ʻO Intel Agilex 7 Pūnaewele Palekana Mea hoʻohana

Manaʻo ʻo Intel i ka palekana huahana a paipai i nā mea hoʻohana e hoʻomaʻamaʻa iā lākou iho me nā kumuwaiwai palekana huahana i hāʻawi ʻia. Pono e hoʻohana ʻia kēia mau kumuwaiwai i ke ola o ka huahana Intel.

2. Nā hiʻohiʻona palekana i hoʻolālā ʻia

Hoʻolālā ʻia nā hiʻohiʻona palekana e hiki mai ana no ka hoʻokuʻu ʻana o ka polokalamu Intel Quartus Prime Pro Edition:

ʻO ka hōʻoia ʻana i ka palekana Bitstream Security Verification: Hāʻawi i ka hōʻoia hou ʻaʻole hiki i nā bitstreams Partial Reconfiguration (PR) ke komo a keʻakeʻa paha i nā bitstreams PR persona ʻē aʻe.

Pepehi-Pepehi Pono no ke Kinohi Anti-Tamper: Hana i ka holoi ʻana a i ʻole ka pane zeroization o ka hāmeʻa a me nā polokalamu eFuses e pale ai i ka hoʻonohonoho hou ʻana.

3. Loaʻa nā Palapala Palekana

Aia ka papa ma lalo nei i nā palapala i loaʻa no nā hiʻohiʻona palekana o nā polokalamu ma Intel FPGA a me Structured ASIC.

Inoa Palapala	Ke kumu
ʻO ke ala palekana no nā Intel FPGA a me nā mea hoʻohana i kūkulu ʻia ʻo ASIC Alakai	Palapala kiʻekiʻe e hāʻawi i nā wehewehe kikoʻī o nā hiʻohiʻona palekana a me nā ʻenehana ma Intel Programmable Solutions Nā huahana. Kōkua i nā mea hoʻohana e koho i nā hiʻohiʻona palekana e pono ai e hoʻokō i kā lākou mau pahuhopu palekana.
ʻO Intel Stratix 10 Ke alakaʻi mea hoʻohana palekana	Nā kuhikuhi no nā mea hoʻohana o nā polokalamu Intel Stratix 10 e hoʻokō nā hiʻohiʻona palekana i ʻike ʻia me ka hoʻohana ʻana i ka Security Methodology Ke alakaʻi hoʻohana.
ʻO Intel Agilex 7 Ke alakaʻi hoʻohana palekana	Nā ʻōkuhi no nā mea hoʻohana o nā polokalamu Intel Agilex 7 e hoʻokō nā hiʻohiʻona palekana i ʻike ʻia me ka hoʻohana ʻana i ka Security Methodology Ke alakaʻi hoʻohana.
Intel eASIC N5X Ke alakaʻi hoʻohana palekana	Nā kuhikuhi no nā mea hoʻohana o nā mea hana Intel eASIC N5X e hoʻokō nā hiʻohiʻona palekana i ʻike ʻia me ka hoʻohana ʻana i ka Security Methodology Ke alakaʻi hoʻohana.
ʻO Intel Agilex 7 a me Intel eASIC N5X HPS Cryptographic Services Ke alakaʻi hoʻohana	ʻIke no nā ʻenekini polokalamu HPS ma ka hoʻokō a me ka hoʻohana ʻana i nā hale waihona puke polokalamu HPS e komo i nā lawelawe cryptographic hāʻawi ʻia e ka SDM.
ʻO AN-968 ʻEleʻele ʻeleʻele hoʻolako lawelawe alakaʻi hoʻomaka wikiwiki	Hoʻopiha piha i nā ʻanuʻu no ka hoʻonohonoho ʻana i ka Hoʻolako kī ʻeleʻele lawelawe.

Nīnau pinepine

Nīnau: He aha ke kumu o ka Security Methodology User Guide?

A: Hāʻawi ka Security Methodology User Guide i nā wehewehe kikoʻī o nā hiʻohiʻona palekana a me nā ʻenehana ma Intel Programmable Solutions Products. Kōkua ia i nā mea hoʻohana e koho i nā hiʻohiʻona palekana e pono ai e hoʻokō i kā lākou mau pahuhopu palekana.

Nīnau: Ma hea e hiki ai iaʻu ke loaʻa i ka Intel Agilex 7 Device Security User Guide?

A: Hiki ke loaʻa ka Intel Agilex 7 Device Security User Guide ma ka Intel Resource and Design Center webpaena.

Nīnau: He aha ka lawelawe Black Key Provisioning?

A: ʻO ka lawelawe ʻo Black Key Provisioning kahi lawelawe e hāʻawi ana i kahi papa hana piha e hoʻonohonoho i ka hoʻolako kī no nā hana palekana.

View Fullscreen

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana
Hoʻohou ʻia no Intel® Quartus® Prime Design Suite: 23.1

Hoʻouna manaʻo manaʻo

UG-20335

683823 2023.05.23

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 2

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 3

683823 | 2023.05.23 Hoʻouna Manaʻo
1. Intel Agilex® 7

Ua pau ka palekana o ka lakohanaview

Hoʻolālā ʻo Intel® i nā hāmeʻa Intel Agilex® 7 me nā lako palekana hoʻolaʻa a hiki ke hoʻonohonoho pono ʻia.
Aia kēia palapala i nā kuhikuhi e kōkua iā ʻoe e hoʻohana i ka polokalamu Intel Quartus® Prime Pro Edition e hoʻokō i nā hiʻohiʻona palekana ma kāu mau polokalamu Intel Agilex 7.
Hoʻohui ʻia, loaʻa ke ʻano palekana no nā Intel FPGAs a me Structured ASICs User Guide ma ka Intel Resource & Design Center. Aia kēia palapala i nā wehewehe kikoʻī o nā hiʻohiʻona palekana a me nā ʻenehana i loaʻa ma o nā huahana Intel Programmable Solutions e kōkua iā ʻoe e koho i nā hiʻohiʻona palekana e pono ai e hoʻokō i kāu mau pahuhopu palekana. E hoʻokaʻaʻike i ke kākoʻo Intel me ka helu kuhikuhi 14014613136 no ke kiʻi ʻana i ke ʻano palekana no nā Intel FPGAs a me Structured ASICs User Guide.
Hoʻonohonoho ʻia ka palapala penei: · Ka hōʻoia a me ka ʻae ʻia: Hāʻawi i nā ʻōlelo aʻoaʻo e hana ai
nā kī hōʻoia a me nā kaulahao pūlima, e hoʻopili i nā ʻae a me ka hoʻopau ʻana, nā mea hōʻailona, a me nā hiʻohiʻona hōʻoia papahana ma nā polokalamu Intel Agilex 7. · AES Bitstream Encryption: Hāʻawi i nā ʻōlelo aʻoaʻo e hana i kahi kī kumu AES, hoʻopili i nā bitstreams hoʻonohonoho, a hāʻawi i ke kī kumu AES i nā polokalamu Intel Agilex 7. · Hoʻolako Mea Hana: Hāʻawi i nā ʻōlelo aʻoaʻo e hoʻohana i ka Intel Quartus Prime Programmer a me Secure Device Manager (SDM) hoʻolako firmware i nā hiʻohiʻona palekana papahana ma nā polokalamu Intel Agilex 7. · Nā hiʻohiʻona kiʻekiʻe: Hāʻawi i nā ʻōlelo aʻoaʻo e hiki ai i nā hiʻohiʻona palekana holomua, me ka ʻae ʻana i ka debug palekana, Hard Processor System (HPS) debug, a me ka hoʻoponopono ʻōnaehana mamao.
1.1. Hoʻoholo i ka palekana huahana
ʻAʻole i ʻoi aku ka ikaika o ka manaʻo lōʻihi o Intel i ka palekana. Manaʻo ikaika ʻo Intel e kamaʻāina ʻoe i kā mākou waiwai palekana huahana a hoʻolālā e hoʻohana iā lākou i ke ola o kāu huahana Intel.
ʻIke pili · Huahana Huahana ma Intel · Intel Product Security Center Advisories

Huina Intel. Ua mālama ʻia nā kuleana āpau. ʻO Intel, ka Intel logo, a me nā hōʻailona Intel ʻē aʻe he mau hōʻailona o Intel Corporation a i ʻole kāna mau lālā. Mālama ʻo Intel i ka hana o kāna mau huahana FPGA a me semiconductor i nā kikoʻī o kēia manawa e like me ka palapala hōʻoia maʻamau o Intel, akā aia ke kuleana e hoʻololi i nā huahana a me nā lawelawe i kēlā me kēia manawa me ka ʻole o ka hoʻolaha. ʻAʻole ʻo Intel i kuleana a i ʻole kuleana e puka mai ana mai ka noi a i ʻole ka hoʻohana ʻana i kekahi ʻike, huahana, a i ʻole lawelawe i wehewehe ʻia ma ʻaneʻi koe wale nō i ʻae ʻia ma ke kākau ʻana e Intel. Manaʻo ʻia nā mea kūʻai aku Intel e loaʻa i ka mana hou o nā kikoʻī o nā hāmeʻa ma mua o ka hilinaʻi ʻana i kekahi ʻike i paʻi ʻia a ma mua o ke kau ʻana i nā kauoha no nā huahana a i ʻole nā lawelawe. * Hiki ke koi ʻia nā inoa a me nā hōʻailona ʻē aʻe ma ke ʻano he waiwai o nā poʻe ʻē aʻe.

ISO 9001:2015 Kakau

1. ʻO Intel Agilex® 7 Pūnaewele Palekanaview 683823 | 2023.05.23

1.2. Nā hiʻohiʻona palekana i hoʻolālā ʻia

Hoʻolālā ʻia nā hiʻohiʻona i ʻōlelo ʻia ma kēia ʻāpana no ka hoʻokuʻu ʻana o ka polokalamu Intel Quartus Prime Pro Edition.

Nānā:

ʻO ka ʻike ma kēia ʻāpana he mea mua.

1.2.1. ʻO ka hōʻoia ʻana i ka palekana Bitstream Security
ʻO ka hōʻoia ʻana i ka palekana bitstream hoʻololi hapa (PR) kōkua i ka hāʻawi ʻana i ka hōʻoia hou ʻaʻole hiki i nā bitstreams PR persona ke komo a keʻakeʻa paha i nā bitstreams PR persona ʻē aʻe.

1.2.2. Pepehi-Pepehi Pono no ke Kinohi Anti-Tamper
Hoʻohana ka pepehi kanaka iā ia iho i ka holoi ʻana a i ʻole ka pane zeroization o ka hāmeʻa a me nā polokalamu eFuses e pale ai i ka hoʻonohonoho hou ʻana.

1.3. Loaʻa nā Palapala Palekana

Hōʻike ka papa ma lalo nei i nā palapala i loaʻa no nā hiʻohiʻona palekana o nā polokalamu ma nā polokalamu Intel FPGA a me Structured ASIC:

Papa 1.

Loaʻa nā Palapala Palekana Pūnaewele

Inoa Palapala
ʻO ke ʻano palekana no nā Intel FPGAs a me Structured ASICs User Guide

Ke kumu
ʻO ka palapala kiʻekiʻe i loaʻa nā wehewehe kikoʻī o nā hiʻohiʻona palekana a me nā ʻenehana i loko o Intel Programmable Solutions Products. Manaʻo ʻia e kōkua iā ʻoe e koho i nā hiʻohiʻona palekana e pono ai e hoʻokō i kāu mau pahuhopu palekana.

Palapala ID 721596

ʻO Intel Stratix 10 Ke alakaʻi mea hoʻohana palekana
ʻO Intel Agilex 7 Ke alakaʻi hoʻohana palekana

No nā mea hoʻohana o nā polokalamu Intel Stratix 10, aia kēia alakaʻi i nā ʻōlelo kuhikuhi e hoʻohana i ka polokalamu Intel Quartus Prime Pro Edition e hoʻokō i nā hiʻohiʻona palekana i ʻike ʻia me ka hoʻohana ʻana i ka Security Methodology User Guide.
No nā mea hoʻohana i nā polokalamu Intel Agilex 7, aia kēia alakaʻi i nā ʻōlelo kuhikuhi e hoʻohana i ka polokalamu Intel Quartus Prime Pro Edition e hoʻokō i nā hiʻohiʻona palekana i ʻike ʻia me ka hoʻohana ʻana i ka Security Methodology User Guide.

683642 683823

Intel eASIC N5X Ke alakaʻi hoʻohana palekana

No nā mea hoʻohana i nā polokalamu Intel eASIC N5X, aia kēia alakaʻi i nā ʻōlelo kuhikuhi e hoʻohana i ka polokalamu Intel Quartus Prime Pro Edition e hoʻokō i nā hiʻohiʻona palekana i ʻike ʻia me ka hoʻohana ʻana i ka Security Methodology User Guide.

626836

ʻO Intel Agilex 7 a me Intel eASIC N5X HPS Cryptographic Services Guide Guide

Aia i loko o kēia alakaʻi ka ʻike e kōkua i nā ʻenekini polokalamu HPS i ka hoʻokō ʻana a me ka hoʻohana ʻana i nā hale waihona puke polokalamu HPS e komo i nā lawelawe cryptographic i hāʻawi ʻia e ka SDM.

713026

ʻO AN-968 ʻEleʻele ʻeleʻele hoʻolako lawelawe alakaʻi hoʻomaka wikiwiki

Aia kēia alakaʻi i nā ʻanuʻu holoʻokoʻa e hoʻonohonoho i ka lawelawe Black Key Provisioning.

739071

Wahi Intel Resource a me
Hale Hoʻolālā
Intel.com
Intel.com
Punawaiwai a me ka Hale Hoʻolālā Intel
Punawaiwai a me ka Hale Hoʻolālā Intel
Punawaiwai a me ka Hale Hoʻolālā Intel

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 5

683823 | 2023.05.23 Hoʻouna Manaʻo

ʻO ka hōʻoia a me ka mana

I mea e hiki ai i nā hiʻohiʻona hōʻoia o kahi polokalamu Intel Agilex 7, hoʻomaka ʻoe me ka hoʻohana ʻana i ka polokalamu Intel Quartus Prime Pro Edition a me nā mea hana pili e kūkulu i kahi kaulahao pūlima. Aia ke kaulahao pūlima me kahi kī kumu, hoʻokahi a ʻoi aʻe paha kī pūlima, a me nā mana e pili ana. Hoʻopili ʻoe i ke kaulahao pūlima i kāu papahana Intel Quartus Prime Pro Edition a me nā polokalamu hoʻonohonoho files. E hoʻohana i nā ʻōlelo aʻoaʻo ma ka Device Provisioning e hoʻolālā i kāu kī kumu i nā polokalamu Intel Agilex 7.
ʻIke pili
Hoʻolako Mea Hana ma ka ʻaoʻao 25

2.1. Ke hana ʻana i kahi kaulahao pūlima
Hiki iā ʻoe ke hoʻohana i ka mea hana quartus_sign a i ʻole ka hoʻokō kuhikuhi agilex_sign.py e hana i nā hana kaulahao pūlima. Hāʻawi kēia palapala examples me ka quartus_sign.
No ka hoʻohana ʻana i ka hoʻokō kuhikuhi, hoʻololi ʻoe i kahi kelepona i ka unuhi unuhi Python me ka polokalamu Intel Quartus Prime a haʻalele i ka koho –family=agilex; ua like nā koho ʻē aʻe a pau. No exampʻo, ke kauoha quartus_sign i loaʻa ma hope ma kēia ʻāpana
quartus_sign –family=agilex –operation=make_root root_public.pem root.qky hiki ke hoʻololi ʻia i ka leo like i ka hoʻokō kuhikuhi e like me kēia.
pgm_py agilex_sign.py –operation=make_root root_public.pem root.qky

Aia ka polokalamu Intel Quartus Prime Pro Edition i nā mea hana quartus_sign, pgm_py, a me agilex_sign.py. Hiki iā ʻoe ke hoʻohana i ka Nios® II command shell tool, nāna e hoʻonohonoho i nā ʻano hoʻololi kaiapuni kūpono e komo i nā mea hana.

E hahai i kēia mau ʻōlelo aʻoaʻo no ka lawe ʻana i kahi pūpū kauoha Nios II. 1. E lawe mai i kahi pūpū kauoha Nios II.

Windows koho
Linux

wehewehe
Ma ka papa kuhikuhi hoʻomaka, e kuhikuhi i nā Polokalamu Intel FPGA Nios II EDS a kaomi iā Nios II Kauoha Shell.
Ma kahi kauoha shell e hoʻololi i ka /nios2eds a holo i kēia kauoha:
./nios2_command_shell.sh

ʻO ka exampʻO nā mea ma kēia ʻāpana e lawe i ke kaulahao pūlima a me ka bitstream hoʻonohonoho fileAia nā s i ka papa kuhikuhi hana o kēia manawa. Inā koho ʻoe e hahai i ka examples kahi kī files ua malamaia ma ka file ʻōnaehana, kēlā mau examples assume the key files he

ISO 9001:2015 Kakau

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23
aia ma ka papa kuhikuhi hana o kēia manawa. Hiki iā ʻoe ke koho i nā papa kuhikuhi e hoʻohana ai, a kākoʻo nā mea hana pili file alahele. Inā koho ʻoe e mālama i ke kī files ma ka file ʻōnaehana, pono ʻoe e mālama pono i nā ʻae komo i kēlā files.
Manaʻo ʻo Intel e hoʻohana ʻia kahi Hardware Security Module (HSM) i kūʻai ʻia no ka mālama ʻana i nā kī cryptographic a hana i nā hana cryptographic. Aia i loko o ka quartus_sign mea hana a me ka ho'okō 'ana i ka Public Key Cryptography Standard #11 (PKCS #11) Application Programming Interface (API) e launa pū me kahi HSM i ka wā e hana ana i nā hana kaulahao pūlima. Loaʻa ka hoʻokō kuhikuhi agilex_sign.py i kahi abstract interface a me kahi exampe pili ana i ka SoftHSM.
Hiki iā ʻoe ke hoʻohana i kēia mau exampe hoʻokomo i kahi kikowaena i kāu HSM. E nānā i ka palapala mai kāu mea kūʻai HSM no ka ʻike hou aku e pili ana i ka hoʻokō ʻana i kahi interface a me ka hana ʻana i kāu HSM.
ʻO SoftHSM kahi polokalamu hoʻokō o kahi mea hana cryptographic generic me kahi PKCS #11 interface i hoʻolako ʻia e ka papahana OpenDNSSEC®. Hiki iā ʻoe ke loaʻa nā ʻike hou aʻe, me nā ʻōlelo aʻoaʻo no ka hoʻoiho ʻana, kūkulu, a hoʻokomo iā OpenHSM, ma ka papahana OpenDNSSEC. ʻO ka exampMa kēia ʻāpana e hoʻohana i ka mana SoftHSM 2.6.1. ʻO ka exampE hoʻohana hou i kēia ʻāpana i ka pono pkcs11-mea hana mai OpenSC e hana i nā hana PKCS #11 hou me kahi hōʻailona SoftHSM. Loaʻa paha iā ʻoe ka ʻike hou aku, me nā ʻōlelo aʻoaʻo e pili ana i ka hoʻoiho ʻana, kūkulu, a hoʻokomo i ka pkcs11tool mai OpenSC.
ʻIke pili
· Ka OpenDNSSEC project Policy-based zone signer for automating the process of DNSSEC key tracking.
· SoftHSM ʻIke e pili ana i ka hoʻokō ʻana i kahi hale kūʻai cryptographic hiki ke loaʻa ma o ka PKCS #11 interface.
· OpenSC Hāʻawi i nā hale waihona puke a me nā pono hana e hana me nā kāleka akamai.
2.1.1. Ke hana ʻana i nā hui kī hōʻoia ma ka ʻĀina File Pūnaehana
Hoʻohana ʻoe i ka mea hana quartus_sign no ka hana ʻana i nā hui kī hōʻoia ma ka kūloko file ʻōnaehana me ka hoʻohana ʻana i ka hana hana make_private_pem a me make_public_pem. Hana mua ʻoe i kahi kī pilikino me ka hana make_private_pem. Hoʻokaʻawale ʻoe i ka pihi elliptic e hoʻohana ai, ke kī pilikino fileinoa, a inā paha e pale i ke kī pilikino me ka ʻōlelo huna. Manaʻo ʻo Intel i ka hoʻohana ʻana i ka curve secp384r1 a me ka hahai ʻana i nā hana maikaʻi loa o ka ʻoihana e hana i kahi ʻōlelo huna ikaika a paʻakikī ma nā kī pilikino āpau. files. Manaʻo pū ʻo Intel e kaohi i ka file nā ʻae ʻōnaehana ma ke kī pilikino .pem files e heluhelu na ka mea nona wale no. Loaʻa iā ʻoe ke kī lehulehu mai ke kī pilikino me ka hana make_public_pem. He mea kōkua ka inoa o ke kī .pem files wehewehe. Hoʻohana kēia palapala i ka ʻaha kūkā _ .pem i ka examples.
1. Ma ka shell kauoha Nios II, e holo i keia kauoha no ka hana ana i kahi ki. Hoʻohana ʻia ke kī pilikino, i hōʻike ʻia ma lalo nei ma ke ʻano he kī kumu ma hope examples e hana i kahi kaulahao pūlima. Kākoʻo nā polokalamu Intel Agilex 7 i nā kī kumu he nui, pēlā ʻoe

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 7

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

e hana hou i kēia kaʻina no ka hana ʻana i kāu helu pono o nā kī kumu. ExampʻO nā mea i loko o kēia palapala e pili ana i ke kī kumu mua, ʻoiai hiki iā ʻoe ke kūkulu i nā kaulahao pūlima ma ke ʻano like me kekahi kī kumu.

