Akwụkwọ ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7

Intel na-agba mbọ na nchekwa ngwaahịa ma na-atụ aro ka ndị ọrụ mara onwe ha na akụrụngwa nchekwa ngwaahịa enyere. Ekwesịrị iji akụrụngwa ndị a mee ihe n'oge ndụ ngwaahịa Intel.

2. Atụmatụ nchekwa atụmatụ

A na-eme atụmatụ atụmatụ nchekwa ndị a maka mwepụta ngwanrọ Intel Quartus Prime Pro Edition n'ọdịnihu:

Ntụgharị nchegharị nke akụkụ Bitstream Nchekwa: Na-enye mmesi obi ike na akụkụ nke nhazigharị akụkụ (PR) bitstreams enweghị ike ịnweta ma ọ bụ gbochie PR persona bitstreams ndị ọzọ.

Ngwa igbu onwe maka mgbochi anụ ahụamper: Na-arụ ọrụ na-ehichapụ ma ọ bụ nzaghachi zeroization ngwaọrụ yana mmemme eFuses iji gbochie ngwaọrụ ahụ ịhazi ọzọ.

3. Akwụkwọ nchekwa dị

Tebụlụ na-esote depụtara akwụkwọ dị maka njirimara nchekwa ngwaọrụ na ngwaọrụ Intel FPGA na ASIC Structured:

Aha akwụkwọ	Ebumnuche
Usoro nchekwa maka Intel FPGA na onye ọrụ ASIC Haziri Nduzi	Akwụkwọ dị elu nke na-enye nkọwa zuru ezu nke atụmatụ nchekwa na teknụzụ na Intel Programmable Solutions Ngwaahịa. Na-enyere ndị ọrụ aka ịhọrọ atụmatụ nchekwa dị mkpa maka mezuo ebumnuche nchekwa ha.
Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Stratix 10	Ntuziaka maka ndị ọrụ nke Intel Stratix 10 ngwaọrụ iji mejuputa Achọpụtara atụmatụ nchekwa site na iji Usoro Nchekwa Ntuziaka onye ọrụ.
Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7	Ntuziaka maka ndị ọrụ nke Intel Agilex 7 ngwaọrụ iji mejuputa Achọpụtara atụmatụ nchekwa site na iji Usoro Nchekwa Ntuziaka onye ọrụ.
Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel eASIC N5X	Ntuziaka maka ndị ọrụ nke Intel eASIC N5X ngwaọrụ iji mejuputa Achọpụtara atụmatụ nchekwa site na iji Usoro Nchekwa Ntuziaka onye ọrụ.
Intel Agilex 7 na Intel eASIC N5X HPS Cryptographic Services Ntuziaka onye ọrụ	Ozi maka ndị injinia ngwanrọ HPS na mmejuputa ya na iji ọba akwụkwọ software HPS nweta ọrụ cryptographic nke SDM nyere.
Ntuziaka mmalite ọsọ ọsọ AN-968 ojii	Usoro usoro zuru ezu iji guzobe ihe ntinye igodo ojii ọrụ.

Ajụjụ a na-ajụkarị

Ajụjụ: Gịnị bụ ebumnuche ntuziaka onye ọrụ Usoro Nche?

A: Ntuziaka onye ọrụ Usoro Nchebe na-enye nkọwa zuru ezu nke njirimara nchekwa na teknụzụ na Ngwaahịa Ngwọta Mmemme Intel. Ọ na-enyere ndị ọrụ aka ịhọrọ atụmatụ nchekwa dị mkpa iji mezuo ebumnuche nchekwa ha.

Ajụjụ: Ebee ka m nwere ike ịhụ ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7?

A: Enwere ike ịchọta ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7 na Intel Resource and Design Center websaịtị.

Ajụjụ: Gịnị bụ ọrụ inye ihe igodo ojii?

A: Ọrụ ịnye igodo ojii bụ ọrụ na-enye usoro usoro zuru oke iji guzobe isi ihe maka ịrụ ọrụ echekwara.

View Fullscreen

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7
Emelitere maka Intel® Quartus® Prime Design Suite: 23.1

Ụdị ntanetị Zipụ nzaghachi

UG-20335

683823 2023.05.23

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 2

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 3

683823 | 2023.05.23 zipu nzaghachi
1. Intel Agilex® 7

Nchekwa ngwaọrụ gafereview

Intel® ji ngwaike nchekwa raara onwe ya nye nke nwere ike ịhazi nke ukwuu na ngwa ngwa nke Intel Agilex® 7.
Akwụkwọ a nwere ntuziaka iji nyere gị aka iji Intel Quartus® Prime Pro Edition software mejuputa atụmatụ nchekwa na ngwaọrụ Intel Agilex 7 gị.
Na mgbakwunye, Usoro nchekwa maka Intel FPGAs yana ntuziaka onye ọrụ ASIC arụpụtara dị na ebe nchekwa ihe & imepụta Intel. Akwụkwọ a nwere nkọwa zuru ezu nke njirimara nchekwa na teknụzụ dị site na ngwaahịa Intel Programmable Solutions iji nyere gị aka ịhọrọ njirimara nchekwa dị mkpa iji mezuo ebumnuche nchekwa gị. Kpọtụrụ Nkwado Intel na nọmba ntụaka 14014613136 iji nweta usoro nchekwa maka Intel FPGA na ntuziaka onye ọrụ ASIC Haziri.
A haziri akwụkwọ ahụ dị ka ndị a: · Nyocha na ikike: Na-enye ntụziaka ka ịmepụta
igodo nyocha na ụdọ mbinye aka, tinye ikike na mwepu, ihe akara, yana njirimara njirimara mmemme na ngwaọrụ Intel Agilex 7. · AES Bitstream Encryption: Na-enye ntụziaka ka ịmepụta isi mgbọrọgwụ AES, encrypt nhazi bitstreams, na inye igodo mgbọrọgwụ AES na ngwaọrụ Intel Agilex 7. · Nkwado ngwaọrụ: Na-enye ntụziaka iji Intel Quartus Prime Programmer na Secure Device Manager (SDM) na-enye ngwa ngwa maka atụmatụ nchekwa mmemme na ngwaọrụ Intel Agilex 7. Akụkụ dị elu: Na-enye ntụziaka iji mee ka atụmatụ nchekwa dị elu nwee ike, gụnyere ikike nbibi echekwabara, nbibi Sistemụ Nrụpụta siri ike (HPS), na nwelite sistemụ dịpụrụ adịpụ.
1.1. Nkwenye maka nchekwa ngwaahịa
Ntinye aka Intel na-adịte aka maka nchekwa adịbeghị ike. Intel na-akwadosi ike ka ị mara akụrụngwa nchekwa ngwaahịa anyị ma mee atụmatụ iji ha na ndụ niile nke ngwaahịa Intel gị.
Ozi metụtara · Nchekwa ngwaahịa na Intel · Ndụmọdụ ebe nchekwa ngwaahịa Intel

Ụlọ ọrụ Intel. Ikike niile echekwabara. Intel, akara Intel, na akara Intel ndị ọzọ bụ ụghalaahịa nke Intel Corporation ma ọ bụ ndị enyemaka ya. Intel nyere ikike ịrụ ọrụ nke FPGA na ngwaahịa semiconductor na nkọwapụta ugbu a dịka akwụkwọ ikike ọkọlọtọ Intel siri dị, mana nwere ikike ịme mgbanwe na ngwaahịa na ọrụ ọ bụla n'oge ọ bụla na-enweghị ọkwa. Intel anaghị ewere ọrụ ọ bụla ma ọ bụ ụgwọ sitere na ngwa ma ọ bụ iji ozi ọ bụla, ngwaahịa ma ọ bụ ọrụ akọwara n'ime ebe a belụsọ dị ka Intel kwetara na ederede. A dụrụ ndị ahịa Intel ọdụ ka ha nweta ụdị nkọwa ngwaọrụ kachasị ọhụrụ tupu ha adabere na ozi ọ bụla ebipụtara yana tupu ịnye iwu maka ngwaahịa ma ọ bụ ọrụ. * Enwere ike ịzọrọ aha na akara ndị ọzọ dị ka ihe onwunwe nke ndị ọzọ.

