin Sakin

Sigar IP

Abu

Bayanin 20.1.0

Intel Quartus Prime Version

21.2

Ranar Saki

2021.06.21

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 54

Aika da martani

5. Abubuwan Ci gaba 683823 | 2023.05.23
5.5. Amfani da Siffofin Tsaro na ƙira tare da Sabunta Tsarin Nisa
Sabunta Tsari mai nisa (RSU) fasalin Intel Agilex 7 FPGAs ne wanda ke taimakawa haɓaka haɓakawa. files ta hanya mai ƙarfi. RSU ya dace da fasalulluka na tsaro na ƙira kamar tantancewa, sa hannu na haɗin gwiwa na firmware, da ɓoyewar bitstream kamar yadda RSU ba ta dogara da abubuwan ƙira na ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanai ba.
Gina Hotunan RSU tare da .sof Files
Idan kana adana maɓallai masu zaman kansu a cikin gida filetsarin, zaku iya samar da hotunan RSU tare da fasalin tsaro na ƙira ta amfani da sauƙi mai sauƙi tare da .sof files a matsayin shigarwar. Don ƙirƙirar hotunan RSU tare da .sof file, za ka iya bi umarnin a Sashe Samar da Nesa System Update Hoton Files Amfani da Shirye-shiryen File Generator na Intel Agilex 7 Kanfigareshan Jagorar Mai Amfani. Ga kowane . sof file ƙayyadaddun akan Input Files shafin, danna maballin Properties… kuma saka saitunan da suka dace da maɓallan sa hannu da kayan aikin ɓoyewa. Shirye-shiryen file kayan aikin janareta ta atomatik ta yi alama da ɓoye bayanan masana'anta da hotuna yayin ƙirƙirar shirye-shiryen RSU files.
A madadin, idan kuna adana maɓallan sirri a cikin HSM, dole ne kuyi amfani da kayan aikin quartus_sign don haka amfani da .rbf files. Sauran wannan sashe yana ba da cikakken bayani game da canje-canje a cikin kwarara don samar da hotunan RSU tare da .rbf files a matsayin shigarwar. Dole ne ku ɓoye kuma ku sanya hannu a tsarin .rbf files kafin zabar su azaman shigarwa files don hotunan RSU; duk da haka, bayanin taya RSU file ba dole ba ne a rufaffen asiri kuma a maimakon haka kawai a sanya hannu. The Programming File Generator baya goyan bayan gyara kaddarorin tsarin .rbf files.
Mai zuwa exampdon nuna gyare-gyaren da suka wajaba zuwa umarni a Sashe Samar da Hoton Sabunta Tsari Mai Nisa Files Amfani da Shirye-shiryen File Generator na Intel Agilex 7 Kanfigareshan Jagorar Mai Amfani.
Samar da Hoton Farko na RSU Amfani da .rbf Files: Gyaran umarni
Daga Ƙirƙirar Hoton RSU na Farko Amfani da .rbf Files sashe, gyara umarni a Mataki na 1. don ba da damar fasalin tsaro na ƙira kamar yadda ake so ta amfani da umarni daga sassan farko na wannan takaddar.
Don misaliampHar ila yau, za ku ƙayyade firmware da aka sanya hannu file idan kuna amfani da haɗin gwiwar firmware, to, yi amfani da kayan aikin ɓoye na Quartus don ɓoye kowane .rbf file, kuma a ƙarshe yi amfani da kayan aikin quartus_sign don sanya hannu akan kowane file.
A mataki na 2, idan kun kunna haɗin haɗin firmware, dole ne ku yi amfani da ƙarin zaɓi a cikin ƙirƙirar boot .rbf daga hoton masana'anta. file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
Bayan ka ƙirƙiri bayanin taya .rbf file, yi amfani da kayan aikin quartus_sign don sanya hannu akan .rbf file. Kada ku ɓoye bayanan taya .rbf file.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 55