Koho Me ka ʻōlelo huna

wehewehe
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem E komo i ka ʻōlelo huna ke koi ʻia e hana pēlā.

Me ka ʻōlelo huna ʻole

quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 –no_passphrase root0_private.pem

2. E holo i kēia kauoha no ka hana ʻana i kī lehulehu me ka hoʻohana ʻana i ke kī pilikino i hana ʻia ma ka pae mua. ʻAʻole pono ʻoe e pale i ka hūnā o kahi kī lehulehu.
quartus_sign –family=agilex –operation=make_public_pem root0_private.pem root0_public.pem
3. E holo hou i nā kauoha no ka hana ʻana i ʻelua kī i hoʻohana ʻia e like me ke kī hōʻailona hoʻolālā ma ke kaulahao pūlima.
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 design0_sign_private.pem

quartus_sign –family=agilex –operation=make_public_pem design0_sign_private.pem design0_sign_public.pem

2.1.2. Ke hana ʻana i nā hui kī hōʻoia ma SoftHSM
ʻO ka SoftHSM exampʻO nā mea ma kēia mokuna he paʻa ponoʻī. Aia kekahi mau ʻāpana i kāu hoʻonohonoho SoftHSM a me kahi hoʻomaka ʻana o ka hōʻailona ma SoftHSM.
Aia ka mea hana quartus_sign i ka waihona PKCS #11 API mai kāu HSM.
ʻO ka exampKe manaʻo nei nā mea ma kēia ʻāpana ua hoʻokomo ʻia ka waihona SoftHSM i kekahi o kēia mau wahi: · /usr/local/lib/softhsm2.so ma Linux · C:SoftHSM2libsofthsm2.dll ma 32-bit version of Windows · C:SoftHSM2libsofthsm2-x64 .dll ma ka mana 64-bit o Windows.
E hoʻomaka i kahi hōʻailona ma SoftHSM me ka hoʻohana ʻana i ka hāmeʻa softhsm2-util:
softhsm2-util –init-token –label agilex-token –pin agilex-token-pin –so-pin agilex-so-pin –free
ʻO nā ʻāpana koho, ʻo ka lepili hōʻailona a me ka pine token he examphoʻohana ʻia ma kēia mokuna. Manaʻo ʻo Intel e hahai ʻoe i nā ʻōlelo aʻoaʻo mai kāu mea kūʻai aku HSM e hana a mālama i nā hōʻailona a me nā kī.
Hana ʻoe i nā hui kī hōʻoia me ka hoʻohana ʻana i ka pono pkcs11-mea hana e launa pū me ka hōʻailona ma SoftHSM. Ma kahi o ka kuhikuhi pono ʻana i ke kī pilikino a me ka lehulehu .pem files i ka file ʻōnaehana exampʻAe, e ʻike ʻoe i ka lua kī ma kona lepili a koho ka mea hana i ke kī kūpono.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 8

Hoʻouna Manaʻo

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

E holo i kēia mau kauoha no ka hana ʻana i pālua kī i hoʻohana ʻia e like me ke kī kumu ma hope examples a me kekahi kī i hoʻohana ʻia ma ke ʻano he kī hōʻailona hoʻolālā i ke kaulahao pūlima:
pkcs11-mea hana –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC :secp384r1 –hoʻohana-hōʻailona –label root0 –id 0
pkcs11-mea hana –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-type EC :secp384r1 –hoʻohana-hōʻailona –label design0_sign –id 1

Nānā:

Pono ka koho ID ma kēia ʻanuʻu i kēlā me kēia kī, akā hoʻohana wale ʻia e ka HSM. ʻAʻole pili kēia koho ID i ka ID hoʻopau kī i hāʻawi ʻia ma ke kaulahao pūlima.

2.1.3. Ke hana ʻana i ke komo ʻana i ke aʻa kaulahao inoa
E hoʻohuli i ke kī lehulehu aʻa i loko o kahi komo pūlima aʻa, mālama ʻia ma ka ʻāina file ʻōnaehana ma ke ʻano kī Intel Quartus Prime (.qky). file, me ka hana make_root. E hana hou i kēia kaʻina no kēlā me kēia kī kumu āu e hana ai.
E holo i kēia kauoha e hana i kahi kaulahao pūlima me kahi kumu kumu, me ka hoʻohana ʻana i kahi kī ākea kumu mai ka file ʻōnaehana:
quartus_sign –family=agilex –operation=make_root –key_type=owner root0_public.pem root0.qky
E holo i kēia kauoha e hana i kahi kaulahao pūlima me kahi kumu kumu, me ka hoʻohana ʻana i ke kī kumu mai ka hōʻailona SoftHSM i hoʻokumu ʻia ma ka ʻāpana mua:
quartus_sign –family=agilex –operation=make_root –key_type=owner –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so ” root0 root0.qky

2.1.4. Ke hana ʻana i kahi hoʻokomo kī lehulehu
E hana i kahi komo kī lehulehu hou no kahi kaulahao pūlima me ka hana append_key. Hoʻomaopopo ʻoe i ke kaulahao pūlima mua, ke kī pilikino no ke komo hope ʻana i ke kaulahao pūlima mua, ke kī lehulehu pae aʻe, nā ʻae a me ka ID hoʻopau ʻana āu e hāʻawi ai i ke kī lehulehu pae aʻe, a me ke kaulahao pūlima hou. file.
E ʻike ʻaʻole loaʻa ka waihona softHSM me ka hoʻokomo ʻana iā Quartus a pono e hoʻokomo ʻokoʻa. No ka ʻike hou aku e pili ana i ka softHSM e nānā i ka ʻāpana Ke hana ʻana i kahi kaulahao inoa ma luna.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 9

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23
Ma muli o kāu hoʻohana ʻana i nā kī ma ka file ʻōnaehana a i ʻole ma kahi HSM, hoʻohana ʻoe i kekahi o kēia exampnā kauoha e hoʻopili i ka design0_sign kī lehulehu i ke kaulahao pūlima kumu i hana ʻia ma ka ʻāpana mua:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –ʻae=6 –cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= root0 –previous_qky=root0.qky –ʻae=6 –cancel=0 –input_keyname=design0_sign design0_sign_chain.qky
Hiki iā ʻoe ke hana hou i ka hana append_key a hiki i ʻelua mau manawa hou no ka lōʻihi o ʻekolu mau kī lehulehu ma waena o ke kumu kumu a me ke komo ʻana o ke poʻo poʻomanaʻo ma kekahi kaulahao pūlima.
ʻO ka exampKe manaʻo nei ʻoe ua hana ʻoe i kekahi kī lehulehu hōʻoia me nā ʻae like a hāʻawi ʻia i ka ID hoʻopau ʻia 1 i kapa ʻia ʻo design1_sign_public.pem, a ke hoʻopili nei i kēia kī i ke kaulahao pūlima mai ka ex mua.ample:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –ʻae=6 –cancel=1 –input_pem=design1_sign_public.pem design1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= design0_sign –previous_qky=design0_sign_chain.qky –ʻae=6 –cancel=1 –input_keyname=design1_sign design1_sign_chain.qky
Loaʻa i nā polokalamu Intel Agilex 7 kahi kī hoʻopau kī hou e hoʻomaʻamaʻa i ka hoʻohana ʻana i kahi kī hiki ke loli i kēlā me kēia manawa i ke ola o kahi hāmeʻa i hāʻawi ʻia. Hiki iā ʻoe ke koho i kēia kī hoʻopau helu ma ka hoʻololi ʻana i ka manaʻo o ke koho -cancel i pts:pts_value.
2.2. Kau inoa i kahi Bitstream Configuration
Kākoʻo nā polokalamu Intel Agilex 7 i nā helu helu helu palekana (SVN), e ʻae iā ʻoe e hoʻopau i ka ʻae ʻana o kahi mea me ka ʻole e kāpae i kahi kī. Hāʻawi ʻoe i ka counter SVN a me ka waiwai counter SVN kūpono i ka wā o ke kau inoa ʻana i kekahi mea, e like me kahi ʻāpana bitstream, firmware .zip file, a i ʻole palapala paʻa. Hāʻawi ʻoe i ka helu SVN a me ka waiwai SVN me ka hoʻohana ʻana i ke koho –cancel a me svn_counter:svn_value e like me ka hoʻopaʻapaʻa. ʻO nā waiwai kūpono no svn_counter he svnA, svnB, svnC, a me svnD. He helu helu ka svn_value i loko o ka laulā [0,63].

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 10

Hoʻouna Manaʻo

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23
2.2.1. Quartus Key File Haʻawina
Hoʻomaopopo ʻoe i kahi kaulahao pūlima ma kāu papahana polokalamu Intel Quartus Prime e hiki ai i ka hiʻona hōʻoia no kēlā hoʻolālā. Mai ka papa kuhikuhi Assignments, koho Device Device and Pin Options Security Quartus Key File, a laila e nānā i ke kaulahao pūlima .qky file ua hana ʻoe e kau inoa i kēia hoʻolālā.
Kiʻi 1. E ho'ā i ka hoʻonohonoho Bitstream hoʻonohonoho

ʻO kahi ʻē aʻe, hiki iā ʻoe ke hoʻohui i kēia ʻōlelo kuhikuhi i kāu Intel Quartus Prime Settings file (.qsf):
set_global_assignment -inoa QKY_FILE design0_sign_chain.qky
No ka hana ʻana i kahi .sof file mai kahi hoʻolālā i hōʻuluʻulu mua ʻia, e pili ana i kēia hoʻonohonoho, mai ka papa Hana Hana, koho i ka Start Start Assembler. ʻO ka huahana hou .sof file komo pū me nā haʻawina e hiki ai i ka hōʻoia ʻana me ke kaulahao pūlima i hāʻawi ʻia.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 11

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23
2.2.2. Kaulima pūlima SDM Firmware
Hoʻohana ʻoe i ka mea hana quartus_sign e unuhi, hōʻailona, a hoʻokomo i ka firmware SDM pili pono .zip file. Hoʻokomo ʻia ka firmware co-signed e ka polokalamu file mea hana generator ke hoohuli oe i .sof file i loko o kahi hoʻonohonoho bitstream .rbf file. Hoʻohana ʻoe i kēia mau kauoha e hana i kahi kaulahao hou a kau inoa i ka firmware SDM.
1. E hana i kahi kī pūlima hou.
a. E hana i kahi kī pūlima hou ma ka file ʻōnaehana:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 firmware1_private.pem
quartus_sign –family=agilex –operation=make_public_pem firmware1_private.pem firmware1_public.pem
b. E hana i kahi kī pūlima hou ma ka HSM:
pkcs11-mea hana –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen -mechanism ECDSA-KEY-PAIR-GEN –key-type EC :secp384r1 –hoʻohana-hōʻailona –label firmware1 –id 1
2. E hana i kaulahao pūlima hou me ke kī lehulehu hou:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –ʻae=0x1 –cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= root0 –previous_qky=root0.qky –ʻae=1 –cancel=1 –input_keyname=firmware1 firmware1_sign_chain.qky
3. E kope i ka firmware .zip file mai kāu papa kuhikuhi hoʻonohonoho polokalamu Intel Quartus Prime Pro Edition ( /devices/programmer/firmware/ agilex.zip) i ka papa kuhikuhi hana o kēia manawa.
quartus_sign –family=agilex –get_firmware=.
4. E kau inoa i ka firmware .zip file. Wehe 'akomi ka mea hana i ka .zip file a kau inoa pakahi i na firmware .cmf files, a laila kūkulu hou i ka .zip file no ka hoʻohana ʻana i nā mea hana ma nā ʻāpana aʻe:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip signed_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 12

Hoʻouna Manaʻo

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

–keyname=firmware1 –cancel=svnA:0 –qky=firmware1_sign_chain.qky agilex.zip signed_agilex.zip

2.2.3. Ke kau inoa nei i ka Bitstream Configuration me ka hoʻohana ʻana i ke kauoha quartus_sign
No ke kau inoa ʻana i kahi bitstream hoʻonohonoho ʻana me ke kauoha quartus_sign, hoʻololi mua ʻoe i ka .sof file i ka binary maka unsigned file (.rbf). Hiki iā ʻoe ke koho i ka firmware i kau inoa pū me ka hoʻohana ʻana i ke koho fw_source i ka wā o ka hoʻololi ʻana.
Hiki iā ʻoe ke hana i ka bitstream raw unsigned in .rbf format me ka hoʻohana ʻana i kēia kauoha:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
E holo i kekahi o kēia mau kauoha e kau inoa i ka bitstream me ka hoʻohana ʻana i ka mea hana quartus_sign ma muli o ka wahi o kāu mau kī:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf signed_bitstream.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf signed_bitstream.rbf
Hiki iā ʻoe ke hoʻololi i .rbf i kau inoa ʻia files i nā bitstream hoʻonohonoho ʻē aʻe file nā palapala.
No exampe, inā ʻoe e hoʻohana ana i ka Jam* Standard Test and Programming Language (STAPL) Player e hoʻolālā i kahi bitstream ma luna o JTAG, hoʻohana ʻoe i kēia kauoha e hoʻololi i kahi .rbf file i ke ʻano .jam i koi ʻia e ka Jam STAPL Player:
quartus_pfg -c signed_bitstream.rbf signed_bitstream.jam

2.2.4. Kākoʻo Mana Nui o ka hoʻonohonoho hou ʻana hapa

Kākoʻo nā mea ʻenehana Intel Agilex 7 i ka hōʻoia ʻana i ka ʻāpana reconfiguration multi-authority, kahi e hana ai ka mea nona ka mea hana a hoʻopaʻa inoa i ka bitstream static, a hoʻokumu kahi mea nona PR kaʻawale a hōʻailona i nā bitstreams PR persona. Hoʻokomo nā polokalamu Intel Agilex 7 i ke kākoʻo mana lehulehu ma o ka hāʻawi ʻana i nā kī kī kumu hōʻoia mua i ka hāmeʻa a i ʻole ka mea nona ka bitstream static a me ka hāʻawi ʻana i ka slot kī aʻa hōʻoia hope i ka mea nona ka bitstream persona reconfiguration.
Inā ʻae ʻia ka hiʻohiʻona hōʻoia, pono e pūlima ʻia nā kiʻi PR persona a pau, me nā kiʻi PR persona pūnana. Hiki ke pūlima ʻia nā kiʻi PR persona e ka mea nona ka polokalamu a i ʻole e ka mea nona ka PR; akā naʻe, pono e pūlima ʻia nā bitstreams static region e ka mea nona ka polokalamu.

Nānā:

ʻO ka partial Reconfiguration static a me persona bitstream encryption ke hoʻohana ʻia ke kākoʻo lehulehu-authority i hoʻolālā ʻia i kahi hoʻokuʻu e hiki mai ana.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 13

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

Kiʻi 2.

Pono ka hoʻokō ʻana i ke kākoʻo ʻana i nā mana he nui i kekahi mau ʻanuʻu:
1. Hoʻokumu ka mea hana a i ʻole ka mea nona ka bitstream static i hoʻokahi a ʻoi aʻe paha mau kī kumu hōʻoia e like me ka mea i wehewehe ʻia ma ka Creating Authentication Key Pairs in SoftHSM ma ka ʻaoʻao 8, kahi i loaʻa ai ka waiwai o ke koho –key_type.
2. Hoʻokumu ka mea nona ka bitstream hoʻonohonoho hou i kahi kī kumu hōʻoia akā hoʻololi i ka waiwai koho –key_type i secondary_owner.
3. E hō'oia ana nā mea ho'olālā ho'onohonoho ho'onohonoho ho'onohonoho 'ana i ka pahu pahu kāko'o Enable Multi-Authority i ka 'Oihana Mea Hana a me nā koho Pin Options Security tab.
Hoʻohana ʻo Intel Quartus Prime i nā koho koho mana

4. Hoʻokumu nā mea hoʻolālā hoʻolālā static a me nā mea hoʻolālā hoʻonohonoho hou i nā kaulahao ma muli o kā lākou mau kī kumu e like me ka wehewehe ʻana ma ka Creating a Signature Chain ma ka ʻaoʻao 6.
5. Hoʻololi nā mea hoʻolālā hoʻonohonoho hoʻonohonoho ʻokoʻa a me nā mea hoʻolālā hoʻonohonoho ʻāpana i kā lākou mau hoʻolālā i hui ʻia i ka format .rbf files a kau inoa i ka .rbf files.
6. Na ka mea hana a i ʻole ka mea nona ka bitstream static e hana a hoʻopaʻa inoa i kahi palapala hoʻopaʻa palapala hoʻopaʻa palapala hoʻopaʻa polokalamu kī lehulehu PR.
quartus_pfg –ccert o ccert_type=PR_PUBKEY_PROG_AUTH o owner_qky_file=”root0.qky;root1.qky” unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=s10-token –user_pin=s10-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 14

Hoʻouna Manaʻo

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

7. Hoʻolako ka mea hana a i ʻole ka mea nona ka bitstream static i kā lākou hōʻoia kumu kumu hashes i ka hāmeʻa, a laila hoʻolalelale i ka palapala hoʻopaʻa palapala hoʻopono polokalamu kī lehulehu PR, a ma hope e hāʻawi i ke kī aʻa o ka mea nona ka bitstream reconfiguration i ka mea. Hōʻike ka ʻāpana Hoʻolako Mea Hana i kēia kaʻina hana hoʻolako.
8. Ua ho'onohonoho 'ia ka mea hana Intel Agilex 7 me ka 'āina static .rbf file.
9. Hoʻonohonoho hou ʻia ka mea hana Intel Agilex 7 me ka hoʻolālā persona .rbf file.
ʻIke pili
· Ke hana ʻana i kahi kaulahao inoa ma ka ʻaoʻao 6
· Ke hana ʻana i nā hui kī hōʻoia ma SoftHSM ma ka ʻaoʻao 8
· Hoʻolako Mea Hana ma ka ʻaoʻao 25