ISO 9001: 2015 edebanye aha

1. Intel Agilex® 7 Nchekwa ngwaọrụ karịrịview 683823 | 2023.05.23

1.2. Atụmatụ nchekwa atụmatụ

A na-eme atụmatụ atụmatụ ndị a kpọtụrụ aha na ngalaba a maka mwepụta ngwanrọ Intel Quartus Prime Pro Edition n'ọdịnihu.

Mara:

Ozi dị na ngalaba a bụ nke mbido.

1.2.1. Nkwenye nchegharị Bitstream akụkụ akụkụ
Ntụle nchegharị akụkụ akụkụ (PR) bitstream nchekwa na-enyere aka inye mmesi obi ike na PR persona bitstreams enweghị ike ịnweta ma ọ bụ gbochie PR persona bitstreams ndị ọzọ.

1.2.2. Ngwa igbu onwe maka mgbochi anụ ahụamper
Igbu onwe ngwaọrụ na-arụ ọrụ na-ehichapụ ngwaọrụ ma ọ bụ nzaghachi zeroization ngwaọrụ yana mmemme eFuses iji gbochie ngwaọrụ ahụ ịhazi ọzọ.

1.3. Akwụkwọ nchekwa dị

Tebụlụ na-esonụ na-akọwapụta akwụkwọ dị maka njirimara nchekwa ngwaọrụ na Intel FPGA na ngwaọrụ ASIC Structured:

Tebụl 1.

Akwụkwọ Nche ngwaọrụ dị

Aha akwụkwọ
Usoro nchekwa maka Intel FPGA na ntuziaka onye ọrụ ASIC Haziri

Ebumnuche
Akwụkwọ ọkwa dị elu nke nwere nkọwa zuru ezu nke njirimara nchekwa yana teknụzụ dị na Ngwaahịa Ngwọta Mmemme Intel. Ezubere inyere gị aka ịhọrọ atụmatụ nchekwa dị mkpa iji mezuo ebumnuche nchekwa gị.

Nọmba ederede 721596

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Stratix 10
Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7

Maka ndị ọrụ nke ngwaọrụ Intel Stratix 10, ntuziaka a nwere ntuziaka ka iji Intel Quartus Prime Pro Edition sọftụwia iji mejuputa njirimara nchekwa achọpụtara site na iji ntuziaka onye ọrụ Usoro nchekwa.
Maka ndị ọrụ nke ngwaọrụ Intel Agilex 7, ntuziaka a nwere ntuziaka ka iji Intel Quartus Prime Pro Edition sọftụwia iji mejuputa njirimara nchekwa achọpụtara site na iji ntuziaka onye ọrụ Usoro nchekwa.

683642 683823

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel eASIC N5X

Maka ndị ọrụ nke ngwaọrụ Intel eASIC N5X, ntuziaka a nwere ntuziaka ka iji Intel Quartus Prime Pro Edition sọftụwia iji mejuputa njirimara nchekwa achọpụtara site na iji ntuziaka onye ọrụ usoro nchekwa.

626836

Intel Agilex 7 na Intel eASIC N5X HPS Ntuziaka onye ọrụ Cryptographic

Ntuziaka a nwere ozi iji nyere ndị injinia sọftụwia HPS aka na mmejuputa na iji ụlọ ọba akwụkwọ ngwanrọ HPS nweta ọrụ cryptographic nke SDM nyere.

713026

Ntuziaka mmalite ọsọ ọsọ AN-968 ojii

Ntuziaka a nwere usoro nhazi zuru oke iji guzobe ọrụ ịnye igodo ojii.

739071

Ebe Intel Resource na
Ebe imewe
Intel.com
Intel.com
Intel Resource and Design Center
Intel Resource and Design Center
Intel Resource and Design Center

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 5

683823 | 2023.05.23 zipu nzaghachi

Nyocha na ikike

Iji mee ka njirimara njirimara nke ngwaọrụ Intel Agilex 7 rụọ ọrụ, ị na-amalite site na iji Intel Quartus Prime Pro Edition software na ngwaọrụ ndị metụtara iji wuo agbụ mbinye aka. Agbụ mbinye aka nwere igodo mgbọrọgwụ, otu igodo mbinye aka ma ọ bụ karịa, yana ikike ọdabara. Ị na-etinye agbụ mbinye aka na ọrụ Intel Quartus Prime Pro Edition gị yana mmemme achịkọtara files. Jiri ntuziaka dị na Nkwado ngwaọrụ iji hazie igodo mgbọrọgwụ gị n'ime ngwaọrụ Intel Agilex 7.
Ozi metụtara
Enyemaka ngwaọrụ na ibe 25

2.1. Ịmepụta Chain mbinye aka
Ị nwere ike iji ngwa quartus_sign ma ọ bụ mmejuputa ntụaka agilex_sign.py iji rụọ ọrụ nrụnye mbinye aka. Akwụkwọ a na-enye examples iji quartus_sign.
Iji jiri mmejuputa ntụaka ahụ, dochie oku na onye ntụgharị okwu Python gụnyere ya na sọftụwia Intel Quartus Prime wee hapụ nhọrọ –family=agilex; nhọrọ ndị ọzọ niile bụ otu. Maka examplee, iwu quartus_sign achọtara emechaa na ngalaba a
quartus_sign –family=agilex –operation=make_root root_public.pem root.qky nwere ike gbanwee ka ọ bụrụ oku kwekọrọ na mmejuputa ntụaka dị ka ndị a
pgm_py agilex_sign.py –operation=eme_root root_public.pem mgbọrọgwụ.qky

Akụrụngwa Intel Quartus Prime Pro gụnyere quartus_sign, pgm_py, na agilex_sign.py ngwaọrụ. Ị nwere ike iji ngwa Nios® II iwu shei, nke na-edobe mgbanwe gburugburu ebe kwesịrị ekwesị na-akpaghị aka iji nweta ngwaọrụ ahụ.

Soro ntuziaka ndị a ka iweta shei iwu Nios II. 1. Weta shei iwu Nios II.

Windows nhọrọ
Linux

Nkọwa
Na menu mmalite, rụtụ aka na Mmemme Intel FPGA Nios II EDS wee pịa Nios II Iwu Shell.
N'ime shei iwu gbanwee gaa na /nios2eds wee mee iwu a:
./nios2_command_shell.sh

The examples na ngalaba a were mbinye aka yinye na nhazi bitstream files dị na ndekọ ọrụ ugbu a. Ọ bụrụ na ị họrọ iso example ebe igodo files na-edobe na file usoro, ndị examples were igodo files bụ