5. Abubuwan Ci gaba 683823 | 2023.05.23
Samar da Hoton Aikace-aikace: Gyaran Umurni
Don samar da hoton aikace-aikacen tare da fasalulluka na tsaro na ƙira, kuna canza umarni a Samar da Hoton Aikace-aikacen don amfani da .rbf tare da fasalin tsaro na ƙira, gami da firmware mai haɗin gwiwa idan an buƙata, maimakon ainihin aikace-aikacen .sof file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o yanayin=ASX4 -o bitswap=ON
Samar da Ɗaukaka Hoton Masana'anta: Gyaran Umurni
Bayan ka ƙirƙiri bayanin taya .rbf file, kuna amfani da kayan aikin quartus_sign don sanya hannu akan .rbf file. Kada ku ɓoye bayanan taya .rbf file.
Don ƙirƙirar hoton ɗaukaka masana'anta na RSU, kuna canza umarni daga Samar da Hoton Sabunta Masana'antu don amfani da .rbf file tare da fasalulluka na tsaro da aka kunna kuma ƙara zaɓi don nuna haɗin gwiwar amfani da firmware:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o yanayin=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
Bayani mai dangantaka Intel Agilex 7 Jagorar Mai amfani Kanfigareshan
5.6. Sabis na Cryptographic SDM
SDM akan na'urorin Intel Agilex 7 suna ba da sabis na sirri wanda FPGA masana'anta dabaru ko HPS na iya nema ta hanyar akwatin saƙo na SDM daban-daban. Don ƙarin bayani game da umarnin akwatin wasiku da tsarin bayanai na duk sabis na sirri na SDM, koma zuwa Karin bayani B a cikin Tsarin Tsaro don FPGAs na Intel da Jagorar Mai amfani ASICs Tsarukan.
Don samun damar mu'amalar akwatin saƙo na SDM zuwa dabarar masana'anta na FPGA don sabis na sirri na SDM, dole ne ku hanzarta abokin ciniki na Akwatin Wasiƙa Intel FPGA IP a cikin ƙirar ku.
Lambar magana don samun dama ga akwatin saƙo na SDM daga HPS an haɗa shi a cikin lambar ATF da Linux da Intel ke bayarwa.
Bayani mai alaƙa da Akwatin Saƙonni Abokin ciniki na Intel FPGA IP Jagorar Mai amfani
5.6.1. Boot Izinin Dillali
Intel yana ba da aiwatar da aiwatarwa don software na HPS wanda ke amfani da fasalin taya mai izini don tabbatar da software na taya HPS daga farkon s.tage bootloader ta hanyar zuwa Linux kernel.
Bayani mai alaƙa Intel Agilex 7 SoC Secure Boot Demo Design

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 56

Aika da martani

5. Abubuwan Ci gaba 683823 | 2023.05.23
5.6.2. Amintaccen Sabis na Abubuwan Bayanai
Kuna aika umarni ta akwatin saƙo na SDM don aiwatar da ɓoyayyen abu da ɓoyayyen abu na SDOS. Kuna iya amfani da fasalin SDOS bayan samar da maɓallin tushen SDOS.
Bayani Mai Mahimmanci Tabbataccen Maɓallin Sabis na Tushen Sabis a shafi na 30
5.6.3. SDM Cryptographic Primitive Services
Kuna aika umarni ta akwatin saƙo na SDM don fara ayyukan sabis na sirri na SDM. Wasu sabis na sirri na sirri suna buƙatar ƙarin bayanai zuwa kuma daga SDM fiye da yadda akwatin saƙo zai iya karɓa. A cikin waɗannan lokuta, umarnin tsarin yana canzawa don samar da masu nuni zuwa bayanai a cikin ƙwaƙwalwar ajiya. Bugu da ƙari, dole ne ku canza saurin abokin ciniki na Akwatin Wasiku Intel FPGA IP don amfani da sabis na sirri na SDM na farko daga ma'anar masana'anta na FPGA. Hakanan dole ne ku saita ma'aunin Enable Service na Crypto zuwa 1 kuma ku haɗa sabuwar hanyar shigar da AXI zuwa ƙwaƙwalwar ajiya a cikin ƙirar ku.
Hoto 21. Ba da damar Sabis na Sirri na SDM a cikin Akwatin Wasiƙa Abokin ciniki Intel FPGA IP