2.2.5. Ke hōʻoia nei i ka hoʻonohonoho ʻana i nā kaulahao inoa Bitstream
Ma hope o kou hana ʻana i nā kaulahao pūlima a me nā bitstreams pūlima, hiki iā ʻoe ke hōʻoia i ka hoʻonohonoho pono ʻana o kahi bitstream i kau inoa ʻia i kahi mea i hoʻolālā ʻia me kahi kī kumu i hāʻawi ʻia. Hoʻohana mua ʻoe i ka hana fuse_info o ke kauoha quartus_sign e paʻi i ka hash o ke kī lehulehu kumu i kahi kikokikona file:
quartus_sign –family=agilex –operation=fuse_info root0.qky hash_fuse.txt

A laila, hoʻohana ʻoe i ke koho check_integrity o ke kauoha quartus_pfg e nānā i ke kaulahao pūlima ma kēlā me kēia ʻāpana o kahi bitstream i pūlima ʻia ma ke ʻano .rbf. ʻO ke koho check_integrity e paʻi i kēia ʻike:
· Ke kūlana o ka nānā pono ʻana i ka bitstream holoʻokoʻa
· Nā mea i loko o kēlā me kēia komo i loko o kēlā me kēia kaulahao pūlima i hoʻopili ʻia i kēlā me kēia ʻāpana i ka bitstream .rbf file,
· Ka waiwai fuse i manaʻo ʻia no ka hash o ke kī lehulehu no kēlā me kēia kaulahao pūlima.
Pono ka waiwai mai ka puka fuse_info me nā laina Fuse i ka puka helu check_integrity.
quartus_pfg –check_integrity signed_bitstream.rbf

Eia kekahi example o ka hua kauoha check_integrity:

ʻIke: Kauoha: quartus_pfg –check_integrity signed_bitstream.rbf Kūlana pono: OK

Māhele

ʻAno: CMF

Kakaulima wehewehe…

Laina pūlima #0 (komo: -1, offset: 96)

Komo #0

Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79

72978B22 0731B082 6F596899 40F32048 AD766A24

E hana i ke kī…

Pipi: secp384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

E hana i ke kī…

Pipi: secp384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 15

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Komo #1

E hana i ke kī…

Pipi: secp384r1

: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B

C120C7E7A744C357346B424D52100A9

: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5

08A80F3FE7F156DEF0AE5FD95BDFE05

ʻAe komo #2 Keychain: SIGN_CODE Keychain hiki ke kāpae ʻia e ka ID: 3 Signature chain #1 (komu: -1, offset: 648)

Komo #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Komo #1

E hana i ke kī…

Pipi: secp384r1

: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D

74D982BC20A4772ABCD0A1848E9DC96

: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D

0DA7C6B53D83CF8A775A8340BD5A5DB

Komo #2

E hana i ke kī…

Pipi: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

ʻAe komo #3 Keychain ʻae: SIGN_CODE Keychain hiki ke kāpae ʻia e ka ID: 15 Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Signature chain #4 (entry: -1, offset: 0) Kaulima pūlima #5 (komo: -1, offset: 0) Kaulima pūlima #6 (komo: -1, offset: 0) Kaulima pūlima #7 (komo: -1, offset: 0)

ʻAno ʻĀpana: IO Signature Descriptor … Laina pūlima #0 (komo: -1, offset: 96)

Komo #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 16

Hoʻouna Manaʻo

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Komo #1

E hana i ke kī…

Pipi: secp384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Komo #2

E hana i ke kī…

Pipi: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

ʻAe komo #3 Keychain ʻae: SIGN_CORE Keychain hiki ke kāpae ʻia e ka ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Kaulima pūlima #4 (komo: -1, offset: 0) Kaulima pūlima #5 (komo: -1, offset: 0) Kaulima pūlima #6 (komo: -1, offset: 0) Kaulima kaulahao #7 (komo: -1, offset: 0)

Māhele

ʻAno: HPS

Kakaulima wehewehe…

Laina pūlima #0 (komo: -1, offset: 96)

Komo #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Komo #1

E hana i ke kī…

Pipi: secp384r1

: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30

09CE3F486200940E81D02E2F385D150

: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E

5AC33EE6D388B1A895AC07B86155E9D

Komo #2

E hana i ke kī…

Pipi: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 17

2. Ka Hooiaio a me ka Mana 683823 | 2023.05.23

Ka ʻae komo #3 Keychain: SIGN_HPS Keychain hiki ke kāpae ʻia e ka ID: 15 Signature chain #1 (entries: -1, offset: 0) Signature chain #2 (entries: -1, offset: 0) Signature chain #3 (entries: -1, offset: 0) Laina pūlima #4 (nā komo: -1, offset: 0) kaulahao pūlima #5 (komo: -1, offset: 0) kaulahao pūlima #6 (komo: -1, offset: 0) Pūlima kaulahao #7 (komo: -1, offset: 0)

ʻAno ʻĀpana: CORE Signature Descriptor … Laina pūlima #0 (komo: -1, offset: 96)

Komo #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

E hana i ke kī…

Pipi: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Komo #1

E hana i ke kī…

Pipi: secp384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Komo #2

E hana i ke kī…

Pipi: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 18

Hoʻouna Manaʻo

683823 | 2023.05.23 Hoʻouna Manaʻo

AES Bitstream Encryption

ʻO ka Advanced Encryption Standard (AES) bitstream encryption he hiʻohiʻona e hiki ai i ka mea nona ka polokalamu ke pale i ka hūnā o ka waiwai naʻauao ma kahi bitstream hoʻonohonoho.
No ke kōkua ʻana i ka pale ʻana i ka hūnā o nā kī, hoʻohana ka hoʻopili ʻana i ka bitstream encryption i kahi kaulahao o nā kī AES. Hoʻohana ʻia kēia mau kī no ka hoʻopili ʻana i ka ʻikepili nona i ka bitstream hoʻonohonoho, kahi i hoʻopili ʻia ai ke kī waena mua me ke kī kumu AES.

3.1. E hana ana i ka AES Root Key

Hiki iā ʻoe ke hoʻohana i ka mea hana quartus_encrypt a i ʻole stratix10_encrypt.py hoʻokō kuhikuhi no ka hana ʻana i kahi kī kumu AES ma ke ʻano kī hoʻopuna polokalamu Intel Quartus Prime (.qek). file.

Nānā:

ʻO ka stratix10_encrypt.py file hoʻohana ʻia no nā polokalamu Intel Stratix® 10, a me Intel Agilex 7.

Hiki iā ʻoe ke koho i ke kī kumu i hoʻohana ʻia no ka loaʻa ʻana o ke kī kumu AES a me ke kī kumu kumu, ka waiwai no ke kī kumu AES pololei, ka helu o nā kī waena, a me ka hoʻohana nui ʻana i kēlā me kēia kī waena.

Pono ʻoe e kuhikuhi i ka ʻohana hāmeʻa, .qek file wahi, a me ka ʻōlelo huna ke koi ʻia.
E holo i kēia kauoha e hoʻopuka i ke kī kumu AES me ka hoʻohana ʻana i ka ʻikepili maʻamau no ke kī kumu a me nā waiwai paʻamau no ka helu o nā kī waena a me ka hoʻohana nui ʻana i ke kī.
No ka hoʻohana ʻana i ka hoʻokō kuhikuhi, hoʻololi ʻoe i kahi kelepona i ka unuhi unuhi Python me ka polokalamu Intel Quartus Prime a haʻalele i ka koho –family=agilex; ua like nā koho ʻē aʻe a pau. No example, ke kauoha quartus_encrypt i loaʻa ma hope ma ka ʻāpana

quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek

hiki ke hoʻololi ʻia i ke kelepona like i ka hoʻokō kuhikuhi e like me pgm_py stratix10_encrypt.py –operation=MAKE_AES_KEY aes_root.qek

3.2. Nā ʻōkuhi Quartus Encryption
I mea e hiki ai i ka bitstream encryption no ka hoʻolālā ʻana, pono ʻoe e kuhikuhi i nā koho kūpono me ka hoʻohana ʻana i ka Pūnaehana Pūnaewele Assignments a me nā koho Pin Options Security panel. Oe ke koho i ka Enable configuration bitstream encryption box, a me ka Encryption key storage place from the dropdown menu.

ISO 9001:2015 Kakau

Kiʻi 3. Intel Quartus Prime Encryption Settings

3. AES Bitstream Encryption 683823 | 2023.05.23

ʻO kahi ʻē aʻe, hiki iā ʻoe ke hoʻohui i kēia ʻōlelo kuhikuhi i kāu hoʻonohonoho Intel Quartus Prime file .qsf:
set_global_assignment -inoa ENCRYPT_PROGRAMMING_BITSTREAM ma set_global_assignment -inoa PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
Inā makemake ʻoe e ʻae i nā mitigations hou aʻe e kūʻē i nā vectors hoʻouka ʻaoʻao, hiki iā ʻoe ke hoʻololi i ka hoʻoheheʻe ʻana i ka Laki Hoʻohou Encryption a me Enable scrambling checkbox.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 20

Hoʻouna Manaʻo

3. AES Bitstream Encryption 683823 | 2023.05.23

ʻO nā hoʻololi e pili ana i ka .qsf:
set_global_assignment -inoa PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING ma set_global_assignment -inoa PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31

3.3. Hoʻopili i kahi Bitstream Configuration
Hoʻopili ʻoe i kahi bitstream hoʻonohonoho ma mua o ke kau inoa ʻana i ka bitstream. ʻO ka Intel Quartus Prime Programming File Hiki i ka mea hana hana ke hoʻopili a hoʻopaʻa inoa i kahi bitstream hoʻonohonoho me ka hoʻohana ʻana i ka mea hoʻohana kiʻi kiʻi a i ʻole ka laina kauoha.
Hiki iā ʻoe ke hana i kahi bitstream i hoʻopili ʻia no ka hoʻohana ʻana me nā mea hana quartus_encrypt a me quartus_sign a i ʻole nā mea like hoʻokō kuhikuhi.

3.3.1. Hoʻonohonoho Bitstream Encryption me ka hoʻohana ʻana i ka papahana File Mea Hana Kiʻi Kiʻi
Hiki iā ʻoe ke hoʻohana i ka Programming File Generator e hoʻopili a kau inoa i ka mea nona ke kiʻi.

Kiʻi 4.

1. Ma ka Intel Quartus Prime File koho Papahana File Mea hana hana. 2. Ma ka Output Files tab, e kuhikuhi i ka puka file ʻano no kāu hoʻonohonoho
papahana.
Hoʻopuka File Hōʻike

Huakaʻi papahana hoʻonohonoho file pā
Hoʻopuka file ʻano ʻano

3. Ma ka Input Files tab, kaomi Add Bitstream a nānā i kāu .sof. 4. No ka wehewehe ʻana i nā koho hoʻopunipuni a me ka hōʻoia ʻana e koho i ka .sof a kaomi
Waiwai. a. E ho'ā i ka mea hana pūlima. b. No kī pilikino file koho i kāu kī pūlima .pem file. c. E ho'ā i ka hoʻopili hoʻopili ʻana.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 21

3. AES Bitstream Encryption 683823 | 2023.05.23

Kiʻi 5.

d. No ke kī hoʻopunipuni file, koho i kāu AES .qek file. Hoʻokomo (.sof) File Nā waiwai no ka hōʻoia a me ka hoʻopili ʻana

E hoʻā i ka hōʻoia E wehewehe i ke kumu pilikino .pem
E hoʻā i ka hoʻopili ʻana E wehewehe i ke kī hoʻopili
5. No ka hana ʻana i ka bitstream i hoʻopaʻa ʻia a hoʻopili ʻia, ma ka Input Files tab, kaomi Hana. Hōʻike ʻia nā pahu kamaʻilio ʻōlelo huna e hoʻokomo i kāu ʻōlelo huna no kāu kī AES .qek file a kau inoa i ke kī pilikino .pem file. ʻO ka papahana file hana ʻo generator i ka hoʻopili ʻia a pūlima ʻiafile.rbf.
3.3.2. Hoʻonohonoho Bitstream Encryption me ka hoʻohana ʻana i ka papahana File Mea hoʻomohala kauoha Line Interface
E hana i kahi bitstream hoʻonohonoho i hoʻopili ʻia a pūlima ʻia ma ke ʻano .rbf me ka laina kauoha quartus_pfg:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o kau inoa=ON -o pem_file=design0_sign_private.pem
Hiki iā ʻoe ke hoʻololi i kahi bitstream hoʻonohonoho i hoʻopili ʻia a pūlima ʻia ma ke ʻano .rbf i kahi bitstream hoʻonohonoho ʻē aʻe file nā palapala.
3.3.3. Hoʻohana ʻia ʻo Bitstream Configuration Configuration me ka hoʻohana ʻana i ka Interface Line Command
Hiki iā ʻoe ke hana i kahi polokalamu i hoʻopili ʻia file e hoʻopau i ka hoʻopunipuni a kau inoa i ke kiʻi ma hope. E hana i ka polokalamu i hoʻopili ʻia file ma ka .rbf format me kaquartus_pfgcommand line interface: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 22

Hoʻouna Manaʻo

3. AES Bitstream Encryption 683823 | 2023.05.23
Hoʻohana ʻoe i ka mea hana laina kauoha quartus_encrypt e hoʻopau i ka hoʻopili bitstream:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
Hoʻohana ʻoe i ka mea hana laina kauoha quartus_sign e kau inoa i ka bitstream hoʻonohonoho hoʻopili ʻia:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf signed_encrypted_top.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf signed_encrypted_top.rbf
3.3.4. ʻO ka hoʻopili hou ʻana i ka Bitstream Encryption
Hiki iā ʻoe ke hoʻololi i ka bitstream encryption ma kekahi mau hoʻolālā Intel Agilex 7 FPGA e hoʻohana ana i ka hoʻonohonoho hou ʻana.
ʻAʻole kākoʻo nā hoʻolālā hoʻonohonoho ʻāpana me ka hoʻohana ʻana i ka Hierarchical Partial Reconfiguration (HPR), a i ʻole Static Update Partial Reconfiguration (SUPR) i ka encryption bitstream. Inā loaʻa i kāu hoʻolālā nā wahi PR he nui, pono ʻoe e hoʻopili i nā personas āpau.
I mea e hiki ai i ka hoʻopili ʻana i ka bitstream encryption hapa, e hahai i ke kaʻina hana like i nā hoʻoponopono hoʻolālā āpau. 1. Ma ka Intel Quartus Prime File papa kuhikuhi, koho i nā mea hana hana
a me nā koho Pin Palekana. 2. E koho i ka wahi waihona kī hoʻopunipuni i makemake ʻia.
Kiʻi 6. ʻO ka hoʻonohonoho hoʻonohonoho hoʻololi ʻana i ka Bitstream Encryption Setting

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 23

3. AES Bitstream Encryption 683823 | 2023.05.23
ʻO kahi ʻē aʻe, hiki iā ʻoe ke hoʻohui i ka ʻōlelo aʻoaʻo aʻe ma nā hoʻonohonoho Quartus Prime file .qsf:
set_global_assignment -inoa –ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION ma
Ma hope o kou hōʻuluʻulu ʻana i kāu hoʻolālā kumu a me nā hoʻoponopono, hana ka polokalamu i kahi a.soffile a hoʻokahi a ʻoi aku paha.pmsffiles, e hōʻike ana i nā personas. 3. E hana i nā polokalamu i hoʻopili ʻia a pūlima ʻia files from.sof and.pmsf files ma ke ʻano like me nā hoʻolālā ʻaʻole hiki ke hoʻonohonoho hou ʻia. 4. E hoohuli i ka persona.pmsf i houluuluia file i kahi hapa i hoʻopili ʻia.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. E hoʻopau i ka hoʻopunipuni bitstream me ka quartus_encrypt mea hana laina kauoha:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. E hōʻailona i ka bitstream hoʻonohonoho hoʻopili ʻia me ka mea hana laina kauoha quartus_sign:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbf signed_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –qky= design0_sign_chain.qky –cancel=svnA:0 –keyname=design0_sign encrypted_persona1.rbf signed_encrypted_persona1.rbf

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 24

Hoʻouna Manaʻo

683823 | 2023.05.23 Hoʻouna Manaʻo

Hoʻolako Mea Hana

Kākoʻo ʻia ka hāʻawi ʻana i nā hiʻohiʻona palekana mua ma ka firmware hoʻolako SDM. E hoʻohana i ka Intel Quartus Prime Programmer e hoʻouka i ka firmware hoʻolako SDM a hana i nā hana hoʻolako.
Hiki iā ʻoe ke hoʻohana i kekahi ʻano o JTAG hoʻoiho i ke kelepona e hoʻopili ai i ka Quartus Programmer i kahi polokalamu Intel Agilex 7 e hana i nā hana hoʻolako.
4.1. Ke hoʻohana nei i ka SDM Provision Firmware
Na ka Intel Quartus Prime Programmer e hana a hoʻouka i kahi kiʻi kōkua paʻamau o ka hale hana ke koho ʻoe i ka hana hoʻomaka a me kahi kauoha e hoʻolālā i kahi mea ʻē aʻe ma waho o kahi bitstream hoʻonohonoho.
Ma muli o ke kauoha papahana i kuhikuhi ʻia, ʻo ke kiʻi kōkua paʻamau o ka hale hana kekahi o nā ʻano ʻelua:
· Hoʻolako kiʻi kōkua—ʻo ia kekahi ʻāpana bitstream i loaʻa ka firmware hoʻolako SDM.
· Kiʻi kōkua QSPI–he ʻelua ʻāpana bitstream, hoʻokahi i loaʻa ka SDM nui firmware a me hoʻokahi ʻāpana I/O.
Hiki iā ʻoe ke hana i kiʻi kōkua paʻamau o ka hale hana file e hoʻouka i kāu hāmeʻa ma mua o ka hana ʻana i kekahi kauoha papahana. Ma hope o ka hoʻonohonoho ʻana i kahi hash kumu kumu hōʻoia, pono ʻoe e hana a kau inoa i kahi kiʻi kōkua paʻamau o ka hale hana QSPI ma muli o ka ʻāpana I/O i hoʻokomo ʻia. Inā hoʻopololei ʻoe i ka hoʻonohonoho palekana firmware pūlima eFuse, pono ʻoe e hana i ka hoʻolako ʻana a me nā kiʻi kōkua paʻamau QSPI hale hana me ka firmware pūlima pūlima. Hiki iā ʻoe ke hoʻohana i ke kiʻi kōkua paʻamau o ka hale hana i hoʻopaʻa inoa ʻia ma kahi hāmeʻa ʻaʻole i hoʻolako ʻia no ka mea ʻaʻole e nānā ka mea i hoʻolako ʻole ʻia i nā kaulahao pūlima ʻole Intel ma luna o ka firmware SDM. E nānā i ka hoʻohana ʻana i ke kiʻi kōkua paʻamau o ka hale hana QSPI ma nā polokalamu nona ma ka ʻaoʻao 26 no nā kikoʻī hou aku e pili ana i ka hana ʻana, kau inoa ʻana, a me ka hoʻohana ʻana i ke kiʻi kōkua paʻamau o ka hale hana QSPI.
Hana ke kiʻi kōkua paʻamau o ka hale hana hoʻolako i kahi hana hoʻolako, e like me ka hoʻonohonoho ʻana i ka hash root key hōʻoia, fuses hoʻonohonoho palekana, kau inoa PUF, a i ʻole ka hāʻawi ʻana i nā kī ʻeleʻele. Hoʻohana ʻoe i ka Intel Quartus Prime Programming File Mea hana laina kauoha Generator no ka hana ʻana i ke kiʻi kōkua hoʻolako, e kuhikuhi ana i ke koho helper_image, kou inoa helper_device, ke ʻano subtype kiʻi kōkua kōkua, a me ke koho ʻana i kahi firmware .zip pūlima. file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o fw_source=signed_agilex.zip signed_provision_helper_image.rbf
E hoʻolālā i ke kiʻi kōkua me ka hoʻohana ʻana i ka mea hana Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o “p;signed_provision_helper_image.rbf” –ikaika

ISO 9001:2015 Kakau

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Nānā:

Hiki iā ʻoe ke haʻalele i ka hana hoʻomaka mai nā kauoha, me ka exampNā mea i hāʻawi ʻia ma kēia mokuna, ma hope o ka hoʻonohonoho ʻana i kahi kiʻi kōkua hoʻolako a i ʻole ka hoʻohana ʻana i kahi kauoha i loaʻa ka hana hoʻomaka.