ISO 9001: 2015 edebanye aha

2. Nyocha na ikike 683823 | 2023.05.23
dị na ndekọ ọrụ ugbu a. Ị nwere ike ịhọrọ akwụkwọ ndekọ aha ị ga-eji, yana ngwaọrụ na-akwado ikwu file ụzọ. Ọ bụrụ na ị họrọ idobe igodo files na file Sistemu, ị ga-akpachapụ anya jikwaa ikike ịnweta ndị ahụ files.
Intel na-atụ aro ka ejiri Module Nchebe Hardware dị na azụmaahịa (HSM) chekwaa igodo nzuzo ma rụọ ọrụ nzuzo. Ngwa quartus_sign na mmejuputa ntụaka gụnyere Ọha igodo Cryptography Standard #11 (PKCS #11) Ngwa Programming Interface (API) iji soro HSM na-emekọrịta ihe mgbe ị na-arụ ọrụ nrụnye mbinye aka. Mmejuputa nrụtụ aka agilex_sign.py gụnyere ngwa ngwa interface yana example interface ka SoftHSM.
Ị nwere ike iji ndị a example interfaces iji mejuputa interface na HSM gị. Rụtụ aka na akwụkwọ sitere n'aka onye na-ere HSM gị maka ozi ndị ọzọ gbasara mmejuputa interface na ijikwa HSM gị.
SoftHSM bụ ngwa ngwa mmejuputa ngwa ngwa nke ngwaọrụ cryptographic ọnyà nwere interface PKCS #11 nke mmemme OpenDNSSEC® mere. Ị nwere ike ịchọta ozi ndị ọzọ, gụnyere ntụziaka maka otu esi ebudata, wuo na wụnye OpenHSM, na ọrụ OpenDNSSEC. The examples na ngalaba a jiri ụdị SoftHSM 2.6.1. The examples na ngalaba a na-ejikwa pkcs11-tool utility si OpenSC rụọ ọrụ PKCS #11 na akara SoftHSM. Ị nwere ike ịchọta ozi ndị ọzọ, gụnyere ntuziaka maka otu esi ebudata, wuo na wụnye pkcs11tool site na OpenSC.
Ozi metụtara
· The OpenDNSSEC oru ngo amụma dabeere mpaghara signer maka automating usoro nke DNSSEC igodo nsochi.
SoftHSM ozi gbasara mmejuputa ụlọ ahịa cryptographic nke a na-enweta site na interface PKCS #11.
OpenSC na-enye ọba akwụkwọ na akụrụngwa nwere ike iji kaadị smart rụọ ọrụ.
2.1.1. Ịmepụta ọnụọgụ igodo nyocha na mpaghara File Sistemu
Ị na-eji ngwa quartus_sign iji mepụta ụzọ abụọ igodo nyocha na mpaghara file Sistemu na-eji make_private_pem na make_public_pem ngwá ọrụ arụmọrụ. Ị buru ụzọ wepụta igodo nzuzo site na iji ọrụ make_private_pem. Ị ezipụta usoro elliptik ka ị ga-eji, igodo nzuzo fileaha, na nhọrọ ma ọ ga-eji passphrase chebe igodo nzuzo. Intel na-atụ aro ka iji usoro secp384r1 na ịgbaso usoro kachasị mma nke ụlọ ọrụ iji mepụta passphrase siri ike na igodo nzuzo niile. files. Intel na-atụ aro ka amachibido ya file ikike sistemụ na igodo nzuzo .pem files ka onye nwe ya gụọ ya. Ị na-enweta igodo ọha site na igodo nzuzo site na iji make_public_pem arụ ọrụ. Ọ na-enye aka ịkpọ igodo .pem files nkọwa. Akwụkwọ a na-eji mgbakọ ahụ _ .pem na ndị a examples.
1. N'ime shei iwu Nios II, mee iwu a ka ịmepụta igodo nzuzo. A na-eji igodo nzuzo, nke egosiri n'okpuru, dị ka igodo mgbọrọgwụ n'ikpeazụ examples na ike a mbinye aka yinye. Ngwa Intel Agilex 7 na-akwado ọtụtụ igodo mgbọrọgwụ, yabụ gị

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 7

2. Nyocha na ikike 683823 | 2023.05.23

megharịa usoro a ka ịmepụta nọmba igodo mgbọrọgwụ gị chọrọ. ỌpụampN'ime akwụkwọ a, ha niile na-ezo aka na igodo mgbọrọgwụ nke mbụ, n'agbanyeghị na ị nwere ike ịmepụta ụdọ mbinye aka n'ụdị yiri ya na igodo mgbọrọgwụ ọ bụla.

Nhọrọ Na passphrase

Nkọwa
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem Tinye akpaokwu mgbe kpaliri ime ya.

Enweghị paswọọdụ

quartus_sign –family=agilex –operation=eme_private_pem –curve=sec384r1 –no_passphrase mgbọrọgwụ0_private.pem

2. Gbaa iwu a ka ịmepụta igodo ọha site na iji igodo nzuzo emepụtara na nzọụkwụ gara aga. Ịkwesighi ichekwa nzuzo nke igodo ọha.
quartus_sign –family=agilex –operation=eme_public_pem root0_private.pem mgbọrọgwụ0_public.pem
3. Gbaa iwu ọzọ ka ịmepụta otu ụzọ igodo eji dị ka igodo ntinye aka imewe na yinye mbinye aka.
quartus_sign –family=agilex –operation=eme_private_pem –curve=sec384r1 design0_sign_private.pem

quartus_sign –family=agilex –operation=eme_public_pem design0_sign_private.pem design0_sign_public.pem

2.1.2. Ịmepụta ọnụọgụ igodo nyocha na SoftHSM
SoftHSM examples n'isiakwụkwọ a na-ekwekọ n'onwe ya. Ụfọdụ paramita dabere na nrụnye SoftHSM gị yana mmalite akara n'ime SoftHSM.
Ngwa quartus_sign dabere na ọbaakwụkwọ PKCS #11 API sitere na HSM gị.
The examples na ngalaba a chere na etinyere ọba akwụkwọ SoftHSM n'otu n'ime ebe ndị a: · /usr/local/lib/softhsm2.so na Linux · C:SoftHSM2libsofthsm2.dll na ụdị 32-bit nke Windows · C:SoftHSM2libsofthsm2-x64 dll na ụdị 64-bit nke Windows.
Bido akara n'ime SoftHSM site na iji ngwa softhsm2-util:
softhsm2-util –init-token –label agilex-token –pin agilex-token-pin –so-pin agilex-so-pin –free
Nhọrọ nhọrọ, ọkachasị akara akara na pin token bụ exampeji mee ihe n'isiakwụkwọ a dum. Intel na-atụ aro ka ị soro ntuziaka sitere n'aka onye na-ere HSM gị ka ịmepụta na jikwaa akara na igodo.
Ị na-emepụta ụzọ abụọ igodo nyocha site na iji ngwa ngwa pkcs11 iji soro akara ngosi na SoftHSM na-emekọrịta ihe. Kama ịkọwa n'ụzọ doro anya na igodo nzuzo na nke ọha .pem files n'ime file usoro exampOtú ọ dị, ị na-ezo aka na ụzọ ụzọ igodo site na labelụ ya na ngwá ọrụ na-ahọrọ igodo kwesịrị ekwesị na-akpaghị aka.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 8

Zipu nzaghachi

2. Nyocha na ikike 683823 | 2023.05.23

Gbaa iwu ndị a ka ịmepụta otu ụzọ igodo ejiri dị ka isi mgbọrọgwụ na examples yana otu ụzọ igodo ejiri dị ka igodo mbinye aka imewe na yinye mbinye aka:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-ụdị EC :secp384r1 – ojiji-akara –label mgbọrọgwụ0 –id 0
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen –mechanism ECDSA-KEY-PAIR-GEN –key-ụdị EC : sec384r1 – ojiji-akara –label design0_sign –id 1

Mara:

Nhọrọ NJ dị na nzọụkwụ a ga-abụrịrị ihe pụrụ iche na igodo ọ bụla, mana naanị HSM na-eji ya. Nhọrọ NJ a enweghị njikọ na NJ mkpochapụ igodo ekenyere na yinye mbinye aka.

2.1.3. Ịmepụta mgbanye mgbọrọgwụ yinye mbinye aka
Tụgharịa igodo ọha ka ọ bụrụ ntinye mgbọrọgwụ yinye mbinye aka, echekwara na mpaghara file Sistemu na usoro Intel Quartus Prime igodo (.qky). file, na make_root arụ ọrụ. Tinyegharịa usoro a maka igodo mgbọrọgwụ ọ bụla ị na-emepụta.
Gbaa iwu a ka ịmepụta yinye mbinye aka na ntinye mgbọrọgwụ, na-eji igodo ọha na eze sitere na file Sistemu:
quartus_sign –family=agilex –operation=eme_root –key_type= mgbọrọgwụ onye nwe0_public.pem mgbọrọgwụ0.qky
Gbaa iwu na-esonụ ka ịmepụta agbụ mbinye aka na ntinye mgbọrọgwụ, na-eji igodo mgbọrọgwụ sitere na SoftHSM token guzobere na ngalaba mbụ:
quartus_sign –family=agilex –operation=eme_root –key_type=onye nwe –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libh2 ” mgbọrọgwụ0 mgbọrọgwụ0.qky

2.1.4. Ịmepụta ntinye ọhaneze yinye mbinye aka
Mepụta ntinye igodo ọha ọhụrụ maka yinye mbinye aka nwere ọrụ append_key. Ị na-akọwapụta yinye mbinye aka mbụ, igodo nzuzo maka ntinye ikpeazụ na yinye mbinye aka mbụ, igodo ọha na-esote ọkwa, ikike na NJ kagbuo nke ị na-ekenye na igodo ọha na-esote na nke ọhụrụ mbinye aka. file.
Rịba ama na ọbá akwụkwọ softHSM adịghị na ntinye Quartus kama ọ dị mkpa ka etinye ya iche. Maka ozi ndị ọzọ gbasara softHSM rụtụ aka na ngalaba Ịmepụta Chain mbinye aka n'elu.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 9