5.7. Saitunan Tsaro na Bitstream (FM/S10)
Zaɓuɓɓukan Tsaro na FPGA Bitstream tarin manufofi ne waɗanda ke taƙaita ƙayyadadden fasalin ko yanayin aiki a cikin ƙayyadadden lokaci.
Zaɓuɓɓukan Tsaro na Bitstream sun ƙunshi tutoci waɗanda kuka saita a cikin software na Intel Quartus Prime Pro Edition. Ana kwafi waɗannan tutoci ta atomatik zuwa cikin tsattsauran ra'ayi.
Kuna iya aiwatar da zaɓuɓɓukan tsaro na dindindin akan na'ura ta hanyar amfani da eFuse madaidaicin saitin tsaro.
Don amfani da kowane saitin tsaro a cikin daidaitawar bitstream ko na'urar eFuses, dole ne ku kunna fasalin tantancewa.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 57

5. Abubuwan Ci gaba 683823 | 2023.05.23
5.7.1. Zaɓi da Ba da damar Zaɓuɓɓukan Tsaro
Don zaɓar da ba da damar zaɓuɓɓukan tsaro, yi kamar haka: Daga Menu na Ayyuka, zaɓi Na'urar Na'ura da Zaɓuɓɓukan Fil Tsaro Ƙarin Zabuka… Hoto 22. Zaɓi da Ba da damar Zaɓuɓɓukan Tsaro

Sannan zaɓi dabi'u daga jerin abubuwan da aka saukar don zaɓuɓɓukan tsaro waɗanda kuke son kunnawa kamar yadda aka nuna a cikin tsohon mai zuwa.ampda:
Hoto 23. Zaɓin Ƙimar don Zaɓuɓɓukan Tsaro

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 58

Aika da martani

5. Abubuwan Ci gaba 683823 | 2023.05.23
Wadannan su ne daidaitattun canje-canje a cikin Saitunan Firayim na Quartus .qsf file:
saitin_aikin_duniya -suna SECU_OPTION_DISABLE_JTAG “ON CHECK” set_global_assignment -name SECU_OPTION_FORCE_ENCRYPTION_KEY_UPDATE “ON STICKY” set_global_assignment -name SECU_OPTION_FORCE_SDM_CLOCK_TO_INT_OSC ON set_global_assignment -name SECU_OPTION_DISABLE_VIRTUAL_EFUSES ON set_global_assignment -name SECU_OPTION_LOCK_SECURITY_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_HPS_DEBUG ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON saitin_assignment_duniya -suna SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM ON saitin_aikin_duniya -suna SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 59

683823 | 2023.05.23 Aika Ra'ayoyin

Shirya matsala

Wannan babin yana bayyana kurakuran gama gari da saƙonnin gargaɗi waɗanda za ku iya fuskanta yayin ƙoƙarin amfani da fasalulluka na tsaro na na'ura da matakan warware su.
6.1. Amfani da Dokokin Quartus a cikin Kuskuren Muhalli na Windows
Kuskuren quartus_pgm: umarni ba a samo Bayanin wannan kuskuren yana nunawa lokacin ƙoƙarin amfani da umarnin Quartus a cikin NIOS II Shell a cikin yanayin Windows ta amfani da WSL. Resolution Wannan umurnin yana aiki a cikin mahallin Linux; Don rundunonin Windows, yi amfani da umarni mai zuwa: quartus_pgm.exe -h Hakazalika, yi amfani da wannan ma'anar zuwa wasu umarnin Quartus Prime kamar quartus_pfg, quartus_sign, quartus_encrypt a tsakanin sauran umarni.