4.2. Ke hoʻohana nei ʻo QSPI Factory Default Helper Image ma nā lako ponoʻī
Na ka Intel Quartus Prime Programmer e hana a hoʻouka i kahi kiʻi kōkua paʻamau o ka hale hana QSPI ke koho ʻoe i ka hana hoʻomaka no kahi polokalamu uila uila QSPI. file. Ma hope o ka hoʻonohonoho ʻana i ka hash kī kumu hōʻoia, pono ʻoe e hana a kau inoa i ke kiʻi kōkua paʻamau o ka hale hana QSPI, a e hoʻopololei i ke kiʻi kōkua hale hana QSPI i pūlima ʻia ma mua o ka hoʻonohonoho ʻana i ka flash QSPI. 1. Hoʻohana ʻoe i ka Intel Quartus Prime Programming File Mea hana laina kauoha generator i
e hana i ke kiʻi kōkua QSPI, e wehewehe ana i ke koho helper_image, kou ʻano mea kōkua, ke ʻano kiʻi kōkua QSPI, a me ka koho ʻana i kahi firmware cosigned .zip file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. Kau inoa ʻoe i ke kiʻi kōkua paʻamau o ka hale hana QSPI:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf signed_qspi_helper_image.rbf
3. Hiki iā ʻoe ke hoʻohana i kekahi polokalamu uila uila QSPI file hōʻano. ʻO ka exampE hoʻohana i kahi bitstream hoʻonohonoho i hoʻololi ʻia i ka .jic file ʻano:
quartus_pfg -c signed_bitstream.rbf signed_flash.jic -o device=MT25QU128 -o flash_loader=AGFB014R24A -o mode=ASX4
4. Hoʻolālā ʻoe i ke kiʻi kōkua pūlima me ka mea paahana Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o “p;signed_qspi_helper_image.rbf” –ikaika
5. Hoʻopololei ʻoe i ke kiʻi .jic e uila me ka mea hana Intel Quartus Prime Programmer.
quartus_pgm -c 1 -mjtag -o “p;signed_flash.jic”

4.3. Authentication Root Key Provisioning
No ka hoʻolālā ʻana i ka hashes o ke kī kumu i nā fuses kino, pono ʻoe e hoʻouka i ka firmware provision, a laila e hoʻopololei i ka hashes kumu kumu, a laila e hana koke i kahi hoʻonohonoho mana. ʻAʻole koi ʻia ka hoʻihoʻi ʻana i ka mana inā pili ke kī kumu hoʻonohonoho i nā fuses virtual.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 26

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23
No ka papahana authentication root key hashes, hoʻolālā ʻoe i ke kiʻi kōkua firmware hoʻolako a holo i kekahi o kēia mau kauoha e hoʻolālā i ke kī kumu .qky files.
// No ke kino (non-volatile) eFuses quartus_pgm -c 1 -mjtag -o “p;root0.qky;root1.qky;root2.qky” –non_volatile_key
// No ka virtual (volatile) eFuses quartus_pgm -c 1 -mjtag -o “p;root0.qky;root1.qky;root2.qky”
4.3.1. ʻO ka hoʻonohonoho hou ʻana i nā ʻāpana he nui-Authority Root Key Programming
Ma hope o ka hoʻolako ʻana i ka hāmeʻa a i ʻole ka ʻāina static bitstream nona nā kī aʻa, hoʻouka hou ʻoe i ke kiʻi kōkua hoʻolako hāmeʻa, e hoʻolālā i ka palapala hoʻopaʻa palapala hoʻopaʻa inoa PR persona bitstream mea nona ka palapala hōʻoia.
// No ke kino (non-volatile) eFuses quartus_pgm -c 1 -mjtag -o “p;root_pr.qky” –pr_pubkey –non_volatile_key
// No ka virtual (volatile) eFuses quartus_pgm -c 1 -mjtag -o “p;p;root_pr.qky” –pr_pubkey
4.4. Hoʻopalekana Key Hoʻopau ID Fuses
E hoʻomaka ana me Intel Quartus Prime Pro Edition software version 21.1, pono ka hoʻohana ʻana i kahi palapala hōʻoia paʻa i hoʻopaʻa inoa ʻia. Hiki iā ʻoe ke hoʻopaʻa inoa i ka palapala hoʻopaʻa palapala ID hoʻopau kī me kahi kaulahao pūlima i loaʻa nā ʻae ʻae pūlima ʻāpana FPGA. Hana ʻoe i ka palapala hōʻoia me ka hoʻolālā file mea hana laina kauoha generator. Kau inoa ʻoe i ka palapala hōʻoia ʻole me ka hoʻohana ʻana i ka mea hana quartus_sign a i ʻole ka hoʻokō kuhikuhi.
Kākoʻo nā polokalamu Intel Agilex 7 i nā panakō kaʻawale o nā ID hoʻopau kī kī no kēlā me kēia kī kumu. Ke hoʻolālā ʻia ka palapala hōʻoia ID hoʻopau kiʻi paʻa i loko o kahi Intel Agilex 7 FPGA, hoʻoholo ka SDM i ke kī kumu i pūlima i ka palapala paʻi a puhi i ke kī hoʻopau ID fuse e pili ana i kēlā kī kumu.
ʻO ka exampe hana i kahi palapala hoʻopau kī Intel no Intel key ID 7. Hiki iā ʻoe ke pani i ka 7 me ka ID hoʻopau kī Intel pili mai 0-31.
E holo i kēia kauoha no ka hana ʻana i kahi palapala hōʻoia koʻikoʻi Intel key cancellation ID compact:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 unsigned_cancel_intel7.ccert
E holo i kekahi o kēia mau kauoha e hoʻopaʻa inoa i ka palapala hōʻoia paʻa ʻole Intel key cancellation ID compact:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 27

4. Hoʻolako Mea Hana 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
E holo i kēia kauoha no ka hana ʻana i kahi palapala hoʻopaʻa palapala hoʻopaʻa inoa hoʻopaʻa inoa ʻole.
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 unsigned_cancel_owner2.ccert
E holo i kekahi o kēia mau kauoha e hoʻopaʻa inoa i ka palapala hōʻoia paʻa ID hoʻopaʻa inoa ʻole.
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
Ma hope o kou hana ʻana i kahi palapala hoʻopaʻa inoa hoʻopaʻa kī i hoʻopaʻa ʻia, hoʻohana ʻoe i ka Intel Quartus Prime Programmer e hoʻolālā i ka palapala paʻa i ka hāmeʻa ma o JTAG.
//No ke kino (non-volatile) eFuses quartus_pgm -c 1 -mjtag -o “pi; kakauinoa_cancel_intel7.ccert” –non_volatile_key quartus_pgm -c 1 -mjtag -o “pi; pūlima_cancel_owner2.ccert” –non_volatile_key
//No ka virtual (volatile) eFuses quartus_pgm -c 1 -mjtag -o “pi; kakauinoa_cancel_intel7.ccert” quartus_pgm -c 1 -mjtag -o “pi; signed_cancel_owner2.ccert”
Hiki iā ʻoe ke hoʻouna i ka palapala hōʻoia paʻa i ka SDM me ka hoʻohana ʻana i ka FPGA a i ʻole HPS pahu leka uila.
4.5. Hoʻopau i nā kī aʻa
Hiki i nā polokalamu Intel Agilex 7 ke hoʻopau i nā hashes kī kumu i ka wā e loaʻa mai ai kekahi hash kī kī ʻole i hoʻopau ʻia. Hoʻopau ʻoe i kahi hash kī kumu ma ka hoʻonohonoho mua ʻana i ka hāmeʻa me kahi hoʻolālā nona ke kaulahao pūlima i hoʻopaʻa ʻia i kahi hash kī kumu ʻē aʻe, a laila e hoʻolālā i kahi palapala hōʻoia hoʻopaʻa hash cancellation compact root key. Pono ʻoe e kau inoa i ka palapala hōʻoia hōʻoia hoʻopau ʻana i ke kumu kumu me kahi kaulahao pūlima i hū ʻia ma ke kī kumu e kāpae ʻia.
E holo i ke kauoha aʻe e hoʻopuka i kahi palapala hōʻoia hoʻopau ʻana i ke kī kī kī ʻole:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 28

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23

E holo i kekahi o kēia mau kauoha e kau inoa i ka palapala hōʻoia hōʻoia hoʻopau ʻana i ke kī kī kī ʻole:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
Hiki iā ʻoe ke hoʻolālā i kahi palapala hōʻoia hoʻopau ʻana i ka hash kumu kumu ma o JTAG, FPGA, a i ʻole nā pahu leta HPS.

4.6. Nā Fuse Counter Fuses
Hoʻohou ʻoe i ka helu helu palekana (SVN) a me ka Pseudo Time Stamp (PTS) counter fuses me ka hoʻohana ʻana i nā palapala hōʻoia i hoʻopaʻa ʻia.

Nānā:

Mālama ka SDM i ka helu helu helu haʻahaʻa i ʻike ʻia i ka wā o kahi hoʻonohonoho i hāʻawi ʻia a ʻaʻole ʻae i nā palapala hōʻoia counter increment inā ʻoi aku ka liʻiliʻi o ke kumu kūʻai ma mua o ka waiwai liʻiliʻi. Pono ʻoe e hōʻano hou i nā mea āpau i hāʻawi ʻia i kahi counter a hoʻonohonoho hou i ka hāmeʻa ma mua o ka hoʻonohonoho ʻana i kahi palapala hōʻoia hoʻonui counter increment.

E holo i kekahi o kēia mau kauoha e pili ana i ka palapala hōʻoia counter increment āu e makemake ai e hana.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert

Hoʻokumu ke kumu kūʻai o 1 i palapala ʻae hoʻonui counter. Hiki iā ʻoe ke hoʻolālā i nā palapala hōʻoia counter increment ʻae ʻia e hoʻopololei i nā palapala hōʻoia counter increment no ka hoʻonui ʻana i kēlā me kēia counter. Hoʻohana ʻoe i ka mea hana quartus_sign e kau inoa i nā palapala hōʻoia counter compact ma ke ʻano like me nā palapala hoʻopaʻa paʻa ID hoʻopau kī.
Hiki iā ʻoe ke hoʻolālā i kahi palapala hōʻoia hoʻopau ʻana i ka hash kumu kumu ma o JTAG, FPGA, a i ʻole nā pahu leta HPS.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 29

4. Hoʻolako Mea Hana 683823 | 2023.05.23

4.7. Paʻa ʻIkepili Mea lawelawe ʻo Root Key Provisioning
Hoʻohana ʻoe i ka Intel Quartus Prime Programmer e hoʻolako i ke kī kumu Secure Data Object Service (SDOS). Hoʻouka koke ka Programmer i ke kiʻi kōkua firmware hoʻolako e hoʻolako i ke kī kumu SDOS.
quartus_pgm c 1 mjtag –service_root_key –non_volatile_key

4.8. Hoʻonohonoho Palekana Fuse Provisioning
E hoʻohana i ka Intel Quartus Prime Programmer e nānā i nā fuse hoʻonohonoho palekana a kākau iā lākou i kahi .fuse pili kikokikona. file penei:
quartus_pgm -c 1 -mjtag -o “ei;programming_file.fuse;AGFB014R24B”

Nā Koho · i: Hoʻouka ka Programmer i ke kiʻi kōkua firmware hoʻolako i ka hāmeʻa. · e: Heluhelu ka Programmer i ka fuse mai ka mea hana a mālama i loko o kahi .fuse file.

ʻO ka .fuse file loaʻa i kahi papa inoa o nā hui waiwai fuse. Hōʻike ka waiwai inā ua puhi ʻia kahi fuse a i ʻole nā mea i loko o ke kahua fuse.

ʻO ka example hoike i ke ano o ka .fuse file:

# Pūlima pūlima pūlima

= "ʻAʻole i puhi ʻia"

# Pepehi ʻae ʻae

= "ʻAʻole i puhi ʻia"

# ʻAʻole paʻa ka hāmeʻa

= "ʻAʻole i puhi ʻia"

# Hoʻopau i ka debug HPS

= "ʻAʻole i puhi ʻia"

# Hoʻopau i ka hoʻopaʻa inoa PUF ID Intrinsic

= "ʻAʻole i puhi ʻia"

# Hoʻopau iā JTAG

= "ʻAʻole i puhi ʻia"

# Hoʻopau i ke kī hoʻopunipuni PUF-wrapped

= "ʻAʻole i puhi ʻia"

# Hoʻopau i ke kī hoʻopunipuni nona ma BBRAM = "ʻAʻole i puhi ʻia"

# Hoʻopau i ke kī hoʻopunipuni nona ma eFuses = "ʻAʻole i puhi ʻia"

# Hoʻopaʻa i ka hash kī kī lehulehu 0

= "ʻAʻole i puhi ʻia"

# Hoʻopaʻa i ka hash kī kī lehulehu 1

= "ʻAʻole i puhi ʻia"

# Hoʻopaʻa i ka hash kī kī lehulehu 2

= "ʻAʻole i puhi ʻia"

# Hoʻopau i nā eFuses virtual

= "ʻAʻole i puhi ʻia"

# Hoʻoikaika i ka uaki SDM i ka oscillator kūloko = "ʻAʻole i puhi ʻia"

# Hoʻopau kī hoʻopāpā ikaika

= "ʻAʻole i puhi ʻia"

# Hoʻopau kī kikoʻī Intel

= “0”

# Laka palekana eFuses

= "ʻAʻole i puhi ʻia"

# Ua hana ʻia ka papahana kī hoʻopunipuni nona

= "ʻAʻole i puhi ʻia"

# Hoʻomaka ka polokalamu kī hoʻopunipuni nona

= "ʻAʻole i puhi ʻia"

# Hoʻopau kī kikoʻī o ka mea nona 0

= “”

# Hoʻopau kī kikoʻī o ka mea nona 1

= “”

# Hoʻopau kī kikoʻī o ka mea nona 2

= “”

# Hoʻopili ka mea nona

“0x00000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000

0000000000000000000000”

# ʻO ka mea nona ke kumu kī kī ākea 0

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# ʻO ka mea nona ke kumu kī kī ākea 1

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# ʻO ka mea nona ke kumu kī kī ākea 2

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Ka nui kī lehulehu o ka mea nona ke kumu

= "ʻAʻole"

# PTS counter

= “0”

# PTS counter base

= “0”

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 30

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23

# QSPI hoʻomaka hoʻopaneʻe # RMA helu # SDMIO0 he I2C # SVN counter A # SVN counter B # SVN counter C # SVN counter D

= "10ms" = "0" = "ʻAʻole puhi" = "0" = "0" = "0" = "0"

Hoʻololi i ka .fuse file e hoʻonohonoho i nā fuse hoʻonohonoho palekana i makemake ʻia. Hana ʻia kahi laina e hoʻomaka me # ma ke ʻano he laina manaʻo. No ka hoʻolālā ʻana i kahi fuse hoʻonohonoho palekana, wehe i ke alakaʻi # a hoʻonoho i ka waiwai iā Blown. No exampe, e hiki ai i ka Co-signed Firmware security setting fuse, hoʻololi i ka laina mua o ka fuse file i kēia mau mea:
ʻO ka firmware i hoʻopaʻa inoa pū ʻia = "Blown"

Hiki iā ʻoe ke hoʻokaʻawale a hoʻolālā i ka Owner Fuses e pili ana i kāu mau koi.
Hiki iā ʻoe ke hoʻohana i kēia kauoha e hana i kahi mākaʻikaʻi, papahana, a hōʻoia i ka mea nona ke kī lehulehu.
quartus_pgm -c 1 -mjtag -o “ibpv;root0.qky”

Nā koho · i: Hoʻouka i ke kiʻi kōkua firmware hoʻolako i ka hāmeʻa. · b: Hana i kahi māka hakahaka e hōʻoia i nā fuse hoʻonohonoho palekana i makemake ʻia ʻaʻole
ua puhi ʻia. · p: Hoʻopololei i ka fuse. · v: Hōʻoia i ke kī i hoʻolālā ʻia ma ka hāmeʻa.
Ma hope o ka hoʻolālā ʻana i ka .qky file, hiki iā ʻoe ke nānā i ka ʻike fuse ma ka nānā hou ʻana i ka ʻike fuse e hōʻoia i ka loaʻa ʻole ʻana o nā kumu waiwai ʻole ka mea nona ka hash kī lehulehu a me ka mea nona ka nui kī lehulehu.
ʻOiai ʻaʻole hiki ke kākau ʻia nā kahua ma lalo o ka .fuse file ʻO ke ʻano, ua hoʻokomo ʻia lākou i ka wā o ka hoʻokō ʻana i ka hana no ka hōʻoia ʻana: · ʻAʻole paʻa ka hāmeʻa · Pepehi i ka ʻae ʻana o ka mea hana · Hoʻopau i ka hash kī kī ākea 0 · Hoʻopau i ka hash kī ākea 1 · Hoʻopau i ka hash kī lehulehu 2 · Hoʻopau kī Intel · Hoʻomaka ka polokalamu kī hoʻopuna ʻana o ka mea nāna · Hana ʻia ka polokalamu kī hoʻopuna a ka mea nona · Hoʻopau ʻia ke kī o ka mea nāna · Hash kī lehulehu nona ka nui · Ka nui kī lehulehu o ka mea nona ka aʻa.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 31

4. Hoʻolako Mea Hana 683823 | 2023.05.23
· pākuʻi PTS · kumu kūʻai PTS · hoʻopaneʻe hoʻomaka QSPI · helu RMA · helu SDMIO0 ʻo I2C · pākuʻi SVN A · pākuʻi SVN B · pākuʻi SVN C · pākuʻi SVN D
E hoʻohana i ka Intel Quartus Prime Programmer e hoʻolālā i ka .fuse file hoʻi i ka mea hana. Inā hoʻohui ʻoe i ke koho i, hoʻouka koke ka Programmer i ka firmware hoʻolako e hoʻolālā i nā fuse hoʻonohonoho palekana.
//No ke kino (non-volatile) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fuse” –non_volatile_key
//No ka virtual (volatile) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fuse”
Hiki iā ʻoe ke hoʻohana i kēia kauoha e hōʻoia inā like ka hash root key me ka .qky i hāʻawi ʻia ma ke kauoha:
quartus_pgm -c 1 -mjtag -o “v;root0_another.qky”
Inā like ʻole nā kī, hāʻule ka Programmer me kahi memo hewa ʻole Operation.
4.9. AES Root Key Hoʻolako
Pono ʻoe e hoʻohana i kahi palapala hoʻopaʻa kumu kumu kumu AES i hoʻopaʻa inoa ʻia e hoʻolālā i kahi kī kumu AES i kahi mea hana Intel Agilex 7.
4.9.1. AES Root Key Compact Certificate
Hoʻohana ʻoe i ka mea hana laina kauoha quartus_pfg e hoʻololi i kāu kī kumu AES .qek file i loko o ka palapala hōʻoia .ccert format. Hoʻokaʻawale ʻoe i ka wahi mālama kī i ka wā e hana ana i ka palapala paʻa. Hiki iā ʻoe ke hoʻohana i ka mea hana quartus_pfg e hana i kahi palapala hōʻoia ʻole no ke kau inoa ʻana ma hope. Pono ʻoe e hoʻohana i ke kaulahao pūlima me ka palapala ʻae kumu kumu AES e kau inoa ai, ʻae ʻae 6, i hiki ke hoʻopaʻa inoa i kahi palapala hōʻoia paʻa kī kumu AES.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 32