2. Nyocha na ikike 683823 | 2023.05.23
Dabere na iji igodo na file Sistemu ma ọ bụ na HSM, ị na-eji otu n'ime ndị a example iwu ka itinye design0_sign ọhaneze igodo na mgbọrọgwụ mbinye aka yinye kere na mbụ ngalaba:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=6 –cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -prename mgbọrọgwụ0 –previous_qky = mgbọrọgwụ0.qky – ikike = 6 –kagbuo = 0 –input_keyname = design0_sign design0_sign_chain.qky
Ị nwere ike ikwugharị ọrụ append_key ruo ugboro abụọ ọzọ maka oke ntinye igodo ọha atọ n'etiti ntinye mgbọrọgwụ na ntinye nkụnye eji isi mee n'ime otu mbinye aka ọ bụla.
Ndị na-esonụ example na-eche na ị mepụtara igodo ọha nyocha ọzọ nwere otu ikike wee kenye ID 1 kagbuo nke a na-akpọ design1_sign_public.pem, ma na-etinye igodo a na yinye mbinye aka site na mbụ gara aga.ampLe:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –permission=6 –cancel=1 –input_pem=design1_sign_public.pem designq1_kysign_chain.
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -prename design0_sign –previous_qky=design0_sign_chain.qky –ikike=6 –kagbuo =1 –input_keyname=design1_sign design1_sign_chain.qky
Ngwa Intel Agilex 7 gụnyere ihe mgbakwunye igodo kagbuo igodo iji kwado iji igodo nwere ike ịgbanwe oge oge n'oge ndụ ngwaọrụ enyere. Ị nwere ike họrọ akara nkwụghachi igodo a site n'ịgbanwe arụmụka nke nhọrọ -cancel ka ọ bụrụ pts:pts_value.
2.2. Ịbanye Bitstream nhazi
Ngwa Intel Agilex 7 na-akwado counters Security Version Number (SVN), nke na-enye gị ohere kagbuo ikike nke ihe na-enweghị ịkagbu igodo. Ị na-ekenye counter SVN na uru SVN kwesịrị ekwesị n'oge ntinye aka nke ihe ọ bụla, dị ka akụkụ bitstream, firmware .zip file, ma ọ bụ kọmpat akwụkwọ. Ị na-ekenye counter SVN na uru SVN site na iji nhọrọ –cancel yana svn_counter:svn_value dị ka arụmụka. Ụkpụrụ ziri ezi maka svn_counter bụ svnA, svnB, svnC, na svnD. Svn_value bụ ọnụọgụ n'ime oke [0,63].

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 10

Zipu nzaghachi

2. Nyocha na ikike 683823 | 2023.05.23
2.2.1. Igodo Quartus File Ihe omume
Ị ezipụta yinye mbinye aka n'ime ọrụ ngwanrọ Intel Quartus Prime gị iji mee ka njirimara njirimara maka imewe ahụ. Site na menu ihe omume, họrọ Ngwaọrụ Ngwaọrụ na igodo nchekwa Quartus Nhọrọ Pin File, wee chọgharịa gaa na yinye mbinye aka .qky file I kere ibinye aka n'ichepụta a.
Ọgụgụ 1. Kwado Nhazi Bitstream Ntọala

N'aka nke ọzọ, ịnwere ike ịgbakwunye nkwupụta ọrụ na-esote na Ntọala Quartus Prime Intel gị file (.qsf):
set_global_assignment -aha QKY_FILE design0_sign_chain.qky
Iji mepụta .sof file site na nhazi achịkọtara na mbụ, nke gụnyere ntọala a, site na menu nhazi, họrọ Malite Malite Assembler. Ihe mmepụta ọhụrụ .sof file gụnyere ọrụ ndị ahụ iji mee ka nyocha jiri yinye mbinye aka enyere.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 11

2. Nyocha na ikike 683823 | 2023.05.23
2.2.2. Na-abanye aka na SDM Firmware
Ị na-eji ngwá ọrụ quartus_sign wepụ, bịanye aka, na wụnye SDM firmware .zip dị mkpa. file. A na-etinyezi firmware nke ejikọtara aka na mmemme ahụ file ngwá ọrụ generator mgbe ị tọghata .sof file banye nhazi bitstream .rbf file. Ị na-eji iwu ndị a ka ịmepụta yinye mbinye aka ọhụrụ wee bịanye aka na firmware SDM.
1. Mepụta ụzọ ụzọ mbinye aka ọhụrụ.
a. Mepụta ụzọ igodo mbinye aka ọhụrụ na ya file Sistemu:
quartus_sign –family=agilex –operation=eme_private_pem –curve=sec384r1 firmware1_private.pem
quartus_sign –family=agilex –operation=eme_public_pem firmware1_private.pem firmware1_public.pem
b. Mepụta ụzọ igodo mbinye aka ọhụrụ na HSM:
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen -mechanism ECDSA-KEY-PAIR-GEN –key-ụdị EC : sec384r1 – ojiji-akara –label firmware1 – id 1
2. Mepụta yinye mbinye aka ọhụrụ nwere igodo ọha ọhụrụ:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x1 –cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -prename mgbọrọgwụ0 -previous_qky = mgbọrọgwụ0.qky - ikike = 1 -cancel = 1 -input_keyname = firmware1 firmware1_sign_chain.qky
3. Detuo firmware .zip file site na akwụkwọ ndekọ nrụnye ngwanrọ Intel Quartus Prime Pro Edition ( /ngwaọrụ/programmer/firmware/ agilex.zip) gaa na ndekọ na-arụ ọrụ ugbu a.
quartus_sign –family=agilex –get_firmware=.
4. Banye na firmware .zip file. Ngwa ahụ na-ebupụ .zip na-akpaghị aka file na n'otu n'otu banye niile firmware .cmf files, wee wughachi .zip ahụ file maka iji ngwaọrụ ndị dị na ngalaba ndị a:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip sign_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 12

Zipu nzaghachi

2. Nyocha na ikike 683823 | 2023.05.23

–keyname=firmware1 –cancel=svnA:0 –qky=firmware1_sign_chain.qky agilex.zip sign_agilex.zip

2.2.3. Ịbanye nhazi Bitstream Iji quartus_sign Command
Iji binye aka na nhazi bitstream site na iji quartus_sign iwu, ị ga-ebu ụzọ tụgharịa .sof file gaa na ọnụọgụ abụọ raw na-edeghị akwụkwọ file (.rbf) usoro. Ị nwere ike na-ahọrọ na-ezipụta femụwe mbinye aka na-eji nhọrọ fw_source n'oge usoro ntụgharị.
Ị nwere ike ịmepụta raw bitstream na-edeghị aha n'ụdị .rbf site na iji iwu a:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
Gbaa otu n'ime iwu ndị a ka ịbanye na bitstream site na iji ngwa quartus_sign dabere na ọnọdụ igodo gị:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf sign_bitstream.rbf
quartus_sign –family = agilex –operation = akara –module =softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” – keyname = design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf sign_bitstream.rbf
Ị nwere ike ịtụgharị .rbf mbinye aka files na nhazi bitstream ọzọ file usoro.
Maka exampma, ọ bụrụ na ị na-eji Jam * Standard Test and Programming Language (STAPL) Player iji hazie bitstream n'elu JTAG, ị na-eji iwu a iji tọghata .rbf file na usoro .jam nke ihe ọkpụkpọ Jam STAPL chọrọ:
quartus_pfg -c Sign_bitstream.rbf sign_bitstream.jam

2.2.4. Ndozigharị akụkụ akụkụ nke ọtụtụ ikike ikike

Ngwa Intel Agilex 7 na-akwado nkwado nnabata ọtụtụ ikike, ebe onye nwe ngwaọrụ na-emepụta ma debanye aha na bitstream static, yana onye nwe PR dị iche na-emepụta na akara PR persona bitstreams. Ngwa Intel Agilex 7 mejuputa nkwado ikike ọtụtụ site n'ekenye oghere mgbọrọgwụ mgbọrọgwụ mbụ na ngwaọrụ ahụ ma ọ bụ onye nwe bitstream static ma na-ekenye oghere igodo mgbọrọgwụ ikpeazụ na onye nweghachi onye nwe bitstream.
Ọ bụrụ na agbanyere njirimara njirimara, mgbe ahụ, a ga-edebanye aha onyonyo PR niile, gụnyere onyonyo PR mmadụ akwụgoro. Onye nwe ngwaọrụ ma ọ bụ onye nwe PR nwere ike bịanye aka na onyonyo PR persona; Otú ọ dị, onye nwe ngwaọrụ ga-abanyerịrị na mpaghara bitstreams static.