ISO 9001: 2015 Rajista

6. Shirya matsala 683823 | 2023.05.23

6.2. Samar da Gargaɗi na Maɓalli Mai zaman kansa

Gargadi:

Ana ɗaukar ƙayyadadden kalmar sirri mara tsaro. Intel ya ba da shawarar cewa a yi amfani da aƙalla haruffa 13 na kalmar sirri. Ana ba ku shawarar canza kalmar wucewa ta amfani da OpenSSL executable.

openssl ec-in - fita - wata 256

Bayani
Wannan gargaɗin yana da alaƙa da ƙarfin kalmar sirri da nuni yayin ƙoƙarin samar da maɓalli na sirri ta hanyar ba da umarni masu zuwa:

quartus_sign –family=agilex –operation=make_private_pem –curve=secp3841 tushen.pem

Resolution Yi amfani da openssl mai aiwatarwa don tantance kalmar sirri mai tsayi kuma don haka mafi ƙarfi.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 61

6. Shirya matsala 683823 | 2023.05.23
6.3. Ƙara Maɓallin Sa hannu zuwa Kuskuren Aikin Quartus
Kuskure…File ya ƙunshi bayanan tushen tushen…
Bayani
Bayan ƙara maɓallin sa hannu .qky file zuwa aikin Quartus, kuna buƙatar sake tara .sof file. Lokacin da kuka ƙara wannan sabuntawar .sof file zuwa na'urar da aka zaɓa ta amfani da Quartus Programmer, saƙon kuskure mai zuwa yana nuna cewa file ya ƙunshi bayanan tushen tushen:
An kasa ƙarawafile-path-name> zuwa Programmer. The file ya ƙunshi bayanan tushen tushen (.qky). Koyaya, Programmer baya goyan bayan fasalin sa hannu na bitstream. Kuna iya amfani da Programming File Generator don maida file zuwa Raw Binary da aka sanya hannu file (.rbf) don daidaitawa.
Ƙaddamarwa
Yi amfani da Quartus Programming file janareta don maida da file a cikin Raw Binary mai sa hannu File .rbf don daidaitawa.
Bayani mai alaƙa Sa hannu Kan Kanfigareshan Bitstream Amfani da umarnin quartus_sign a shafi na 13

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 62

Aika da martani

6. Shirya matsala 683823 | 2023.05.23
6.4. Ƙarfafa Shirye-shiryen Quartus Prime File bai yi nasara ba
Kuskure
Kuskure (20353): X na maɓalli na jama'a daga QKY bai dace da maɓalli na sirri daga PEM ba file.
Kuskure (20352): An kasa sanya hannu a bitstream ta hanyar rubutun python agilex_sign.py.
Kuskure: Quartus Prime Programming File Generator bai yi nasara ba.
Bayanin Idan kayi ƙoƙarin sanya hannu akan tsarin bitstream ta amfani da maɓallin keɓaɓɓen kuskure .pem file ko a .pem file wanda bai dace da .qky da aka ƙara zuwa aikin ba, kurakuran gama gari na sama suna nuni. ƙudiri Tabbatar cewa kayi amfani da madaidaicin maɓalli na sirri .pem don sa hannu akan bitstream.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 63

6. Shirya matsala 683823 | 2023.05.23
6.5. Kurakurai na jayayya da ba a sani ba
Kuskure
Kuskure (23028): Ba a sani ba hujjar "ûc". Koma zuwa-taimako don hujjar doka.
Kuskure (213008): Keɓaɓɓen zaɓi na shirye-shirye “ûp” haramun ne. Koma zuwa-taimako don tsarin zaɓin shirye-shiryen doka.
Bayanin Idan ka kwafa da liƙa zaɓuɓɓukan layin umarni daga .pdf file a cikin Windows NIOS II Shell, za ku iya haɗu da kurakuran gardama da ba a sani ba kamar yadda aka nuna a sama. Resolution A irin waɗannan lokuta, zaku iya shigar da umarni da hannu maimakon liƙa daga allo.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 64