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23
1. E hana i kekahi kī hou i ho'ohana 'ia no ka ho'opa'a inoa 'ana i ka palapala ho'opa'a kī AES me ka ho'ohana 'ana i kekahi o kēia kauoha examples:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 aesccert1_private.pem
quartus_sign –family=agilex –operation=make_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-mea hana –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen mechanism ECDSA-KEY-PAIR-GEN –key-type EC: secp384r1 –hoʻohana-hōʻailona –label aesccert1 –id 2
2. E hana i kaulahao pūlima me ka ʻae pololei i hoʻonohonoho ʻia me kekahi o kēia mau kauoha:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –ʻae=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccert1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM -module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –previous_keyname= root0 –previous_qky=root0.qky –ʻae=0x40 –cancel=1 –input_keyname=aesccert1 aesccert1_sign_chain.qky
3. E hana i palapala hōʻoia ʻole AES compact no ka wahi waihona kī kumu AES i makemake ʻia. Loaʻa nā koho mālama kī kumu AES ma lalo nei:
· EFUSE_WRAPPED_AES_KEY
· IID_PUF_WRAPPED_AES_KEY
· UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
· BBRAM_IID_PUF_WRAPPED_AES_KEY
· BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
//E hana i ke kī kumu eFuse AES i kau inoa ʻole ʻia quartus_pfg –ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.ccert
4. E kau inoa i ka palapala hōʻoia me ke kauoha quartus_sign a i ʻole ka hoʻokō kuhikuhi.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_sign_chain.qky unsigned_ 1.cccert pūlima_ 1.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 33

4. Hoʻolako Mea Hana 683823 | 2023.05.23

–keyname=aesccert1 –qky=aesccert1_sign_chain.qky unsigned_ 1.cccert pūlima_ 1.ccert
5. E hoʻohana i ka Intel Quartus Prime Programmer no ka hoʻolālā ʻana i ka palapala hōʻoia koʻikoʻi kī kumu AES i ka polokalamu Intel Agilex 7 ma o JTAG. Hoʻopaʻa ʻole ka Intel Quartus Prime Programmer i ka hoʻolālā ʻana i nā eFuse virtual ke hoʻohana nei i ke ʻano palapala hōʻoia compact EFUSE_WRAPPED_AES_KEY.
Hoʻohui ʻoe i ke koho -non_volatile_key e kuhikuhi i ka hoʻonohonoho ʻana i nā fuses kino.
//No ke kino (non-volatile) eFuse AES kī kumu quartus_pgm -c 1 -mjtag -o “pi; signed_efuse1.ccert” –non_volatile_key

//No ke kī kumu eFuse AES quartus_pgm -c 1 -mjtag -o “pi; signed_efuse1.ccert”

//No BBRAM AES kī kumu quartus_pgm -c 1 -mjtag -o “pi; kakauinoa_bbram1.ccert”

Ke kākoʻo nei ka polokalamu paʻa paʻa paʻa SDM a me ka paʻa paʻa koʻikoʻi i ka papahana palapala hōʻoia kumu kumu AES. Hiki iā ʻoe ke hoʻohana i ka pahu leta SDM mai ka lole FPGA a i ʻole HPS e hoʻolālā i kahi palapala kī kumu AES.

Nānā:

ʻAʻole kākoʻo ke kauoha quartus_pgm i nā koho b a me v no nā palapala hōʻoia paʻa (.ccert).

4.9.2. Intrinsic ID® PUF AES Root Key Provisioning
ʻO ka hoʻokō ʻana i ka Intrinsic* ID PUF i kāʻei ʻia AES Key e loaʻa ana kēia mau ʻanuʻu: 1. Ke kau inoa ʻana i ka Intrinsic ID PUF ma o JTAG. 2. E kāʻei ana i ke kī kumu AES. 3. Hoʻopolokalamu i ka ʻikepili kōkua a kāʻei ʻia ke kī i loko o ka hoʻomanaʻo flash SPI quad. 4. Ke nīnau nei i ke kūlana ho'āla PUF ID Intrinsic.
Pono ka hoʻohana ʻana i ka ʻenehana Intrinsic ID i kahi ʻaelike laikini kaʻawale me Intrinsic ID. ʻO ka polokalamu Intel Quartus Prime Pro Edition kaohi i nā hana PUF me ka loaʻa ʻole o ka laikini kūpono, e like me ke kākau inoa ʻana, ka ʻōwili kī, a me ka hoʻolālā ʻikepili PUF i QSPI flash.

4.9.2.1. Hoʻokomo inoa PUF ID Intrinsic
No ke kākau inoa ʻana i ka PUF, pono ʻoe e hoʻohana i ka firmware hoʻolako SDM. ʻO ka firmware hoʻolako ʻo ia ka firmware mua i hoʻouka ʻia ma hope o ka pōʻaiapili mana, a pono ʻoe e hoʻopuka i ke kauoha kākau inoa PUF ma mua o kekahi kauoha ʻē aʻe. Kākoʻo ka firmware hoʻolako i nā kauoha ʻē aʻe ma hope o ka hoʻopaʻa inoa ʻana i ka PUF, me ka uhi ʻana i ke kī kumu AES a me ka hoʻonohonoho ʻana i ka quad SPI, akā naʻe, pono ʻoe e hoʻokele mana i ka hāmeʻa e hoʻouka i kahi bitstream hoʻonohonoho.
Hoʻohana ʻoe i ka Intel Quartus Prime Programmer no ka hoʻomaka ʻana i ka hoʻopaʻa inoa PUF a hoʻopuka i ka ʻikepili kōkua PUF .puf file.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 34

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Kiʻi 7.

Hoʻokomo inoa PUF ID Intrinsic
quartus_pgm PUF Kakau inoa

E kākau inoa i ka ʻikepili kōkua PUF

Luna Manaʻo Paʻa (SDM)

wrapper.puf Kokua Ikepili
Hoʻouka ʻokoʻa ka Programmer i kahi kiʻi kōkua firmware hāʻawi i ka wā e kuhikuhi ai ʻoe i ka hana i a me kahi hoʻopaʻapaʻa .puf.
quartus_pgm -c 1 -mjtag -o “ei;help_data.puf;AGFB014R24A”
Inā ʻoe e hoʻohana ana i ka firmware i kau inoa pū ʻia, e hoʻolālā ʻoe i ke kiʻi kōkua firmware co-signed ma mua o ka hoʻohana ʻana i ke kauoha kau inoa PUF.
quartus_pgm -c 1 -mjtag -o “p;kaulima_provision_helper_image.rbf” –force quartus_pgm -c 1 -mjtag -o “e;help_data.puf;AGFB014R24A”
Hoʻopaʻa inoa ʻia ka UDS IID PUF i ka wā o ka hana ʻana i nā hāmeʻa, a ʻaʻole i loaʻa no ke kau inoa hou ʻana. Akā, hoʻohana ʻoe i ka Programmer e hoʻoholo i kahi o ka ʻikepili kōkua UDS PUF ma IPCS, hoʻoiho i ka .puf file pololei, a laila hoʻohana i ka UDS .puf file ma ke ano like me ka .puf file lawe ʻia mai kahi polokalamu Intel Agilex 7.
E hoʻohana i kēia kauoha Programmer e hana i kahi kikokikona file he papa inoa o URLs e kuhikuhi ana i ka mea paahana files ma IPCS:
quartus_pgm -c 1 -mjtag -o “e;ipcs_urls.txt;AGFB014R24B” –ipcs_urls
4.9.2.2. ʻOkaʻi ʻana i ke kī kumu AES
Hoʻopuka ʻoe i ke kī kumu AES i kāʻei ʻia e IID PUF .wkey file ma ka hoʻouna ʻana i kahi palapala hōʻailona i ka SDM.
Hiki iā ʻoe ke hoʻohana i ka Intel Quartus Prime Programmer no ka hana ʻana, kau inoa, a hoʻouna i ka palapala hōʻoia e kāʻei i kāu kī kumu AES, a i ʻole ʻoe e hoʻohana i ka Intel Quartus Prime Programming. File Generator e hana i kahi palapala hōʻailona ʻole. Kau inoa ʻoe i ka palapala hōʻoia ʻole me ka hoʻohana ʻana i kāu mau mea hana ponoʻī a i ʻole ka mea hana hoʻopaʻa inoa Quartus. A laila hoʻohana ʻoe i ka Programmer e hoʻouna i ka palapala hōʻailona i hoʻopaʻa ʻia a kāʻei i kāu kī kumu AES. Hiki ke hoʻohana ʻia ka palapala hoʻopaʻa inoa e hoʻolālā i nā mea hana āpau e hiki ke hōʻoia i ke kaulahao pūlima.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 35

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Kiʻi 8.

Ke kāʻei ʻana i ke kī AES me ka hoʻohana ʻana i ka Intel Quartus Prime Programmer
.pem Pilikino
Ki

.qky

quartus_pgm

E uhi i ke Ki AES

AES.QSKigYnature RootCPhuabilnic Key

E hana i ka PUF Wrapped Key

Kāwī ʻia ʻo AES Key

SDM

.qek Hoʻopili
Ki

.wkey PUF-Wrapped
Ki AES

1. Hiki iā ʻoe ke hoʻopuka i ke kī kumu AES i kāʻei ʻia i ka IID PUF (.wkey) me ka Programmer me ka hoʻohana ʻana i kēia mau manaʻo:
· ʻO ka .qky file Loaʻa i kahi kaulahao pūlima me ka ʻae palapala kī kumu AES
· ʻO ka pilikino .pem file no ke kī hope loa ma ke kaulahao pūlima
· ʻO ka .qek file e paʻa ana i ke kī kumu AES
· Ka 16-byte initialization vector (iv).

quartus_pgm -c 1 -mjtag –qky_file=aes0_sign_chain.qky –pem_file=aes0_sign_private.pem –qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”

2. ʻO kahi ʻē aʻe, hiki iā ʻoe ke hoʻopuka i kahi palapala IID PUF i kāʻei ʻole ʻia i ka palapala kumu kumu AES me ka Programming. File Generator hoʻohana i kēia mau manaʻo:

quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert

3. Kau inoa ʻoe i ka palapala hōʻoia ʻole me kāu mau mea hana ponoʻī a i ʻole ka mea hana quartus_sign me ka hoʻohana ʻana i kēia kauoha:

quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert signed_aes.ccert

4. A laila hoʻohana ʻoe i ka Programmer e hoʻouna i ka palapala hōʻoia AES a hoʻihoʻi i ke kī i ʻōwili ʻia (.wkey) file:

quarts_pgm -c 1 -mjtag –ccert_file=signed_aes.ccert -o “ei;aes.wkey;AGFB014R24A”

Nānā: ʻAʻole pono ka hana i inā ua hoʻouka mua ʻoe i ke kiʻi kōkua firmware hoʻolako, no example, e kakau i ka PUF.

4.9.2.3. Nā ʻikepili kōkua polokalamu a me ke kī kī i ka QSPI Flash Memory
Hoʻohana ʻoe i ka Quartus Programming File Mea hoʻohana kiʻi kiʻi no ke kūkulu ʻana i kahi kiʻi uila QSPI mua i loaʻa kahi ʻāpana PUF. Pono ʻoe e hana a hoʻolālā i kahi kiʻi hoʻolālā uila holoʻokoʻa e hoʻohui i kahi ʻāpana PUF i ka flash QSPI. Hana ʻia ka PUF

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 36

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Kiʻi 9.

ka hoʻokaʻawale ʻikepili a me ka hoʻohana ʻana i ka ʻikepili kōkua PUF a me ke kī i kāwili ʻia fileʻAʻole kākoʻo ʻia nā kiʻi flash ma o ka Programming File Mea hoʻomohala laina kauoha.
Hōʻike kēia mau ʻanuʻu i ke kūkulu ʻana i kahi kiʻi hoʻolālā uila me ka ʻikepili kōkua PUF a me ke kī i kāwili ʻia:
1. Ma ka File menu, kaomi Programming File Mea hana hana. Ma ka Puka Files tab e hana i kēia mau koho:
a. No ka ʻohana Device koho iā Agilex 7.
b. No ke ʻano Configuration e koho i ka Active Serial x4.
c. No ka papa kuhikuhi Output e nānā i kāu huahana file papa kuhikuhi. ʻO kēia example hoʻohanafiles.
d. No ka inoa, e kuhikuhi i kahi inoa no ka papahana file e hanaia. ʻO kēia example hoʻohanafile.
e. Ma lalo o ka wehewehe e koho i ka papahana files e hooulu. ʻO kēia exampHoʻokumu ka le i ka JTAG Hoʻonohonoho kūʻokoʻa File (.jic) no ka hoʻonohonoho pono ʻana a me ka Raw Binary File o kiʻi kōkua polokalamu (.rbf) no ke kiʻi mea kōkua. ʻO kēia exampe koho pū i ka palapala hoʻomanaʻo koho File (.map) a me Raw Programming Data File (.rpd). ʻO ka ʻikepili hoʻolālā maka file pono wale nō inā hoʻolālā ʻoe e hoʻohana i kahi polokalamu polokalamu ʻekolu i ka wā e hiki mai ana.
Papahana File Mea hoʻoheheʻe - Hoʻopuka Files Tab - E koho iā JTAG Hoʻopono ʻole

ʻO ke ʻano hoʻonohonoho ʻohana ʻohana
Hoʻopuka file pā
Papa kuhikuhi puka
JTAG Palapala Hoʻomanaʻo Indirect (.jic). File Kōkua Papahana Raw Programming Data
Ma ka hookomo Files tab, e hana i kēia mau koho: 1. Kaomi Add Bitstream a nānā i kāu .sof. 2. E koho i kāu .sof file a laila kaomi iā Properties.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 37

4. Hoʻolako Mea Hana 683823 | 2023.05.23
a. E ho'ā i ka mea hana hōʻailona. b. No kī pilikino file koho i kāu .pem file. c. E ho'ā i ka hoʻopili hoʻopili. d. No ke kī hoʻopunipuni file koho i kāu .qek file. e. Kaomi iā OK e hoʻi i ka puka makani mua. 3. E kuhikuhi i kāu ʻikepili kōkua PUF file, kaomi Add Raw Data. Hoʻololi i ka Files o ka papa kuhikuhi hāʻule iho i ka Quartus Physical Unclonable Function File (*.puf). E nānā i kāu .puf file. Inā ʻoe e hoʻohana ana i ka IID PUF a me ka UDS IID PUF, e hana hou i kēia kaʻina i .puf files no kēlā me kēia PUF i hoʻohui ʻia i mea hoʻokomo files. 4. No ka wehewehe ʻana i kāu kī AES i ʻōwili ʻia file, kaomi Add Raw Data. Hoʻololi i ka Files o ka papa kuhikuhi hāʻule iho i ka Quartus Wrapped Key File (*.wkey). E nānā i kāu .wkey file. Inā ua ʻōwili ʻoe i nā kī AES me ka hoʻohana ʻana i ka IID PUF a me ka UDS IID PUF, e hana hou i kēia kaʻina i .wkey files no kēlā me kēia PUF i hoʻohui ʻia i mea hoʻokomo files.
Kiʻi 10. E wehewehe i ka hoʻokomo Files no ka Configuration, Authentication, and Encryption

Pākuʻi Bitstream E hoʻohui i ka ʻikepili Raw
Waiwai
Kiʻi pilikino file
Hoʻopau i ka hoʻopili ʻana i ke kī hoʻopili
Ma ka Configuration Device tab, e hana i kēia mau koho: 1. Kaomi Add Device a koho i kāu uila uila mai ka papa inoa o nā flash i loaʻa.
nā mea hana. 2. E koho i ka mīkini hoʻonohonoho āu i hoʻohui ai a kaomi i ka Add Partition. 3. Ma ka Edit Partition dialog box no ka Input file a koho i kou .sof mai ka
papa inoa hāʻule iho. Hiki iā ʻoe ke mālama i nā mea paʻa a hoʻoponopono paha i nā ʻāpana ʻē aʻe i ka pahu dialog Edit Partition.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 38

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23
Kiʻi 11. E wehewehe ana i kāu .sof Configuration Bitstream Partition

Mea hoʻonohonoho
Hoʻoponopono Pākuʻi Pākuʻi .sof file

Pākuʻi Pākuʻi

4. Ke hoʻohui ʻoe i ka .puf a me .wkey i mea hoʻokomo files, ka Papahana File Hana ʻo Generator i kahi ʻāpana PUF i kāu Pūnaewele Hoʻonohonoho. No ka mālama ʻana i ka .puf a me .wkey ma ka pā PUF, e koho i ka ʻāpana PUF a kaomi iā Edit. I ka Edit Partition dialog box, koho i kāu .puf a me .wkey files mai nā papa inoa hāʻule iho. Inā wehe ʻoe i ka ʻāpana PUF, pono ʻoe e wehe a hoʻohui hou i ka mea hoʻonohonoho no ka Polokalamu File Generator e hana i kekahi ʻāpana PUF. Pono ʻoe e koho i ka .puf a me .wkey pololei file no ka IID PUF a me ka UDS IID PUF.
Kiʻi 12. E hoʻohui i ka .puf a me .wkey files i ka ʻāpana PUF

Māhele PUF

Hoʻoponopono

Hoʻoponopono ʻāpana

Mea hoʻouka uila

E koho E hana

5. No ka hoʻohālikelike Flash Loader e koho i ka ʻohana mea hana Intel Agilex 7 a me ka inoa o ka mea hana i kūpono i kāu Intel Agilex 7 OPN.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 39

4. Hoʻolako Mea Hana 683823 | 2023.05.23
6. Kaomi i ka Generate no ka hoʻopuka ʻana files au i hoakaka ma ka Output Files kapu.
7. Ka Papahana File Heluhelu ʻo Generator i kāu .qek file a paipai iā ʻoe no kāu ʻōlelo huna. Kākau i kāu ʻōlelo huna ma ka pane ʻana i ka ʻōlelo hoʻokomo QEK passphrase. Kaomi i ke kī Enter.
8. Kaomi iā OK i ka wā e hoʻolālā ai File Hōʻike ʻo Generator i ka hanauna holomua.
Hoʻohana ʻoe i ka Intel Quartus Prime Programmer e kākau i ke kiʻi polokalamu QSPI i ka hoʻomanaʻo flash QSPI. 1. Ma ka papa kuhikuhi Intel Quartus Prime Tools koho Programmer. 2. Ma ka Programmer, kaomi Hardware Setup a laila koho i kahi Intel pili
FPGA Hoʻoiho Uila. 3. Kaomi Add File a nānā i kāu .jic file.
Helu 13. Papahana .jic

Papahana file

Papahana/ Hoʻonohonoho

JTAG kaulahao scan
4. Wehe i ka pahu e pili ana i ke kiʻi Helper. 5. E koho i ka Polokalamu/Configure no ka puka .jic file. 6. E ho'ā i ke pihi hoʻomaka e hoʻolālā i kāu quad SPI flash memory. 7. Ka pōʻaiapuni mana i kāu papa. Hoʻolālā ʻia ka hoʻolālā i ka quad SPI flash memory
Hoʻokomo ʻia ka hāmeʻa i ka FPGA pahuhopu.
Pono ʻoe e hana a hoʻolālā i kahi kiʻi hoʻolālā uila holoʻokoʻa e hoʻohui i kahi ʻāpana PUF i ka uila quad SPI.
Ke loaʻa nei kahi ʻāpana PUF i ka uila, hiki iā ʻoe ke hoʻohana i ka Intel Quartus Prime Programmer e kiʻi pololei i ka ʻikepili kōkua PUF a me ke kī kīwī. files. No exampʻaʻole, inā ʻaʻole i kūleʻa ka hoʻāla ʻana, hiki ke hoʻopaʻa inoa hou i ka PUF, hoʻopili hou i ke kī AES, a ma hope e hoʻolālā wale i ka PUF. files me ka ʻole e kākau hou i ka flash holoʻokoʻa.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 40