Mara:

A na-eme atụmatụ nhazigharị akụkụ akụkụ static na onye nzuzo bitstream mgbe agbanyere nkwado ọtụtụ ikike na mwepụta n'ọdịnihu.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 13

2. Nyocha na ikike 683823 | 2023.05.23

Onyonyo 2.

Ịmejuputa ntugharị akụkụ akụkụ nkwado ọtụtụ ikike chọrọ ọtụtụ usoro:
1. Ngwaọrụ ma ọ bụ onye nwe bitstream static na-ewepụta otu igodo mgbọrọgwụ ma ọ bụ karịa dị ka akọwara na Ịmepụta Igodo nyocha na SoftHSM na ibe 8, ebe nhọrọ -key_type nwere uru nwe.
2. Onye nwe nwegharịa nhazi nke akụkụ bitstream na-ewepụta igodo mgbọrọgwụ mana ọ gbanwere uru nhọrọ -key_type gaa na secondary_owner.
3. Ma ndị static bitstream na ele mmadụ anya n'ihu reconfiguration imewe nwe hụ na Kwado Multi-Authority nkwado igbe na-enyere na ọrụ Ngwaọrụ Ngwaọrụ na Pin Nhọrọ Nchekwa taabụ.
Intel Quartus Prime Kwado ntọala nhọrọ ọtụtụ ikike

4. Ma static bitstream na partial reconfiguration design nwe na-emepụta ụdọ mbinye aka dabere na igodo mgbọrọgwụ ha dị ka akọwara na Ịmepụta Chain Signature na ibe 6.
5. Ma static bitstream na ele mmadụ anya n'ihu reconfiguration imewe nwe na-atụgharị ha chịkọtara chepụta ka .rbf usoro files wee bịanye aka na .rbf files.
6. Ngwaọrụ ma ọ bụ onye nwe bitstream static na-ewepụta ma bịanye aka na asambodo kọmpat ikike mmemme igodo ọha PR.
quartus_pfg –cert o ccert_type=PR_PUBKEY_PROG_AUTH o nwe_qky_file= "mgbọrọgwụ0.qky; mgbọrọgwụ1.qky" enweghị akara_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.cert sign_pr_pubkey_prog.cert
quartus_sign –family = agilex –operation = akara –module=softHSM –module_args=”–token_label=s10-token –user_pin=s10-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” – keyname= design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.cert sign_pr_pubkey_prog.ccert

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 14

Zipu nzaghachi

2. Nyocha na ikike 683823 | 2023.05.23

7. The ngwaọrụ ma ọ bụ static bitstream nwe ndokwa ha Nyocha mgbọrọgwụ isi hashes na ngwaọrụ, mgbe ahụ, mmemme na PR ọha isi ihe omume ikike kọmpat akwụkwọ, na n'ikpeazụ ndokwa ndị ele mmadụ anya n'ihu reconfiguration bitstream nwe mgbọrọgwụ isi ngwaọrụ. Ngalaba inye ngwaọrụ na-akọwa usoro inye ihe a.
8. A na-ahazi ngwaọrụ Intel Agilex 7 na mpaghara static .rbf file.
9. A na-ahazi ngwaọrụ Intel Agilex 7 nke ọma na onye nhazi .rbf. file.
Ozi metụtara
· Ịmepụta yinye mbinye aka na ibe 6
· Imepụta ụzọ mkpirisi nyocha na SoftHSM na ibe 8
Ịnye ngwaọrụ na ibe 25

2.2.5. Na-enyocha agbụ mbinye aka Bitstream nhazi nhazi
Mgbe ịmechara ụdọ mbinye aka na bitstreams bịanyere aka na ya, ị nwere ike ịchọpụta na bitstream bịanyere aka na ya na-ahazi ngwaọrụ nke ejiri igodo mgbọrọgwụ nyere. Ị na-ebu ụzọ jiri ọrụ fuse_info nke quartus_sign iwu bipụta hash nke igodo ọha na eze maka ederede. file:
quartus_sign –family=agilex –operation=fuse_info mgbọrọgwụ0.qky hash_fuse.txt

Ị na-eji nhọrọ check_integrity nke quartus_pfg iwu iji nyochaa yinye mbinye aka n'akụkụ ọ bụla nke bitstream abịanyere aka na usoro .rbf. Nhọrọ check_integrity na-ebipụta ozi ndị a:
· Ọnọdụ nke mkpokọta bitstream iguzosi ike n'ezi ihe nlele
· Ọdịnaya nke ntinye ọ bụla na yinye mbinye aka ọ bụla jikọtara na ngalaba nke ọ bụla na bitstream .rbf file,
· Uru fiusi a tụrụ anya maka hash nke igodo ọha mgbọrọgwụ maka yinye mbinye aka ọ bụla.
Uru sitere na mmepụta fuse_info kwesịrị dakọtara na ahịrị Fuse na mmepụta check_integrity.
quartus_pfg -check_integrity sign_bitstream.rbf

Nke a bụ example nke ndetu iwu check_integrity:

Ozi: Iwu: quartus_pfg –check_integrity Sign_bitstream.rbf Ọkwa iguzosi ike n'ezi ihe: OK

Ngalaba

Ụdị: CMF

Nkọwa mbinye aka…

Yinye mbinye aka #0 (ntinye: -1, akwụ ụgwọ: 96)

Ntinye #0

Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79

72978B22 0731B082 6F596899 40F32048 AD766A24

Mepụta igodo…

akụkụ: sec384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Mepụta igodo…

akụkụ: sec384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 15

2. Nyocha na ikike 683823 | 2023.05.23

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Ntinye #1

Mepụta igodo…

akụkụ: sec384r1

: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B

C120C7E7A744C357346B424D52100A9

: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5

08A80F3FE7F156DEF0AE5FD95BDFE05

Ntinye #2 ikike igodo: SIGN_CODE Keychain nwere ike ịkagbu site na ID: 3 yinye mbinye aka #1 (ntinye: -1, dechapụ: 648)

Ntinye #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ntinye #1

Mepụta igodo…

akụkụ: sec384r1

: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D

74D982BC20A4772ABCD0A1848E9DC96

: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D

0DA7C6B53D83CF8A775A8340BD5A5DB

Ntinye #2

Mepụta igodo…

akụkụ: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Ntinye #3 Ikike mbanye: SIGN_CODE Keychain nwere ike ịkagbu site na ID: 15 yinye mbinye aka #2 (ntinye: -1, dechapụ: 0) yinye mbinye aka #3 (ntinye: -1, dechapụ: 0) Anya mbinye aka #4 (ntinye: -1, akwụ ụgwọ: 0) Yinye mbinye aka #5 (ntinye: -1, nkwụsị: 0) Yinye mbinye aka #6 (ntinye: -1, nkwụsị: 0) Anya mbinye aka #7 (ntinye: -1, nkwụsị: 0)

Ụdị nkebi: Onye nkọwa mbinye aka IO … Yinye mbinye aka #0 (ntinye: -1, dechapụ: 96)

Ntinye #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 16

Zipu nzaghachi

2. Nyocha na ikike 683823 | 2023.05.23

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ntinye #1

Mepụta igodo…

akụkụ: sec384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Ntinye #2

Mepụta igodo…

akụkụ: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Ntinye #3 Ikike igodo: SIGN_CORE Keychain nwere ike ịkagbu site na ID: 15 yinye mbinye aka #1 (ntinye: -1, dechapụ: 0) yinye mbinye aka #2 (ntinye: -1, dechapụ: 0) Anya mbinye aka #3 (ntinye: -1, nkwụghachi: 0) Yinye mbinye aka #4 (ntinye: -1, akwụ ụgwọ: 0) Agbụka mbinye aka #5 (ntinye: -1, akwụ ụgwọ: 0) Anya mbinye aka #6 (ntinye: -1, nkwụsị: 0) mbinye aka. yinye #7 (ntinye: -1, kwụsịrị: 0)

Ngalaba

Ụdị: HPS

Nkọwa mbinye aka…

Yinye mbinye aka #0 (ntinye: -1, akwụ ụgwọ: 96)