Aika da martani

6. Shirya matsala 683823 | 2023.05.23
6.6. Kuskuren ɓoye Zaɓin Bitstream
Kuskure
Ba za a iya kammala ɓoyayyen ɓoyayyen ba file ƙira .sof saboda an haɗa shi tare da zaɓin ɓoye ɓoyayyiyar bitstream an kashe shi.
Bayanin Idan kuna ƙoƙarin ɓoye bitstream ta hanyar GUI ko layin umarni bayan kun haɗa aikin tare da zaɓin ɓoyayyen bitstream an kashe, Quartus ya ƙi umarnin kamar yadda aka nuna a sama.
ƙudiri Tabbatar cewa kun haɗa aikin tare da zaɓin ɓoyayyen bitstream wanda aka kunna ta hanyar GUI ko layin umarni. Don kunna wannan zaɓi a cikin GUI, dole ne ku duba akwati don wannan zaɓi.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 65

6. Shirya matsala 683823 | 2023.05.23
6.7. Ƙayyadaddun Madaidaicin Hanya zuwa Maɓalli
Kuskure
Kuskure (19516): An Gano Shirye-shiryen File Kuskuren saitunan janareta: Ba a iya samun 'key_file'. Tabbatar da file yana a wurin da ake tsammani ko sabunta saitin.sec
Kuskure (19516): An Gano Shirye-shiryen File Kuskuren saitunan janareta: Ba a iya samun 'key_file'. Tabbatar da file yana a wurin da ake tsammani ko sabunta saitin.
Bayani
Idan kana amfani da maɓallan da aka adana akan maɓallan file tsarin, kana buƙatar tabbatar da cewa sun ƙididdige hanyar da ta dace don maɓallan da aka yi amfani da su don ɓoyewa da sa hannu. Idan Programming File Generator ba zai iya gano hanyar da ta dace ba, saƙonnin kuskuren da ke sama suna nuni.
Ƙaddamarwa
Koma zuwa Saitunan Firayim na Quartus .qsf file don nemo madaidaitan hanyoyi don maɓallan. Tabbatar cewa kayi amfani da hanyoyin dangi maimakon cikakkun hanyoyi.

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 66

Aika da martani

6. Shirya matsala 683823 | 2023.05.23
6.8. Amfani da Fitarwa mara tallafi File Nau'in
Kuskure
quartus_pfg -c design.sof fitarwa_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o signing=ON -o pem_file= alamar_private.pem
Kuskure (19511): fitarwa mara tallafi file irin (ebf). Yi amfani da zaɓin "-l" ko "-list" don nuna goyon baya file rubuta bayanai.
Bayanin Yayin amfani da Shirye-shiryen Quartus File Generator don samar da ɓoyayyen ɓoyayyen ɓoyayyen da aka sa hannu, zaku iya ganin kuskuren da ke sama idan fitowar mara tallafi file an kayyade nau'in. Resolution Yi amfani da -l ko zaɓin jeri don ganin jerin masu goyan baya file iri.

Aika da martani

Intel Agilex® 7 Jagorar Mai Amfani da Tsaro na Na'ura 67

683823 | 2023.05.23 Aika Ra'ayoyin
7. Intel Agilex 7 Rukunin Jagorar Mai Amfani da Tsaro na Na'ura
Don sabbin juzu'ai da na baya na wannan jagorar mai amfani, koma zuwa Intel Agilex 7 Jagorar Tsaro na Na'ura. Idan ba a jera sigar IP ko software ba, jagorar mai amfani na IP ɗin da ta gabata ko sigar software ta shafi.

ISO 9001: 2015 Rajista

683823 | 2023.05.23 Aika Ra'ayoyin

8. Tarihin Bita na Intel Agilex 7 Jagorar Tsaro na Na'urar

Takardar Shafin 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09

Takardu / Albarkatu

Intel Agilex 7 Tsaro na'ura [pdf] Manual mai amfani
Agilex 7 Tsaro na Na'ura, Agilex 7, Tsaro na Na'ura, Tsaro

Magana

Manual mai amfani

Intel Agilex 7 Tsaro na'ura

Bayanin samfur

Umarnin Amfani da samfur

Tambayoyin da ake yawan yi

Tsaro na Na'ura ya ƙareview

Tabbatarwa da izini

AES Bitstream Encryption

Samar da Na'ura

Abubuwan Ci gaba

Shirya matsala

Takardu / Albarkatu

Magana

Bar sharhi

Soke amsa