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23
Kākoʻo ka Intel Quartus Prime Programmer i kēia hoʻopaʻapaʻa hana no PUF files i loko o kahi ʻāpana PUF mua:
· p: papahana
· v: hōʻoia
· r: holoi
· b: kaha hakahaka
Pono ʻoe e hahai i nā kapu like no ka hoʻopaʻa inoa ʻana i ka PUF, ʻoiai inā he ʻāpana PUF.
1. E hoʻohana i ka hoʻopaʻapaʻa i hana e hoʻouka i ke kiʻi kōkua firmware hoʻolako no ka hana mua. No exampe, ke kaʻina kauoha ma lalo nei e hoʻopaʻa inoa hou i ka PUF, e hoʻopili hou i ke kī kumu AES, holoi i ka ʻikepili kōkua PUF kahiko a me ke kī ʻōwili ʻia, a laila e hoʻolālā a hōʻoia i ka ʻikepili kōkua PUF hou a me ke kī kumu AES.
quartus_pgm -c 1 -mjtag -o “ei;new.puf;AGFB014R24A” quartus_pgm -c 1 -mjtag –ccert_file=signed_aes.ccert -o “e;new.wkey;AGFB014R24A” quartus_pgm -c 1 -mjtag -o “r;old.puf” quartus_pgm -c 1 -mjtag -o “r;old.wkey” quartus_pgm -c 1 -mjtag -o “p;new.puf” quartus_pgm -c 1 -mjtag -o “p;new.wkey” quartus_pgm -c 1 -mjtag -o “v;new.puf” quartus_pgm -c 1 -mjtag -o “v;new.wkey”
4.9.2.4. Ke nīnau nei i ke kūlana hoʻāla PUF ID Intrinsic
Ma hope o kou hoʻopaʻa inoa ʻana i ka Intrinsic ID PUF, e hoʻopili i kahi kī AES, e hana i ka polokalamu uila files, a hōʻano hou i ka quad SPI flash, hiki iā ʻoe ke hoʻololi i kāu hāmeʻa e hoʻāla i ka PUF hoʻāla a me ka hoʻonohonoho ʻana mai ka bitstream i hoʻopili ʻia. Hōʻike ka SDM i ke kūlana hoʻonā PUF me ke kūlana hoʻonohonoho. Inā hāʻule ka hoʻoulu ʻana o PUF, hōʻike ka SDM i ke kūlana hewa PUF. E hoʻohana i ke kauoha quartus_pgm e nīnau i ke kūlana hoʻonohonoho.
1. E hoʻohana i kēia kauoha e nīnau i ke kūlana hoʻāla:
quartus_pgm -c 1 -mjtag –status –status_type=”CONFIG”
Eia sampka hoʻopuka mai kahi hoʻonā holomua:
ʻIke (21597): Ke holo nei ka pane o CONFIG_STATUS Device ma ke ʻano mea hoʻohana 00006000 RESPONSE_CODE=OK, LENGTH=6 00000000 STATE=IDLE 00160300 Version C000007B MSEL=QSPI_NORMAL, nSTATUS=1, nSTATUS=1, nSTATUS=1, nSTATUS=XNUMX, nSTATUS=XNUMX
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Wahi hewa 00000000 Nā kikoʻī hewa Pane o PUF_STATUS 00002000_2DE=USA_00000500 IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 41

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Inā hoʻohana wale ʻoe i ka IID PUF a i ʻole ka UDS IID PUF, a ʻaʻole ʻoe i hoʻolālā i kahi ʻikepili kōkua .puf file no ka PUF ma ka QSPI flash, ʻaʻole i hoʻāla ʻia ka PUF a hōʻike ke kūlana PUF ʻaʻole kūpono ka ʻikepili kōkua PUF. ʻO ka exampe hōʻike ana i ke kūlana PUF inā ʻaʻole i hoʻolālā ʻia ka ʻikepili kōkua PUF no kēlā me kēia PUF:
Pane o PUF_STATUS 00002000 RESPONSE_CODE=OK, LENGTH=2 00000002 USER_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0

4.9.2.5. Kahi o ka PUF ma Flash Memory
Kahi o ka PUF file ʻokoʻa no nā hoʻolālā e kākoʻo ana i ka RSU a me nā hoʻolālā i kākoʻo ʻole i ka hiʻohiʻona RSU.

No nā hoʻolālā i kākoʻo ʻole i ka RSU, pono ʻoe e hoʻokomo i ka .puf a me .wkey files ke hana ʻoe i nā kiʻi flash hou. No nā hoʻolālā e kākoʻo ana i ka RSU, ʻaʻole kākau ka SDM i nā ʻāpana ʻikepili PUF i ka wā o ka hale hana a i ʻole ka hoʻonui ʻana i nā kiʻi noi.

Papa 2.

ʻO ka Layout Flash Sub-Partitions me ke kākoʻo ʻole o RSU

Hoʻopau Flash (ma nā paita)

Nui (ma nā paita)

ʻIkepili

wehewehe

0K 256K

256K 256K

ʻO ka hoʻonohonoho hoʻonohonoho ʻana i ka hoʻonohonoho hoʻonohonoho hoʻokele waiwai

Firmware e holo ana ma SDM.

512K

256K

Firmware hooponopono hooponopono

768K

256K

Firmware hooponopono hooponopono

32K

Kope ʻikepili PUF 0

Hoʻolālā ʻikepili no ka mālama ʻana i ka ʻikepili kōkua PUF a me ke kope kī kumu AES i kāʻei ʻia e PUF

1M+32K

32K

Kope ʻikepili PUF 1

Hoʻolālā ʻikepili no ka mālama ʻana i ka ʻikepili kōkua PUF a me ke kope kī kumu AES i kāʻei ʻia e PUF

Papa 3.

ʻO ka Layout Flash Sub-Partitions me ke kākoʻo RSU

Hoʻopau Flash (ma nā paita)

Nui (ma nā paita)

ʻIkepili

wehewehe

0K 512K

512K 512K

Firm firmware Hoʻoholo firmware

Firmware e ʻike a hoʻouka i ke kiʻi koʻikoʻi.

1M 1.5M

512K 512K

Firm firmware Hoʻoholo firmware

8K + 24K

ʻIkepili firmware hoʻoholo

Padding

Mālama ʻia no ka hoʻohana ʻana i ka firmware hoʻoholo.

2M + 32K

32K

Mālama ʻia no SDM

Mālama ʻia no SDM.

2M + 64K

Hoʻololi

Kiʻi hale hana

He kiʻi maʻalahi āu e hana ai ma ke ʻano he hoʻihoʻi inā ʻaʻole e hoʻouka ʻia nā kiʻi noiʻi ʻē aʻe. Aia kēia kiʻi i ka CMF e holo ana ma ka SDM.

Aʻe

32K

Kope ʻikepili PUF 0

Hoʻolālā ʻikepili no ka mālama ʻana i ka ʻikepili kōkua PUF a me ke kope kī kumu AES i kāʻei ʻia e PUF
hoʻomau…

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 42

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Hoʻopau Flash (ma nā paita)

Nui (ma nā paita)

Aʻe +32K 32K

Kope ʻikepili PUF maʻiʻo 1

Aʻe + 256K 4K Aʻe +32K 4K Aʻe +32K 4K

Kope papa ʻāpana ʻāpana 0 Kope papa ʻāpana ʻāpana 1 kope poloka kuhikuhi CMF 0

Aʻe +32K _

ʻO ka papa kuhikuhi CMF kope 1

Hoʻololi Hoʻololi

Kiʻi noi 1 kiʻi noi 2

4.9.3. Hoʻolako kī ʻeleʻele

wehewehe
Hoʻolālā ʻikepili no ka mālama ʻana i ka ʻikepili kōkua PUF a me ke kope kī kumu AES i kāʻei ʻia e PUF
Hoʻolālā ʻikepili e hoʻomaʻamaʻa i ka mālama ʻana i ka waihona flash.
He papa inoa o nā kuhikuhi i nā kiʻi noi ma ke ʻano o ka mea nui. Ke hoʻohui ʻoe i kahi kiʻi, lilo kēlā kiʻi i mea kiʻekiʻe loa.
He kope ʻelua o ka papa kuhikuhi o nā kiʻi noiʻi.
ʻO kāu kiʻi noi mua.
ʻO kāu kiʻi noi lua.

Nānā:

Kōkua ʻo Intel Quartus PrimeProgrammer i ka hoʻokumu ʻana i kahi pilina paʻa i hoʻopaʻa ʻia ma waena o ka polokalamu Intel Agilex 7 a me ka lawelawe hāʻawi kī ʻeleʻele. Hoʻokumu ʻia ka pilina paʻa ma o https a koi i kekahi mau palapala hōʻoia i ʻike ʻia me ka hoʻohana ʻana i kahi kikokikona file.
Ke hoʻohana nei ʻo Black Key Provisioning, paipai ʻo Intel iā ʻoe e hōʻalo i ka hoʻopili ʻana i waho i ka pine TCK e huki i luna a huki paha i kahi pale ʻoiai e hoʻohana mau ana ia no JTAG. Eia naʻe, hiki iā ʻoe ke hoʻohui i ka pine TCK i ka lako mana VCCIO SDM me ka hoʻohana ʻana i kahi pale 10 k. ʻO ke alakaʻi i loaʻa i loko o ka Pin Connection Guidelines e hoʻohui iā TCK i kahi pale huki huki 1 k ua hoʻokomo ʻia no ka hoʻopau ʻana i ka walaʻau. ʻAʻole pili ka hoʻololi ʻana i ke alakaʻi ʻana i kahi pale huki huki 10k i ka hana pono. No ka ʻike hou aku e pili ana i ka hoʻopili ʻana i ka pine TCK, e nānā iā Intel Agilex 7 Pin Connection Guidelines.
Hōʻoia ka Thebkp_tls_ca_certcertificate i kāu laʻana lawelawe hāʻawi kī ʻeleʻele i kāu laʻana polokalamu hoʻolako kī ʻeleʻele. ʻO Thebkp_tls_*certificates e hōʻoiaʻiʻo i kāu mea hoʻolalelale hoʻolako kī ʻeleʻele i kāu laʻana lawelawe hoʻolako kī ʻeleʻele.
Hana ʻoe i kikokikona file Loaʻa ka ʻike kūpono no ka Intel Quartus Prime Programmer e hoʻopili ai i ka lawelawe hāʻawi kī ʻeleʻele. No ka hoʻomaka ʻana i ka hāʻawi ʻana i nā kī ʻeleʻele, e hoʻohana i ka interface laina kauoha Programmer e kuhikuhi i nā kikokikona koho hāʻawi kī ʻeleʻele. file. A laila e hoʻomau maʻalahi ka hoʻolako kī ʻeleʻele. No ke komo ʻana i ka lawelawe hāʻawi kī ʻeleʻele a me nā palapala pili, e ʻoluʻolu e kelepona iā Intel Support.
Hiki iā ʻoe ke ʻae i ka hāʻawi ʻana i ke kī ʻeleʻele me ka hoʻohana ʻana i ke kauoha quarterus_pgm:
quartus_pgm -c -m –mea hana –bkp_options=bkp_options.txt
Hōʻike nā manaʻo kauoha i kēia ʻike:

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 43

4. Hoʻolako Mea Hana 683823 | 2023.05.23

· -c: helu kelepona · -m: kuhikuhi i ke ʻano papahana e like me JTAG · –mea hoʻohana: hōʻike ʻia i kahi papa kuhikuhi mea hana ma ka JTAG kaulahao. ʻO ka waiwai paʻamau ʻo 1. · –bkp_options: kuhikuhi i kahi kikokikona file loaʻa nā koho hāʻawi kī ʻeleʻele.
ʻIke pili Intel Agilex 7 Device Family Pin Guidelines Connection Guidelines

4.9.3.1. Nā Koho Hoʻolako kī ʻeleʻele
ʻO nā koho hāʻawi kī ʻeleʻele he kikokikona file hāʻawi ʻia i ka Programmer ma o ke kauoha quartus_pgm. ʻO ka file Loaʻa ka ʻike i koi ʻia e hoʻomaka i ka hoʻolako kī ʻeleʻele.
He example o ka bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = root.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pem_prog_prog_key = prog_key.pem_prok1234 https://192.167.5.5:5000 bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password

Papa 4.

Nā Koho Hoʻolako kī ʻeleʻele
Hōʻike kēia papa i nā koho e pono ai e hoʻāla i ka hāʻawi kī ʻeleʻele.

Inoa koho

ʻAno

wehewehe

bkp_ip

Pono

Hōʻike i ka helu IP kikowaena e holo ana i ka lawelawe hāʻawi kī ʻeleʻele.

bkp_port

Pono

Hōʻike i ke awa lawelawe hāʻawi kī ʻeleʻele e pono e hoʻopili i ke kikowaena.

bkp_cfg_id

Pono

Hoʻomaopopo i ke kī ʻeleʻele hoʻolako hoʻonohonoho hoʻonohonoho ID kahe.
Hoʻokumu ka lawelawe hāʻawi kī ʻeleʻele i nā kahe hoʻonohonoho hoʻolako kī ʻeleʻele me kahi kī kumu AES, nā hoʻonohonoho eFuse i makemake ʻia, a me nā koho mana hāʻawi kī ʻeleʻele ʻē aʻe. ʻO ka helu i hāʻawi ʻia i ka wā o ka hoʻonohonoho lawelawe hoʻolako kī ʻeleʻele e ʻike i nā kahe hoʻonohonoho hoʻolako kī ʻeleʻele.
'Ōlelo Aʻo: E pili ana paha nā mea he nui i ke kahe hoʻonohonoho lawelawe hoʻolako kī ʻeleʻele like.

bkp_tls_ca_cert

Pono

ʻO ka palapala kumu TLS i hoʻohana ʻia e ʻike i nā lawelawe hāʻawi kī ʻeleʻele i ka Intel Quartus Prime Programmer (Programmer). ʻO kahi mana palapala i hilinaʻi ʻia no ka laʻana lawelawe hāʻawi kī ʻeleʻele e hoʻopuka i kēia palapala.
Inā holo ʻoe i ka Programmer ma ke kamepiula me ka ʻōnaehana hana Microsoft® Windows® (Windows), pono ʻoe e hoʻokomo i kēia palapala hōʻoia ma ka hale kūʻai palapala palapala Windows.

bkp_tls_prog_cert

Pono

ʻO kahi palapala hōʻoia i hana ʻia no ka laʻana o ka Programmer hāʻawi kī ʻeleʻele (BKP Programmer). ʻO kēia ka palapala hōʻoia o ka mea kūʻai aku https i hoʻohana ʻia no ka ʻike ʻana i kēia hiʻohiʻona polokalamu BKP
hoʻomau…

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 44

Hoʻouna Manaʻo

4. Hoʻolako Mea Hana 683823 | 2023.05.23

Inoa koho

ʻAno

bkp_tls_prog_key

Pono

bkp_tls_prog_key_pass Koho

bkp_proxy_address bkp_proxy_user bkp_proxy_password

Koho Koho Koho

wehewehe
i ka lawelawe hāʻawi kī ʻeleʻele. Pono ʻoe e hoʻokomo a ʻae i kēia palapala hōʻoia ma ka lawelawe hoʻolako kī ʻeleʻele ma mua o ka hoʻomaka ʻana i kahi kau hāʻawi kī ʻeleʻele. Inā holo ʻoe i ka Programmer ma Windows, ʻaʻole i loaʻa kēia koho. I kēia hihia, ua komo pū ka bkp_tls_prog_key i kēia palapala.
ʻO ke kī pilikino e pili ana i ka palapala BKP Programmer. Hoʻopaʻa ke kī i ka ʻike o ka BKP Programmer i ka lawelawe hāʻawi kī ʻeleʻele. Inā holo ʻoe i ka Programmer ma Windows, ʻo ka .pfx file hoʻohui i ka palapala bkp_tls_prog_cert a me ke kī pilikino. ʻO ke koho bkp_tlx_prog_key e hele i ka .pfx file ma ka bkp_options.txt file.
ʻO ka ʻōlelo huna no ke kī pilikino bkp_tls_prog_key. 'A'ole koi 'ia ma ke kī 'ele'ele e hā'awi ana i nā koho ho'onohonoho (bkp_options.txt) kikokikona file.
Hōʻike i ke kikowaena proxy URL helu wahi.
Hōʻike i ka inoa inoa o ke kikowaena proxy.
Hōʻike i ka ʻōlelo huna hōʻoia proxy.

4.10. Ke hoʻololi nei i ka mea nona ke kumu kumu, AES Root Key palapala, a me ka Fuse files ia Jam STAPL File Nā palapala

Hiki iā ʻoe ke hoʻohana i ke kauoha laina kauoha quartus_pfg e hoʻololi i ka .qky, ke kī kumu AES .ccert, a me ka .fuse. files iā Jam STAPL Format File (.jam) a me Jam Byte Code Format File (.jbc). Hiki iā ʻoe ke hoʻohana i kēia mau mea filee hoʻolālā i nā Intel FPGA me ka hoʻohana ʻana i ka Jam STAPL Player a me ka Jam STAPL Byte-Code Player, kēlā me kēia.

Loaʻa i kahi .jam a i ʻole .jbc kekahi mau hana me kahi hoʻonohonoho kiʻi kōkua firmware a me ka papahana, ka nānā ʻole ʻana, a me ka hōʻoia ʻana o ka polokalamu kī a me ka fuse.

akahele:

Ke hoʻololi ʻoe i ke kī kumu AES .ccert file to .jam format, ka .jam file Aia ke kī AES ma ke ʻano kikokikona akā i ʻike ʻia. No laila, pono ʻoe e pale i ka .jam file i ka wā e mālama ai i ke kī AES. Hiki iā ʻoe ke hana i kēia ma ka hoʻolako ʻana i ke kī AES ma kahi wahi palekana.