Ntinye #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ntinye #1

Mepụta igodo…

akụkụ: sec384r1

: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30

09CE3F486200940E81D02E2F385D150

: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E

5AC33EE6D388B1A895AC07B86155E9D

Ntinye #2

Mepụta igodo…

akụkụ: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 17

2. Nyocha na ikike 683823 | 2023.05.23

Ntinye #3 ikike igodo: SIGN_HPS Keychain nwere ike ịkagbu site na ID: 15 yinye mbinye aka #1 (ntinye: -1, dechapụ: 0) yinye mbinye aka #2 (ntinye: -1, dechapụ: 0) Anya mbinye aka #3 (ntinye: -1, nkwụghachi: 0) Yinye mbinye aka #4 (ntinye: -1, akwụ ụgwọ: 0) Agbụka mbinye aka #5 (ntinye: -1, akwụ ụgwọ: 0) Anya mbinye aka #6 (ntinye: -1, nkwụsị: 0) mbinye aka. yinye #7 (ntinye: -1, kwụsịrị: 0)

Ụdị ngalaba: Nkọwa mbinye aka CORE … Yinye mbinye aka #0 (ntinye: -1, dechapụ: 96)

Ntinye #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Mepụta igodo…

akụkụ: sec384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ntinye #1

Mepụta igodo…

akụkụ: sec384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Ntinye #2

Mepụta igodo…

akụkụ: sec384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 18

Zipu nzaghachi

683823 | 2023.05.23 zipu nzaghachi

Ihe nzuzo AES Bitstream

Advanced Encryption Standard (AES) bitstream izo ya ezo bụ atụmatụ na-enyere onye nwe ngwaọrụ aka ichedo nzuzo nke akụ ọgụgụ isi na nhazi bitstream.
Iji nyere aka kpuchido nzuzo nke igodo, nhazi nzuzo bitstream na-eji eriri igodo AES. A na-eji igodo ndị a ezoro data onye nwe ya na nhazi bitstream, ebe ejiri igodo mgbọrọgwụ AES ezoro ezo nke mbụ etiti.

3.1. Ịmepụta igodo mgbọrọgwụ AES

Ị nwere ike iji ngwa quartus_encrypt ma ọ bụ stratix10_encrypt.py mmejuputa ntụaka iji mepụta igodo mgbọrọgwụ AES na igodo nzuzo nzuzo Intel Quartus Prime (.qek) file.

Mara:

Ihe stratix10_encrypt.py file A na-eji ya maka Intel Stratix® 10, yana Intel Agilex 7 ngwaọrụ.

Ị nwere ike ịhọrọ nke ọma ezi igodo ntọala ejiri nweta igodo mgbọrọgwụ AES na igodo mmepụta igodo, uru maka igodo mgbọrọgwụ AES ozugbo, ọnụ ọgụgụ nke igodo etiti, na oke ojiji ọ bụla igodo etiti.

Ị ga-ezipụta ezinụlọ ngwaọrụ, mmepụta .qek file ebe, na okwu mbanye mgbe kpaliri.
Gbaa iwu na-esonụ ka ịmepụta igodo mgbọrọgwụ AES site na iji data random maka igodo isi na ụkpụrụ ndabara maka ọnụọgụ nke igodo etiti na iji igodo kachasị.
Iji jiri mmejuputa ntụaka ahụ, dochie oku na onye ntụgharị okwu Python gụnyere ya na sọftụwia Intel Quartus Prime wee hapụ nhọrọ –family=agilex; nhọrọ ndị ọzọ niile bụ otu. Maka example, iwu quartus_encrypt achọtara emechaa na ngalaba

quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek

enwere ike ịtụgharị ka ọ bụrụ oku kwekọrọ na mmejuputa ntụaka dị ka ndị a pgm_py stratix10_encrypt.py –operation=MAKE_AES_KEY aes_root.qek

3.2. Ntọala nzuzo Quartus
Iji mee ka izo ya ezo bitstream maka imewe, ị ga-ezipụta nhọrọ kwesịrị ekwesị site na iji Ngwaọrụ Ngwaọrụ na Ogwe Nchebe Nhọrọ Pin. Ị na-ahọrọ igbe nrịbama nzuzo Kwado nhazi bitstream, yana ebe nchekwa igodo nzuzo achọrọ site na menu ndọpụta.

ISO 9001: 2015 edebanye aha

Ọgụgụ 3. Ntọala nzuzo Intel Quartus Prime

3. AES Bitstream ezoro ezo 683823 | 2023.05.23

N'aka nke ọzọ, ịnwere ike ịgbakwunye nkwupụta ọrụ na-esote na ntọala Intel Quartus Prime gị file .qsf:
set_global_assignment - aha ENCRYPT_PROGRAMMING_BITSTREAM na set_global_assignment - aha PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
Ọ bụrụ n’ịchọrọ ime ka mbelata ndị ọzọ megide vectors ọgụ ọwa n'akụkụ, ị nwere ike mee ka mbelata nha mmelite nzuzo na Kwado igbe nrịbama.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 20

Zipu nzaghachi

3. AES Bitstream ezoro ezo 683823 | 2023.05.23

Mgbanwe ndị kwekọrọ na .qsf bụ:
set_global_assignment -aha PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING na set_global_assignment -aha PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31

3.3. Na-ezobe Bitstream nhazi
Ị ezoro ezo nhazi bitstream tupu ịbanye na bitstream. Ihe mmemme Intel Quartus Prime File Ngwá ọrụ Generator nwere ike izo ya akpaghị aka wee bịanye aka na nhazi bitstream site na iji interface njirimara eserese ma ọ bụ ahịrị iwu.
Ị nwere ike ịmepụta bitstream nke ezoro ezo nke ọma maka iji quartus_encrypt na quartus_sign ngwaọrụ ma ọ bụ ihe dabara adaba.

3.3.1. Nhazi Bitstream Encryption Iji mmemme File Ihe osise eserese Generator
Ị nwere ike iji Programming File Generator iji zoo ma binye aka na onyonyo onye nwe ya.

Onyonyo 4.

1. Na Intel Quartus Prime File menu họrọ Mmemme File Generator. 2. Na mmepụta Files tab, ezipụta mmepụta file pịnye maka nhazi gị
atụmatụ.
Mpụta File Nkọwapụta

Mmepụta atụmatụ nhazi file tab
Mpụta file ụdị

3. Na ntinye Files taabụ, pịa Tinye Bitstream wee chọgharịa na .sof gị. 4. Iji kọwapụta ezoro ezo na nhọrọ nyocha họrọ .sof wee pịa
Njirimara. a. Gbanwuo ngwa nbinye aka. b. Maka igodo onwe file họrọ igodo nbinye aka nkeonwe .pem file. c. Gbanwuo mechaa izo ya ezo.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 21

3. AES Bitstream ezoro ezo 683823 | 2023.05.23

Onyonyo 5.

d. Maka igodo nzuzo file, họrọ AES .qk gị file. Ntinye (.sof) File Njirimara maka nyocha na nzuzo

Kwado nyocha Ezipụta mgbọrọgwụ nzuzo .pem
Kwado izo ya ezo Tinye igodo nzuzo
5. Iji mepụta bitstream bịanyere aka na ezoro ezo, na ntinye Files taabụ, pịa n'ịwa. Igbe okwu okwuntughe pụtara ka ị tinye akara paswọọdụ gị maka igodo AES gị .qek file na ịbanye igodo nzuzo .pem file. Mmemme file generator na-emepụta mmepụta ezoro ezo na mbinye aka_file.rbf.
3.3.2. Nhazi Bitstream Encryption Iji mmemme File Generator Command Line Interface
Mepụta nhazi bitstream ezoro ezo na bịanyere aka n'akwụkwọ n'ụdị .rbf jiri interface ahịrị iwu quartus_pfg:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o bịanyere aka na ya =ON -o pem_file= design0_sign_private.pem
Ị nwere ike ịtụgharị ezoro ezo na mbinye aka nhazi bitstream n'ụdị .rbf gaa na nhazi bitstream ọzọ file usoro.
3.3.3. Nhazi Bitstream Ọgbọ ezoro ezo nke ọma site n'iji Interface Line Command
Ị nwere ike ịmepụta mmemme ezoro ezo n'ụzọ ụfọdụ file iji mechaa ezoro ezo wee bịanye aka na onyonyo ma emechaa. Mepụta mmemme ezoro ezo n'otu akụkụ file na usoro .rbf na thequartus_pfgcommand akara interface: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 22