Eia nā exampliʻiliʻi o nā kauoha hoʻololi quartus_pfg:

quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jam quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky.jky;root2.qky. c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device=AGFB014. er_device=AGFB24RXNUMXA hoʻonohonoho. fuse settings_fuse.jbc

No ka ʻike hou aku e pili ana i ka hoʻohana ʻana i ka Jam STAPL Player no ka hoʻonohonoho ʻana i nā polokalamu e nānā i ka AN 425: Ke hoʻohana nei i ka Command-Line Jam STAPL Solution no ka polokalamu polokalamu.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 45

4. Hoʻolako Mea Hana 683823 | 2023.05.23
E holo i kēia mau kauoha e hoʻolālā i ka mea nona ke kī ākea a me ke kī hoʻopunipuni AES:
// No ka hoʻouka ʻana i ka bitstream kōkua i loko o ka FPGA. // Aia ka bitstream mea kōkua i ka hoʻolako firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//E hoʻolālā i ka mea nona ka aʻa kī lehulehu i loko o ka virtual eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//E hoʻopolokalamu i ka mea nona ka aʻa kī lehulehu i loko o ke kino eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//E hoʻopolokalamu i ka mea nona ka PR e aʻa i ke kī lehulehu i loko o ka virtual eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//E hoʻolālā i ka mea nona ka PR aʻa i ke kī lehulehu i loko o ke kino eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//E hoʻolālā i ke kī hoʻopunipuni AES CCERT i loko o BBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//E hoʻolālā i ke kī hoʻopunipuni AES CCERT i loko o ke kino eFuses quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
'Ikepili e pili ana AN 425: Ke ho'ohana nei i ka Command-Line Jam STAPL Solution no ka polokalamu polokalamu

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 46

Hoʻouna Manaʻo

683823 | 2023.05.23 Hoʻouna Manaʻo

Nā hiʻohiʻona kiʻekiʻe

5.1. Palekana Debug Mana
I mea e hiki ai iā Secure Debug Authorization, pono ka mea nona ka debug e hoʻopuka i kahi kī hōʻoia a hoʻohana i ka Intel Quartus Prime Pro Programmer e hoʻopuka i kahi ʻike pili. file no ka mea e holo ana i ke kiʻi debug:
quartus_pgm -c 1 -mjtag -o “ei;device_info.txt;AGFB014R24A” –dev_info
Hoʻohana ka mea nona ka hāmeʻa i ka mea hana quartus_sign a i ʻole ka hoʻokō kuhikuhi e hoʻopili i kahi komo kī lehulehu kūlana i kahi kaulahao pūlima i manaʻo ʻia no ka hana debug me ka hoʻohana ʻana i ke kī lehulehu mai ka mea nona ka debug, nā mana kūpono, ka kikokikona ʻike. file, a me nā kapu hou e pili ana:
quartus_sign –family=agilex –operation=append_key –previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky –permission=0x6 –cancel=1 –dev_info=device_info.txt –restriction=”1,2,17,18″ debug_authorization_public_key.pem secure_debug_auth_chain.qky
Hoʻouna ka mea nona ka mea hana i ke kaulahao pūlima piha i ka mea nona ka debug, nāna e hoʻohana i ke kaulahao pūlima a me kā lākou kī pilikino e kau inoa i ke kiʻi debug:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
Hiki iā ʻoe ke hoʻohana i ke kauoha quartus_pfg e nānā i ke kaulahao pūlima o kēlā me kēia ʻāpana o kēia bitstream debug palekana i kau inoa ʻia e like me kēia:
quartus_pfg –check_integrity authorized_debug_design.rbf
ʻO ka puka o kēia kauoha e paʻi i nā koina kaohi 1,2,17,18 o ke kī aupuni kūlana i hoʻohana ʻia no ka hoʻopuka ʻana i ka bitstream i pūlima ʻia.
Hiki i ka mea debug ke hoʻolālā i ka hoʻolālā debug i ʻae ʻia:
quartus_pgm -c 1 -mjtag -o “p;authorized_debug_design.rbf”
Hiki i ka mea nona ka mea hana ke hoʻopau i ka ʻae debug palekana ma ke kāpae ʻana i ka ID hoʻopau kī kikoʻī i hāʻawi ʻia ma ke kaulahao pūlima ʻae debug palekana.
5.2. Nā Palapala Hōʻoia HPS Debug
ʻO ka ʻae ʻana i ke komo ʻae wale ʻia i ka HPS debug access port (DAP) ma o JTAG Pono ka interface i kekahi mau ʻanuʻu:

ISO 9001:2015 Kakau

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
1. E kaomi i ka papa kuhikuhi Intel Quartus Prime software Assignments a koho i ka ʻaoʻao ʻO ka Device Device and Pin Options Configuration tab.
2. Ma ka ʻaoʻao Configuration, hiki iā ʻoe ke hoʻohana i ka HPS debug access port (DAP) ma ke koho ʻana i nā HPS Pins a i ʻole SDM Pins mai ka papa kuhikuhi hāʻule iho, a me ka hōʻoia ʻana ʻaʻole i koho ʻia ka pahu hoʻopaʻapaʻa ʻae HPS me ka ʻole o nā palapala hōʻoia.
Kiʻi 14. E wehewehe i nā HPS a i ʻole SDM Pins no ka HPS DAP

HPS debug access port (DAP)
ʻO kahi ʻē aʻe, hiki iā ʻoe ke hoʻonohonoho i ka haʻawina ma lalo nei ma ka Quartus Prime Settings .qsf file:
set_global_assignment -inoa HPS_DAP_SPLIT_MODE “SDM PINS”
3. Hoʻopili a hoʻouka i ka hoʻolālā me kēia mau hoʻonohonoho. 4. E hana i kahi kaulahao pūlima me nā ʻae kūpono e kau inoa i kahi debug HPS
palapala hōʻoia:
quartus_sign –family=agilex –operation=append_key –previous_pem=root_private.pem –previous_qky=root.qky –ʻae=0x8 –cancel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_cert_sign_chain.
5. E noi i palapala hōʻoia debug HPS i kau inoa ʻole ʻia mai ka hāmeʻa kahi i hoʻouka ʻia ai ka hoʻolālā debug:
quartus_pgm -c 1 -mjtag -o “e; unsigned_hps_debug.cert;AGFB014R24A”
6. E kau inoa i ka palapala hō'oia debug HPS me ka ho'ohana 'ana i ka mea hana quartus_sign a i 'ole ka ho'okō kuhikuhi a me ke kaulahao pūlima HPS debug:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert signed_hps_debug.cert

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 48

Hoʻouna Manaʻo

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
7. E hoʻouna i ka palapala hoʻopaʻapaʻa HPS i pūlima ʻia i ka hāmeʻa e hiki ai ke komo i ka HPS debug access port (DAP):
quartus_pgm -c 1 -mjtag -o “p;signed_hps_debug.cert”
Pono wale ka palapala debug HPS mai ka manawa i hana ʻia ai a hiki i ka pōʻaiapuni mana aʻe o ka hāmeʻa a i ʻole a hiki i ka hoʻouka ʻia ʻana o kahi ʻano a i ʻole mana o SDM firmware. Pono ʻoe e hana, hoʻopaʻa, a hoʻolālā i ka palapala hōʻoia debug HPS i pūlima ʻia, a hana i nā hana debug a pau, ma mua o ka hoʻokele uila ʻana i ka hāmeʻa. Hiki iā ʻoe ke hōʻole i ka palapala hōʻoia debug HPS i hoʻopaʻa inoa ʻia ma o ka hoʻokele mana o ka hāmeʻa.
5.3. Papa Hooia
Hiki iā ʻoe ke hana i kahi hōʻike hōʻike pono kuhikuhi (.rim) file hoʻohana i ka polokalamu file mea hana mīkini hana:
quartus_pfg -c signed_encrypted_top.rbf top_rim.rim
E hahai i kēia mau ʻanuʻu e hōʻoia i ka hōʻoia ʻana o ke kahua ma kāu hoʻolālā: 1. E hoʻohana i ka Intel Quartus Prime Pro Programmer e hoʻonohonoho i kāu hāmeʻa me ka
hoʻolālā āu i hana ai i kahi hōʻike kūpaʻa kuhikuhi no. 2. E hoʻohana i ka mea hōʻoia hōʻoia no ke kākau inoa ʻana i ka hāmeʻa ma ka hoʻopuka ʻana i nā kauoha i ka
SDM ma o ka pahu leta SDM e hana i ka palapala ID mea a me ka palapala firmware ma ka hoʻouka hou ʻana. 3. E hoʻohana i ka Intel Quartus Prime Pro Programmer e hoʻonohonoho hou i kāu hāmeʻa me ka hoʻolālā. 4. E hoʻohana i ka mea hōʻoia hōʻoia no ka hoʻopuka ʻana i nā kauoha i ka SDM no ka loaʻa ʻana o ka palapala hōʻoia mea hoʻohana, firmware, a me nā palapala inoa inoa. 5. E hoʻohana i ka mea hōʻoia hōʻoia e hoʻopuka i ke kauoha pahu leta SDM no ka loaʻa ʻana o ka hōʻike hōʻoia a nānā ka mea hōʻoia i nā hōʻike i hoʻihoʻi ʻia.
Hiki iā ʻoe ke hoʻokō i kāu lawelawe hōʻoia ponoʻī me ka hoʻohana ʻana i nā kauoha pahu leka SDM, a i ʻole e hoʻohana i ka lawelawe hōʻoia hōʻoia hōʻoia o Intel. No ka ʻike hou aku e pili ana i nā polokalamu lawelawe hōʻoia hōʻoia o Intel platform, loaʻa, a me nā palapala, e kelepona iā Intel Support.
ʻIke pili Intel Agilex 7 Device Family Pin Guidelines Connection Guidelines
5.4. Kino Anti-Tamper
Hiki iā ʻoe ke anti-t kinoamper nā hiʻohiʻona me ka hoʻohana ʻana i kēia mau ʻanuʻu: 1. Ke koho ʻana i ka pane i makemake ʻia i kahi t i ʻike ʻiaamper hanana 2. Hoʻonohonoho i ka makemake tampʻO nā ʻano ʻike a me nā ʻāpana 3. Me ka anti-tamper IP i kāu loiloi hoʻolālā e kōkua i ka hoʻokele anti-tamper
hanana

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 49

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
5.4.1. Kūʻē-Tamper Nā pane
Hiki iā ʻoe ke anti-t kinoamper ma ke koho ʻana i kahi pane mai ka Anti-tamppane: papa inoa hāʻule i lalo ma ka Mea Hana Mea Hana a me nā koho Pin Options Security Anti-Tamper tab. Ma ka maʻamau, ʻo ka anti-tampua pio ka pane. ʻElima mau ʻano o ka anti-tamphiki ke pane. Ke koho ʻoe i kāu pane i makemake ʻia, hiki ke hoʻohana ʻia nā koho e hiki ai i hoʻokahi a ʻoi aku paha nā ala ʻike.
Kiʻi 15. Loaʻa iā Anti-Tamper Nā Koho Pane

ʻO ka hana e pili ana i ka Quartus Prime settings .gsf file penei:
set_global_assignment -inoa ANTI_TAMPER_RESPONSE "NOTIFICATION DEVICE WIPE DEVICE LOCK AND ZEROIZATION"
Ke hoʻā ʻoe i kahi anti-tamper pane, hiki iā ʻoe ke koho i ʻelua SDM i hoʻolaʻa ʻia I/O pine e hoʻopuka i ka tampʻike ʻia ka hanana hanana a me ke kūlana pane me ka hoʻohana ʻana i ka pukaaniani Nā Mea Hana Hana a me nā koho Pin Configuration Configuration Pin Options.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 50

Hoʻouna Manaʻo

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
Kiʻi 16. Loaʻa nā SDM hoʻolaʻa I/O Pins no Tamper Ka Hana Hana

Hiki paha iā ʻoe ke hana i kēia mau hana pin ma nā hoʻonohonoho file: set_global_assignment -name USE_TAMPER_DETECT SDM_IO15 set_global_assignment -inoa ANTI_TAMPER_RESPONSE_FAILED SDM_IO16

5.4.2. Kūʻē-Tamper ʻIke ʻia

Hiki iā ʻoe ke hoʻololi i ke alapine, wela, a me ka voltagnā hiʻohiʻona ʻike o ka SDM. ʻO ka ʻike FPGA e pili ana i ka hoʻopili ʻana i ka Anti-Tamper Lite Intel FPGA IP i kāu hoʻolālā.

Nānā:

SDM alapine a me voltagetampʻO nā ʻano ʻike e pili ana i nā kuhikuhi kūloko a me nā lako ana i hiki ke ʻokoʻa ma waena o nā mea hana. Manaʻo ʻo Intel e hōʻike ʻoe i ke ʻano o ka tamper hoʻonohonoho ʻike.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 51

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
Ka pinepine tampHoʻohana ʻia ka ʻike ʻana ma ke kumu uaki hoʻonohonoho. E hiki ai ke alapine tampʻO ka ʻike ʻana, pono ʻoe e kuhikuhi i kahi koho ʻē aʻe ma waho o ka Oscillator Kūloko i ka hāʻule ʻana o ke kumu o ka uaki Configuration ma ka ʻaoʻao Assignments Device Device a me Pin Options General tab. Pono ʻoe e hōʻoia i ka holo ʻana i ka CPU hoʻonohonoho hoʻonohonoho mai ka pahu pahu oscillator kūloko ma mua o ka hiki ʻana i ke alapine tampʻike ʻia. Kiʻi 17. Hoʻonohonoho i ka SDM i ka Oscillator Kūloko
E hiki ai ke alapine tampi ka ʻike ʻana, e koho i ka Enable frequency tamper pahu koho a koho i ka Frequency makemake tamper laula ʻike mai ka papa kuhikuhi. Kiʻi 18. ʻO ka hiki ʻana i ke alapine Tamper ʻIke ʻia

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 52

Hoʻouna Manaʻo

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
ʻO kahi ʻē aʻe, hiki iā ʻoe ke hana i ka Frequency Tamper ʻIke ma ka hana ʻana i kēia mau hoʻololi i ka Quartus Prime Settings .qsf file:
set_global_assignment -inoa AUTO_RESTART_CONFIGURATION OFF set_global_assignment -inoa DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ set_global_assignment -inoa RUN_CONFIG_CPU_FROM_INT_OSC ON set_global_ENABLE_assignmentAMPER_DETECTION ON set_global_assignment -inoa FREQUENCY_TAMPER_DETECTION_RANGE 35
No ka hiki ke wela tamper detection, koho i ka Enable temperature tampka pahu huli ʻike a koho i ka wela i makemake ʻia ma luna a me ka palena haʻahaʻa ma nā kahua pili. Hoʻopili ʻia nā palena o luna a me lalo e ka paʻamau me ka pae wela pili no ka mea i koho ʻia i ka hoʻolālā.
E hiki ai i ka voltagetamper ʻike, koho ʻoe i kekahi a i ʻole ʻelua o ka Enable VCCL voltagetampka ʻike ʻana a i ʻole E hoʻā i ka VCCL_SDM voltagetamper detection checkboxes a koho i ka Voltagetamper detection trigger percentage ma ke kahua pili.
Kiʻi 19. Eabling Voltage Tamper ʻIke ʻia

ʻO kahi ʻē aʻe, hiki iā ʻoe ke hoʻoikaika i ka Voltage Tamper ʻIke ʻia ma ka wehewehe ʻana i nā haʻawina ma ka .qsf file:
set_global_assignment -inoa ENABLE_TEMPERATURE_TAMPER_DETECTION ON set_global_assignment -inoa TEMPERATURE_TAMPER_UPPER_BOUND 100 set_global_assignment -inoa ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION ON set_global_assignment -inoa ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION ON
5.4.3. Kūʻē-Tamper Lite Intel FPGA IP
ʻO ka Anti-Tamper Lite Intel FPGA IP, loaʻa ma ka IP catalog ma Intel Quartus Prime Pro Edition lako polokalamu, hoʻomaʻamaʻa i ke kamaʻilio ʻelua ʻaoʻao ma waena o kāu hoʻolālā a me ka SDM no tamper hanana.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 53

Helu 20. Anati-Tamper Lite Intel FPGA IP

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23

Hāʻawi ka IP i nā hōʻailona e pili ana i kāu hoʻolālā e like me ka mea e pono ai:

Papa 5.

Kūʻē-Tamper Lite Intel FPGA IP I/O hōʻailona

inoa hōʻailona

Kuhikuhi

wehewehe

gpo_sdm_at_event gpi_fpga_at_event

Kuhi hoʻokomo

Hōʻailona SDM i ka loiloi lole FPGA i ʻike ʻia e kahi SDMamper hanana. Aia ma kahi o 5ms ka loiloi FPGA e hana i ka hoʻomaʻemaʻe makemake ʻia a pane i ka SDM ma o gpi_fpga_at_response_done a me gpi_fpga_at_zeroization_done. Hoʻomaka ka SDM me ka tamper nā hana pane i ka wā i ʻōlelo ʻia ai ʻo gpi_fpga_at_response_done a i ʻole ma hope o ka loaʻa ʻole ʻana o ka pane i ka manawa i hāʻawi ʻia.
Hoʻopau ʻo FPGA iā SDM i hoʻolālā ʻia e kāu anti-tampua ʻike ʻia ka circuitry detection circuit maamper hanana a me ka SDM tamppono e hoʻāla ʻia ka pane.

gpi_fpga_at_pane_done

Hookomo

Hoʻopau ʻo FPGA iā SDM ua hana ka loiloi FPGA i ka hoʻomaʻemaʻe makemake.

gpi_fpga_at_zeroization_d hoʻokahi

Hookomo

FPGA hōʻailona iā SDM ua hoʻopau ka loiloi FPGA i ka zeroization makemake o ka ʻikepili hoʻolālā. ʻO kēia hōʻailona sampalakaʻi ʻia ke ʻōlelo ʻia ʻo gpi_fpga_at_response_done.

5.4.3.1. Hoʻokuʻu ʻIke

Hoʻololi ka helu IP versioning scheme (XYZ) mai kekahi polokalamu polokalamu i kekahi. He hoʻololi i:
· Hōʻike ʻo X i kahi hoʻoponopono nui o ka IP. Inā hōʻano hou ʻoe i kāu polokalamu Intel Quartus Prime, pono ʻoe e hana hou i ka IP.
· Hōʻike ʻo Y i ka IP me nā hiʻohiʻona hou. E hana hou i kāu IP e hoʻokomo i kēia mau hiʻohiʻona hou.
· Hōʻike ʻo Z i ka IP me nā loli liʻiliʻi. E hana hou i kāu IP e hoʻokomo i kēia mau hoʻololi.

Papa 6.

Kūʻē-Tamper Lite Intel FPGA IP Hoʻokuʻu ʻIke

Manaʻo IP

'ikamu

Ka wehewehe 20.1.0

ʻO Intel Quartus Prime Version

21.2

Lā Hoʻokuʻu

2021.06.21

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 54

Hoʻouna Manaʻo

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
5.5. Ke hoʻohana nei i nā hiʻohiʻona palekana me ka ʻōnaehana mamao
ʻO Remote System Update (RSU) kahi hiʻohiʻona Intel Agilex 7 FPGAs e kōkua ana i ka hoʻonui ʻana i ka hoʻonohonoho. files ma kahi ala ikaika. Hoʻopili ʻia ʻo RSU me nā hiʻohiʻona palekana hoʻolālā e like me ka hōʻoia ʻana, ka hoʻopaʻa inoa ʻana o ka firmware, a me ka bitstream encryption no ka mea ʻaʻole hilinaʻi ʻo RSU i nā mea hoʻolālā o nā bitstreams hoʻonohonoho.
Ke kūkulu nei i nā kiʻi RSU me .sof Files
Inā ʻoe e mālama nei i nā kī pilikino ma kāu wahi fileʻōnaehana, hiki iā ʻoe ke hana i nā kiʻi RSU me nā hiʻohiʻona palekana hoʻolālā me ka hoʻohana ʻana i kahi kahe maʻalahi me .sof files ma ke ano hookomo. No ka hana ʻana i nā kiʻi RSU me ka .sof file, hiki iā ʻoe ke hahai i nā ʻōlelo aʻoaʻo ma ka ʻāpana Hoʻoulu ʻana i ke kiʻi hoʻoponopono ʻōnaehana mamao Files Hoʻohana i ka Polokalamu File Mea hana o ka Intel Agilex 7 Configuration User Guide. No kēlā me kēia .sof file i hoakakaia ma ka Input Files tab, kaomi i ka pihi Properties… a kuhikuhi i nā hoʻonohonoho kūpono a me nā kī no nā mea hana hoʻopaʻa inoa a me ka hoʻopili. ʻO ka papahana file ʻO ka mea hana generator e hōʻailona a hoʻopili i ka hale hana a me nā kiʻi noiʻi i ka wā e hana ana i ka papahana RSU files.
ʻO kahi ʻē aʻe, inā mālama ʻoe i nā kī pilikino i kahi HSM, pono ʻoe e hoʻohana i ka mea hana quartus_sign a no laila e hoʻohana i ka .rbf files. ʻO ke koena o kēia ʻāpana kikoʻī i nā hoʻololi o ke kahe e hana i nā kiʻi RSU me .rbf files ma ke ano hookomo. Pono ʻoe e hoʻopili a hōʻailona i ke ʻano .rbf files ma mua o ke koho ʻana iā lākou i mea hoʻokomo files no nā kiʻi RSU; akā, ʻo ka ʻike boot RSU file ʻaʻole pono e hoʻopili ʻia a kau inoa wale ʻia. Ka Papahana File ʻAʻole kākoʻo ʻo Generator i ka hoʻololi ʻana i nā waiwai o ke ʻano .rbf files.
ʻO ka exampHōʻike nā les i nā hoʻololi kūpono i nā kauoha ma ka ʻāpana Hoʻoulu ʻana i ke Kiʻi Hoʻohou Pūnaewele mamao Files Hoʻohana i ka Polokalamu File Mea hana o ka Intel Agilex 7 Configuration User Guide.
Hana ʻana i ke kiʻi RSU mua me .rbf Files: Hoʻololi Kauoha
Mai ka hana ʻana i ke kiʻi RSU mua me .rbf Files pauku, hoʻololi i nā kauoha ma ka ʻanuʻu 1. e hiki ai i nā hiʻohiʻona palekana hoʻolālā e like me ka makemake me ka hoʻohana ʻana i nā ʻōlelo kuhikuhi mai nā ʻāpana mua o kēia palapala.
No exampe, e kuhikuhi ʻoe i kahi firmware i kau inoa ʻia file inā ʻoe e hoʻohana ana i ka firmware cosigning, a laila e hoʻohana i ka mea hana hoʻopunipuni Quartus e hoʻopili i kēlā me kēia .rbf file, a hoʻohana hope i ka mea hana quartus_sign e kau inoa i kēlā me kēia file.
Ma ka ʻanuʻu 2, inā ua hiki iā ʻoe ke hoʻopaʻa inoa pū me ka firmware, pono ʻoe e hoʻohana i kahi koho hou i ka hana ʻana i ka boot .rbf mai ke kiʻi hale hana. file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
Ma hope o kou hana ʻana i ka ʻike boot .rbf file, hoʻohana i ka mea hana quartus_sign e kau inoa i ka .rbf file. ʻAʻole pono ʻoe e hoʻopili i ka ʻike boot .rbf file.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 55