Zipu nzaghachi

3. AES Bitstream ezoro ezo 683823 | 2023.05.23
Ị na-eji ngwá ọrụ ahịrị iwu quartus_encrypt iji mechaa izo ya ezo bitstream:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
Ị na-eji ngwá ọrụ ahịrị iwu quartus_sign iji bịanye aka na nhazi bitstream ezoro ezo:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf sign_encrypted_top.rbf
quartus_sign –family = agilex –operation = akara –module =softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” – keyname = design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf sign_encrypted_top.rbf
3.3.4. Ntugharị akụkụ akụkụ Bitstream nzuzo
Ị nwere ike mee ka izo ya ezo bitstream na ụfọdụ Intel Agilex 7 FPGA na-eji nhazigharị akụkụ.
Nhazi nhazigharị akụkụ nke na-eji Hierarchical Partial Reconfiguration (HPR), ma ọ bụ Static Update Partial Reconfiguration (SUPR) anaghị akwado izo ya ezo bitstream. Ọ bụrụ na imewe gị nwere ọtụtụ mpaghara PR, ị ga-edoberịrị mmadụ niile.
Iji mee ka izo ya ezo bitstream nhazigharị akụkụ, soro otu usoro ahụ na ngbanwe niile. 1. Na Intel Quartus Prime File menu, họrọ Ngwaọrụ Ngwaọrụ
na Pin Nhọrọ Nchekwa. 2. Họrọ ebe nchekwa igodo nzuzo achọrọ.
Ọgụgụ 6. Nhazi nhazigharị akụkụ nke Bitstream Ntọala nzuzo

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 23

3. AES Bitstream ezoro ezo 683823 | 2023.05.23
N'aka nke ọzọ, ịnwere ike itinye nkwupụta ọrụ na-esote na ntọala Quartus Prime file .qsf:
set_global_assignment - aha -ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION na
Mgbe ị chịkọtachara ntọala ntọala na ngbanwe, ngwanro ahụ na-ewepụta a.soffile na otu ma ọ bụ karịa.pmsffiles, na-anọchi anya ndị mmadụ. 3. Mepụta ezoro ezo na bịanyere aka na mmemme files site na.sof na.pmsf files n'ụzọ yiri nke ahụ na-emepụta na-enweghị ele mmadụ anya n'ihu reconfiguration nyeere. 4. Tụgharịa onye achịkọtara.pmsf file na akụkụ ezoro ezo.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. Mechaa bitstream izo ya ezo site na iji quartus_encrypt ngwá ọrụ ahịrị iwu:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. Banye ezoro ezo nhazi bitstream site na iji quartus_sign akara ngwa:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbf sign_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –qky design0_sign_chain.qky –cancel=svnA:0 –keyname=design0_sign encrypted_persona1.rbf sign_encrypted_persona1.rbf

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 24

Zipu nzaghachi

683823 | 2023.05.23 zipu nzaghachi

Na-enye ngwaọrụ

A na-akwado ịnye atụmatụ nchekwa mbụ naanị na ngwa ngwa nkwado SDM. Jiri Intel Quartus Prime Programmer na-ebunye ngwa ngwa nke SDM ma rụọ ọrụ ntinye.
Ị nwere ike iji ụdị ọ bụla nke JTAG budata eriri iji jikọọ Quartus Programmer na ngwaọrụ Intel Agilex 7 iji rụọ ọrụ nhazi.
4.1. Iji SDM Provision Firmware
The Intel Quartus Prime Programmer na-emepụta na-akpaghị aka ma na-ebunye ihe oyiyi inyeaka nke ụlọ ọrụ mmepụta ihe mgbe ị họrọ ọrụ mmalite na iwu ịme ihe na-abụghị nhazi bitstream.
Dabere na iwu mmemme akọwapụtara, onyonyo inyeaka nke ụlọ nrụpụta bụ otu n'ime ụdị abụọ:
· Inye onyogho inyeaka-nwere otu ngalaba bitstream nwere ngwa ngwa inye SDM.
Ihe onyonyo inyeaka QSPI-nwere akụkụ abụọ bitstream, nke nwere isi firmware SDM yana otu ngalaba I/O.
Ị nwere ike ịmepụta foto enyemaka nke ụlọ mmepụta ihe file Ibunye n'ime ngwaọrụ gị tupu ịme iwu mmemme ọ bụla. Mgbe ịmechara hash igodo mgbọrọgwụ nyocha, ị ga-emerịrị ma banye na foto enyemaka ụlọ ọrụ QSPI n'ihi ngalaba I/O gụnyere. Ọ bụrụ na ị na-eme mmemme eFuse nchekwa firmware mbinye aka, ị ga-emepụta ihe nrụnye na ihe nrụnye ụlọ ọrụ QSPI nwere ngwa ngwa mbinye aka. Ị nwere ike iji onyonyo inyeaka ndabara ụlọ ọrụ mbinye aka na ngwaọrụ enweghị nrụnye ka ngwaọrụ ahụ anaghị echekwa ụdọ mbinye aka na-abụghị Intel n'elu firmware SDM. Rụtụ aka na iji onyonyo onye inyeaka ụlọ ọrụ QSPI dị na ngwaọrụ ndị nwe ya na ibe 26 maka nkọwa ndị ọzọ gbasara imepụta, ibinye aka na iji onyonyo inyeaka nke ụlọ nrụpụta QSPI.
Onyonyo ụlọ ọrụ mmepụta ihe na-enye nkwado ndabere na-arụ ọrụ nkwado, dị ka mmemme hash igodo mgbọrọgwụ, fiusi ntọala nchekwa, ndebanye aha PUF, ma ọ bụ inye igodo ojii. Ị na-eji Intel Quartus Prime Programming File Ngwá ọrụ ahịrị iwu Generator iji mepụta onyonyo onye inyeaka, na-akọwapụta nhọrọ helper_image, aha helper_device gị, subtype onye inyeaka ihe onyonyo, yana nhọrọ firmware .zip bịanyere aka na ya. file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o fw_source=signed_agilex.zip sign_provision_helper_image.rbf
Hazie onyonyo onye inyeaka site na iji ngwa Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o "p; aka aka_provision_helper_image.rbf" -force

ISO 9001: 2015 edebanye aha

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Mara:

Ị nwere ike hapụ ọrụ mbido na iwu, gụnyere exampLes nyere n'isiakwụkwọ a, mgbe ma ọ bụ mmemme ihe inyeaka ihe onyonyo ma ọ bụ jiri iwu nwere ọrụ mmalite.

4.2. Iji onyonyo onye inyeaka ụlọ ọrụ QSPI na ngwaọrụ ndị nwe ya
Onye mmemme Intel Quartus Prime na-emepụta na-akpaghị aka ma na-ebunye onyonyo enyemaka ụlọ ọrụ QSPI mgbe ị họrọ ọrụ mmalite maka mmemme flash QSPI. file. Mgbe ịmechara hash igodo mgbọrọgwụ nyocha, ị ga-emerịrị ma banye na foto onye inyeaka ụlọ ọrụ QSPI, wee hazie ihe onyonyo inyeaka ụlọ ọrụ QSPI bịanyere aka na ya iche tupu ịmebe ọkụ QSPI. 1. Ị na-eji Intel Quartus Prime Programming File Generator iwu akara ngwá ọrụ ka
mepụta onyonyo onye inyeaka QSPI, na-akọwapụta nhọrọ helper_image, ụdị helper_device gị, ụdị ihe onyonyo inyeaka QSPI, yana nhọrọ nke .zip femụwe agbakọbara. file:
quartus_pfg –helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. Ị bịanyere aka na foto enyemaka ụlọ ọrụ QSPI:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf sign_qspi_helper_image.rbf
3. Ị nwere ike iji QSPI flash mmemme file usoro. Ndị na-esonụ examples iji nhazi bitstream gbanwere na .jic file usoro:
quartus_pfg -c Sign_bitstream.rbf Sign_flash.jic -o device=MT25QU128 -o flash_loader=AGFB014R24A -o mode=ASX4
4. Ị na-eji ngwa Intel Quartus Prime Programmer na-eme ihe oyiyi inyeaka aka:
quartus_pgm -c 1 -mjtag -o "p; bịanyere aka na ya_qspi_helper_image.rbf" -force
5. Ị na-eme ihe oyiyi .jic ka ọ gbanye ọkụ site na iji ngwa Intel Quartus Prime Programmer:
quartus_pgm -c 1 -mjtag -o "p; signed_flash.jic"