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
Hana ʻana i kahi kiʻi noi: hoʻololi kauoha
No ka hana ʻana i kahi kiʻi noiʻi me nā hiʻohiʻona palekana hoʻolālā, hoʻololi ʻoe i ke kauoha ma ka Hana ʻana i kahi kiʻi noi no ka hoʻohana ʻana i kahi .rbf me nā hiʻohiʻona palekana hoʻolālā i hiki ke hoʻohana ʻia, me ka firmware i kau inoa pū ʻia inā makemake ʻia, ma kahi o ka noi kumu .sof file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Hana ʻana i kahi Kiʻi Hou Hana Hana: Hoʻololi Kauoha
Ma hope o kou hana ʻana i ka ʻike boot .rbf file, hoʻohana ʻoe i ka mea hana quartus_sign e kau inoa i ka .rbf file. ʻAʻole pono ʻoe e hoʻopili i ka ʻike boot .rbf file.
No ka hana ʻana i kahi kiʻi hoʻopou hou o ka hale hana RSU, hoʻololi ʻoe i ke kauoha mai ka hana ʻana i kahi kiʻi kiʻi kiʻi hale hana e hoʻohana i kahi .rbf file me nā hiʻohiʻona palekana hoʻolālā i hoʻohana ʻia a hoʻohui i ke koho e hōʻike i ka hoʻohana ʻana i ka firmware i kau inoa pū ʻia:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
ʻIke pili i ka Intel Agilex 7 Configuration User Guide
5.6. SDM Cryptographic Services
Hāʻawi ka SDM ma nā polokalamu Intel Agilex 7 i nā lawelawe cryptographic i hiki i ka FPGA fabric logic a i ʻole ka HPS ke noi aku ma o ke kikowaena pahu leka SDM. No ka ʻike hou aku e pili ana i nā kauoha pahu leta a me nā palapala ʻikepili no nā lawelawe cryptographic SDM a pau, e nānā i ka Appendix B ma ka Security Methodology for Intel FPGAs and Structured ASICs User Guide.
No ke kiʻi ʻana i ka pahu leta SDM i ka FPGA fabric logic no nā lawelawe cryptographic SDM, pono ʻoe e hoʻomaka koke i ka pahu leka uila Intel FPGA IP i kāu hoʻolālā.
Hoʻokomo ʻia ke code kuhikuhi no ke komo ʻana i ka pahu leta SDM mai ka HPS i ka code ATF a me Linux i hāʻawi ʻia e Intel.
ʻIke pili i ka pahu leta mea kūʻai Intel FPGA IP alakaʻi hoʻohana
5.6.1. Kālepa Kūʻai Kūʻai
Hāʻawi ʻo Intel i kahi hoʻokō kuhikuhi no ka polokalamu HPS e hoʻohana ana i ka hiʻohiʻona boot i ʻae ʻia e hōʻoia i ka polokalamu boot HPS mai ka s mua.tage boot loader a hiki i ka Linux kernel.
ʻIke pili i ka Intel Agilex 7 SoC Secure Boot Demo Design

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 56

Hoʻouna Manaʻo

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
5.6.2. Palekana ʻIkepili Mea lawelawe
Hoʻouna ʻoe i nā kauoha ma o ka pahu leta SDM e hana i ka hoʻopili ʻana a me ka decryption mea SDOS. Hiki iā ʻoe ke hoʻohana i ka hiʻohiʻona SDOS ma hope o ka hoʻolako ʻana i ke kī kumu SDOS.
ʻIke pili e pili ana i ka Secure Data Object Service Root Key Provisioning ma ka ʻaoʻao 30
5.6.3. SDM Cryptographic Primitive Services
Hoʻouna ʻoe i nā kauoha ma o ka pahu leta SDM e hoʻomaka i nā hana lawelawe lawelawe cryptographic primitive SDM. Pono kekahi mau lawelawe maʻamau cryptographic e hoʻololi i nā ʻikepili hou aʻe i ka SDM ma mua o ka hiki ke ʻae ʻia e ka pahu leta. I kēia mau hihia, hoʻololi ke kauoha o ke ʻano e hāʻawi i nā kuhikuhi i ka ʻikepili i ka hoʻomanaʻo. Eia hou, pono ʻoe e hoʻololi i ka instantiation o ka pahu leka uila Intel FPGA IP e hoʻohana i nā lawelawe SDM cryptographic primitive mai ka FPGA fabric logic. Pono ʻoe e hoʻonohonoho i ka hoʻohālikelike ʻo Enable Crypto Service i ka 1 a hoʻohui i ka interface AXI initiator hou i hōʻike ʻia i kahi hoʻomanaʻo i kāu hoʻolālā.
Kiʻi 21. E ʻae ana i ka SDM Cryptographic Services ma ka pahu leka uila Intel FPGA IP

5.7. Nā Koho Palekana Bitstream (FM/S10)
ʻO nā koho FPGA Bitstream Security kahi hōʻiliʻili o nā kulekele e kaupalena ana i ka hiʻohiʻona i kuhikuhi ʻia a i ʻole ke ʻano o ka hana i loko o kahi manawa i wehewehe ʻia.
Aia nā koho Bitstream Security i nā hae āu i hoʻonoho ai ma ka polokalamu Intel Quartus Prime Pro Edition. Hoʻopili ʻia kēia mau hae i nā bitstreams hoʻonohonoho.
Hiki iā ʻoe ke hoʻokō mau i nā koho palekana ma kahi hāmeʻa ma o ka hoʻohana ʻana i ka hoʻonohonoho palekana pili eFuse.
No ka hoʻohana ʻana i nā hoʻonohonoho palekana i ka bitstream hoʻonohonoho a i ʻole nā polokalamu eFuses, pono ʻoe e ʻae i ka hiʻohiʻona hōʻoia.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 57

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
5.7.1. Ke koho ʻana a me ka ʻae ʻana i nā koho palekana
No ke koho ʻana a hiki i nā koho palekana, e hana penei: Mai ka papa kuhikuhi Assignments, koho i nā mea hana a me nā koho Pin Security More Options… Kiʻi 22. Ke koho ʻana a me ka ʻae ʻana i nā koho palekana.

A laila koho i nā waiwai mai nā papa inoa hāʻule iho no nā koho palekana āu e makemake ai e hiki ai e like me ka mea i hōʻike ʻia ma ka ex aʻe.ample:
Kiʻi 23. Ke koho ʻana i nā waiwai no nā koho palekana

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 58

Hoʻouna Manaʻo

5. Nā hiʻohiʻona kiʻekiʻe 683823 | 2023.05.23
Eia nā hoʻololi kūpono i ka Quartus Prime Settings .qsf file:
set_global_assignment -inoa SECU_OPTION_DISABLE_JTAG “ON CHECK” set_global_assignment -name SECU_OPTION_FORCE_ENCRYPTION_KEY_UPDATE “ON STICKY” set_global_assignment -name SECU_OPTION_FORCE_SDM_CLOCK_TO_INT_OSC ON set_global_assignment -name SECU_OPTION_DISABLE_VIRTUAL_EFUSES ON set_global_assignment -name SECU_OPTION_LOCK_SECURITY_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_HPS_DEBUG ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -inoa SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM ON set_global_assignment -inoa SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 59

683823 | 2023.05.23 Hoʻouna Manaʻo

Hoʻoponopono pilikia

Hōʻike kēia mokuna i nā hewa maʻamau a me nā leka ʻōlelo aʻoaʻo āu e hālāwai ai i ka wā e hoʻohana ai i nā hiʻohiʻona palekana a me nā ana e hoʻoponopono ai.
6.1. Ke hoʻohana nei i nā kauoha Quartus i kahi hewa o ka Windows Environment
Hapa quartus_pgm: ʻaʻole i loaʻa ke kauoha Hōʻike ʻia kēia hewa i ka wā e hoʻāʻo ai e hoʻohana i nā kauoha Quartus i loko o kahi NIOS II Shell ma kahi kaiapuni Windows ma o ka hoʻohana ʻana iā WSL. Hoʻoholo Hoʻohana kēia kauoha i ka Linux environment; No nā pūʻali Windows, e hoʻohana i kēia kauoha: quartus_pgm.exe -h Pēlā nō, e hoʻopili i ka syntax like i nā kauoha Quartus Prime ʻē aʻe e like me quartus_pfg, quartus_sign, quartus_encrypt i waena o nā kauoha ʻē aʻe.

ISO 9001:2015 Kakau

6. Hoʻoponopono 683823 | 2023.05.23

6.2. Hana ʻana i kahi ʻōlelo hoʻolaha kī pilikino

'Ōlelo Aʻo:

ʻO ka ʻōlelo huna i ʻōlelo ʻia ʻaʻole palekana. Manaʻo ʻo Intel e hoʻohana ʻia ma kahi o 13 mau huaʻōlelo. Pono ʻoe e hoʻololi i ka ʻōlelo huna ma ka hoʻohana ʻana i ka OpenSSL executable.

openssl ec -in -waho -aes256

wehewehe
Pili kēia ʻōlelo aʻo i ka ikaika o ka ʻōlelo huna a me nā hōʻike i ka wā e hoʻāʻo ai e hana i kahi kī pilikino ma o ka hoʻopuka ʻana i kēia mau kauoha:

quartus_sign –family=agilex –operation=make_private_pem –curve=secp3841 root.pem

Hoʻoholo E hoʻohana i ka openssl executable e kuhikuhi i kahi ʻōlelo huna lōʻihi a no laila ʻoi aku ka ikaika.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 61

6. Hoʻoponopono 683823 | 2023.05.23
6.3. Hoʻohui i kahi kī hoʻopaʻa inoa i ka hewa Quartus Project
Kuʻia…File Loaʻa ka ʻike kumu kumu…
wehewehe
Ma hope o ka hoʻohui ʻana i kahi kī pūlima .qky file i ka papahana Quartus, pono ʻoe e hōʻuluʻulu hou i ka .sof file. Ke hoʻohui ʻoe i kēia .sof file i ka mea i koho ʻia ma o ka hoʻohana ʻana iā Quartus Programmer, e hōʻike ana ka memo hewa ma lalo nei file loaʻa nā ʻike kumu kumu:
ʻAʻole hiki ke hoʻohuifile-path-name> i Programmer. ʻO ka file Loaʻa ka ʻike kumu kumu (.qky). Eia naʻe, ʻaʻole kākoʻo ʻo Programmer i ka hiʻohiʻona inoa bitstream. Hiki iā ʻoe ke hoʻohana i ka Programming File Generator e hoohuli i ka file i ka Raw Binary i kakau inoa ia file (.rbf) no ka hoʻonohonoho.
Olelo Hooholo
E hoʻohana i ka Quartus Programming file generator e hoohuli i ka file i loko o kahi Binary Raw i pūlima ʻia File .rbf no ka hoʻonohonoho.
ʻIke pili e pili ana i ka hoʻonohonoho ʻana i ka Bitstream me ka hoʻohana ʻana i ke kauoha quartus_sign ma ka ʻaoʻao 13

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 62

Hoʻouna Manaʻo

6. Hoʻoponopono 683823 | 2023.05.23
6.4. Hoʻokumu i ka Quartus Prime Programming File ʻAʻole i holomua
Kuhihewa
Hapa (20353): X o ke kī lehulehu mai QKY ʻaʻole i kūlike me ke kī pilikino mai PEM file.
Hapa (20352): ʻAʻole i kau inoa i ka bitstream ma o ka python script agilex_sign.py.
Hapa: Quartus Prime Programming File ʻAʻole i kūleʻa ka mīkini hana.
Wehewehe inā hoʻāʻo ʻoe e kau inoa i kahi bitstream hoʻonohonoho me ka hoʻohana ʻana i kahi kī pilikino hewa ʻole .pem file a i ʻole he .pem file ʻAʻole i kūlike i ka .qky i hoʻohui ʻia i ka papahana, hōʻike ʻia nā hewa maʻamau ma luna. Hoʻoholo E hōʻoia e hoʻohana ʻoe i ke kī pilikino pololei .pem e kau inoa i ka bitstream.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 63

6. Hoʻoponopono 683823 | 2023.05.23
6.5. Nā Kupa Hoʻopaʻapaʻa ʻike ʻole
Kuhihewa
Hapa (23028): Hoʻopaʻapaʻa ʻike ʻole "ûc". E nānā i -help no nā hoʻopaʻapaʻa kānāwai.
Hapa (213008): ʻAʻole kānāwai ke kaula koho papahana "ûp". E nānā i -help no nā ʻano koho hoʻolālā kānāwai.
Wehewehe inā kope ʻoe a hoʻopili i nā koho laina kauoha mai kahi .pdf file ma ka Windows NIOS II Shell, hiki iā ʻoe ke hālāwai me nā hewa hoʻopaʻapaʻa ʻike ʻole e like me ka mea i hōʻike ʻia ma luna. Hoʻoholo Ma ia mau hihia, hiki iā ʻoe ke hoʻokomo lima i nā kauoha ma mua o ka hoʻopili ʻana mai ka clipboard.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 64

Hoʻouna Manaʻo

6. Hoʻoponopono 683823 | 2023.05.23
6.6. Ua hoʻopau ʻia ke koho hoʻopunipuni Bitstream
Kuhihewa
ʻAʻole hiki ke hoʻopau i ka hoʻopunipuni no ka file hoʻolālā .sof no ka mea ua hoʻohui ʻia me ka koho hoʻopunipuni bitstream i pio.
Hōʻike Inā hoʻāʻo ʻoe e hoʻopili i ka bitstream ma o GUI a i ʻole laina kauoha ma hope o kou hōʻuluʻulu ʻana i ka papahana me ka koho hoʻopunipuni bitstream i pio, hōʻole ʻo Quartus i ke kauoha e like me ka mea i hōʻike ʻia ma luna.
Hoʻoholo E hōʻoia ʻoe e hōʻuluʻulu i ka papahana me ka koho hoʻopuna bitstream i hiki ma o GUI a i ʻole laina kauoha. No ka hiki i kēia koho ma GUI, pono ʻoe e nānā i ka pahu pahu no kēia koho.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 65

6. Hoʻoponopono 683823 | 2023.05.23
6.7. E wehewehe ana i ke ala pololei i ke kī
Kuhihewa
Hapa (19516): ʻIke ʻia ka papahana File Ua hewa ka hoʻonohonoho mea hana: ʻAʻole hiki ke loaʻa 'key_file'. E hōʻoia i ka file aia ma kahi i manaʻo ʻia ai ʻole e hoʻohou i ka setting.sec
Hapa (19516): ʻIke ʻia ka papahana File Ua hewa ka hoʻonohonoho mea hana: ʻAʻole hiki ke loaʻa 'key_file'. E hōʻoia i ka file aia ma kahi i manaʻo ʻia ai ʻole e hōʻano hou i ka hoʻonohonoho.
wehewehe
Inā ʻoe e hoʻohana nei i nā kī i mālama ʻia ma ka file ʻōnaehana, pono ʻoe e hōʻoia e kuhikuhi lākou i ke ala kūpono no nā kī i hoʻohana ʻia no ka hoʻopili bitstream a me ke kau inoa ʻana. Inā ʻo ka Polokalamu File ʻAʻole hiki i ka mea hana ke ʻike i ke ala pololei, hōʻike ʻia nā memo hewa ma luna.
Olelo Hooholo
E nānā i ka Quartus Prime Settings .qsf file e imi i na ala pololei no na ki. E hoʻohana i nā ala pili ma kahi o nā ala paʻa.

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 66

Hoʻouna Manaʻo

6. Hoʻoponopono 683823 | 2023.05.23
6.8. Ke hoʻohana nei i ka mea i kākoʻo ʻole ʻia File ʻAno
Kuhihewa
quartus_pfg -c design.sof output_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o signing=ON -o pem_file= sign_private.pem
Hapa (19511): Huakaʻi ʻole ʻia file ʻano (ebf). E hoʻohana i ke koho "-l" a i ʻole "–list" e hōʻike i ke kākoʻo file ʻano ʻike.
Wehewehe ʻOiai e hoʻohana ana i ka Quartus Programming File Generator e hoʻopuka i ka bitstream hoʻonohonoho i hoʻopili ʻia a hoʻopaʻa inoa ʻia, ʻike paha ʻoe i ka hewa ma luna inā he puka i kākoʻo ʻole ʻia file ʻōlelo ʻia ke ʻano. Hoʻoholo E hoʻohana i ke koho -l a i ʻole –list e ʻike i ka papa inoa o nā mea i kākoʻo ʻia file ʻano ʻano.

Hoʻouna Manaʻo

ʻO Intel Agilex® 7 Ke alakaʻi mea hoʻohana palekana 67

683823 | 2023.05.23 Hoʻouna Manaʻo
7. Intel Agilex 7 Mea Hoʻohana Palekana Mea hoʻohana waihona waihona
No nā mana hou a me nā mana o kēia alakaʻi hoʻohana, e nānā iā Intel Agilex 7 Device Security User Guide. Inā ʻaʻole i helu ʻia kahi IP a i ʻole polokalamu polokalamu, pili ke alakaʻi mea hoʻohana no ka IP mua a i ʻole ka mana polokalamu.

ISO 9001:2015 Kakau

683823 | 2023.05.23 Hoʻouna Manaʻo

8. Moʻolelo Hoʻoponopono no ka Intel Agilex 7 Device Security User Guide

Palapala Kahua 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09

Palapala / Punawai

ʻO Intel Agilex 7 Pūnaewele Palekana [pdf] Palapala Hoʻohana
ʻO Agilex 7 Pūnaewele Palekana, Agilex 7, Palekana Pūnaewele, Palekana

Nā kuhikuhi

Palapala Hoʻohana

ʻO Intel Agilex 7 Pūnaewele Palekana

ʻIke Huahana

Nā ʻōlelo hoʻohana huahana

Nīnau pinepine

Ua pau ka palekana o ka lakohanaview

ʻO ka hōʻoia a me ka mana

AES Bitstream Encryption

Hoʻolako Mea Hana

Nā hiʻohiʻona kiʻekiʻe

Hoʻoponopono pilikia

Palapala / Punawai

Nā kuhikuhi

Waiho i kahi manaʻo

Hoʻopau i ka pane