4.3. Nkwanye igodo mgbọrọgwụ nyocha
Iji hazie igodo mgbọrọgwụ onye nwe hashes ka ọ bụrụ fuses anụ ahụ, nke mbụ ị ga-ebunye ngwa ngwa ngwa, mmemme na-esote onye nwe mgbọrọgwụ hashes, wee rụọ nrụpụta ike ozugbo. Achọghị nrụpụta ike-na ma ọ bụrụ na mmemme mgbọrọgwụ igodo hashes na fiusi mebere.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 26

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23
Iji mmemme nyocha mgbọrọgwụ igodo hashes, ị na-eme mmemme ihe enyemaka enyemaka ngwa ngwa wee mee otu n'ime iwu ndị a iji hazie igodo mgbọrọgwụ .qky. files.
// Maka anụ ahụ (na-adịghị agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "p; mgbọrọgwụ0.qky; mgbọrọgwụ1.qky; mgbọrọgwụ2.qky" -non_volatile_key
// Maka mebere (na-agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "p; mgbọrọgwụ0.qky; mgbọrọgwụ1.qky; mgbọrọgwụ2.qky"
4.3.1. Nhazigharị akụkụ akụkụ nke mmemme igodo ọtụtụ ikike
Mgbe provisioning na ngwaọrụ ma ọ bụ static mpaghara bitstream nwe mgbọrọgwụ igodo, ị ọzọ mara ngwaọrụ ndokwa inyeaka image, omume na aka PR ọha isi ihe omume ikike kọmpat akwụkwọ, na mgbe ahụ, na-enye ndị PR persona bitstream nwe mgbọrọgwụ igodo.
// Maka anụ ahụ (na-adịghị agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "p; mgbọrọgwụ_pr.qky" -pr_pubkey -non_volatile_key
// Maka mebere (na-agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "p;p; mgbọrọgwụ_pr.qky" -pr_pubkey
4.4. Fọss Igodo kagbuo mmemme mmemme
Malite na ụdị sọftụwia Intel Quartus Prime Pro Edition 21.1, mmemme Intel na fuses kagbuo igodo onye nwe chọrọ iji asambodo kọmpat bịanyere aka na ya. Ị nwere ike iji eriri mbinye aka nwere ikike ịbịanye aka na ngalaba FPGA bịanye aka na asambodo kọmpat ID kagbuo igodo. Ị mepụtara akwụkwọ kọmpat na mmemme ahụ file generator iwu ahịrị ngwá ọrụ. Ị bịanye aka na asambodo etinyeghị aka na iji ngwa quartus_sign ma ọ bụ mmejuputa ntụaka.
Ngwa Intel Agilex 7 na-akwado ụlọ akụ dị iche iche nke onye nwe kagbuo NJ maka igodo mgbọrọgwụ ọ bụla. Mgbe emebere asambodo kọmpat kagbuo igodo onye nwe ya ka ọ bụrụ Intel Agilex 7 FPGA, SDM na-ekpebi igodo mgbọrọgwụ bịanyere aka na asambodo kọmpat wee fụọ fuse ID kagbuo igodo dabara na igodo mgbọrọgwụ ahụ.
Ndị na-esonụ examples mepụta akwụkwọ nkagbu igodo Intel maka ID igodo Intel 7. Ị nwere ike iji NJ kagbuo igodo 7-0 dochie 31.
Gbaa iwu a ka imepụta akwụkwọ kọmpat nchụpụ igodo Intel enweghị mbinye aka:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 enweghị akara_cancel_intel7.ccert
Gbaa otu n'ime iwu ndị a ka ị bịanye aka na asambodo kọmpat kagbuo igodo Intel enweghị mbinye aka:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.cert sign_cancel_intel7.cert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 27

4. Ngwaọrụ na-enye 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.cert sign_cancel_intel7.ccert
Gbaa iwu a ka imepụta akwụkwọ kọmpat nchụpụ igodo onye nwe enweghị mbinye aka:
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 edebanyeghị aha_cancel_owner2.ccert
Gbaa otu n'ime iwu ndị a ka ị bịanye aka na asambodo kọmpat kagbuo igodo onye nwe enweghị mbinye aka:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.cert sign_cancel_owner2.cert
quartus_sign –family = agilex –operation = akara –module =softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” – keyname = design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 enweghị akara_cancel_owner2.cert sign_cancel_owner2.cert
Mgbe ịmechara asambodo kọmpat nbibi nke ịkagbu igodo, ị na-eji Intel Quartus Prime Programmer hazie asambodo kọmpat na ngwaọrụ ahụ site na J.TAG.
// Maka anụ ahụ (na-adịghị agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "pi; aka_cancel_intel7.ccert" -non_volatile_key quartus_pgm -c 1 -mjtag -o "pi; aka_cancel_owner2.cert" -non_volatile_key
// Maka mebere (na-agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "pi; aka_cancel_intel7.ccert" quartus_pgm -c 1 -mjtag -o "pi; aka_cancel_owner2.cert"
Ị nwekwara ike izipu akwụkwọ kọmpat na SDM site na iji FPGA ma ọ bụ igbe ozi HPS.
4.5. Ịkagbu igodo mgbọrọgwụ
Ngwa Intel Agilex 7 na-ahapụ gị ka ịkagbu hashes isi mgbọrọgwụ mgbe hash isi mgbọrọgwụ ọzọ na-enweghị kagbuo dị. Ị kagbuo hash igodo mgbọrọgwụ site na ibu ụzọ hazie ngwaọrụ ahụ site na iji atụmatụ nke yinye mbinye aka ya gbanyere mkpọrọgwụ n'ime hash isi mgbọrọgwụ dị iche, wee mee mmemme akwụkwọ ntinye akwụkwọ ikike hash kagbuo kọmpat. Ị ga-abanyerịrị akwụkwọ ikike kagbuo kọmpat mgbọrọgwụ igodo hash nwere yinye mbinye aka gbanyere mkpọrọgwụ na igodo mgbọrọgwụ ka a ga-akagbu.
Gbaa iwu na-esonụ ka iwepụta akwụkwọ ikike mkpochapụ hash igodo enweghị mbinye aka:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 28

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Gbaa otu n'ime iwu ndị a ka ị bịanye aka na asambodo mkpochapụ hash igodo enweghị mbinye aka:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.cert sign_root_cancel.cert
quartus_sign –family = agilex –operation = akara –module =softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” – keyname = design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.cert sign_root_cancel.ccert
Ị nwere ike hazie akwụkwọ nkwado hash kagbuo mgbọrọgwụ site na JTAG, FPGA, ma ọ bụ igbe ozi HPS.

4.6. Ngwa ngwa ngwa mmemme
Ị na-emelite Nọmba Nchekwa (SVN) na Pseudo Time Stamp (PTS) fuses na-eji asambodo kọmpat bịanyere aka na ya.

Mara:

SDM na-edobe uru ngụta kacha nta a hụrụ n'oge nhazi enyere ma anaghị anabata asambodo mmụba counter mgbe uru counter dị obere karịa uru kacha nta. Ị ga-emelite ihe niile ekenyere na counter ma megharịa ngwaọrụ ahụ tupu ịmebe akwụkwọ mkpesa mmụba counter.

Gbaa otu n'ime iwu ndị a dabara na akwụkwọ abawanye counter nke ịchọrọ ịmepụta.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> enweghị akara_svnA.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> enweghị akara_svnB.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> enweghị akara_svnC.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> enweghị akara_svnD.ccert

Ọnụ ahịa counter nke 1 na-emepụta akwụkwọ ikike nkwalite counter. Ịmepụta asambodo kọmpat nkwado counter na-enye gị ohere ịme mmemme asambodo mgbakwunye na-edeghị aha ọzọ iji melite counter dị iche iche. Ị na-eji ngwá ọrụ quartus_sign iji bịanye aka na asambodo kọmpat counter n'otu aka ahụ na asambodo kọmpat nchụpụ igodo.
Ị nwere ike hazie akwụkwọ nkwado hash kagbuo mgbọrọgwụ site na JTAG, FPGA, ma ọ bụ igbe ozi HPS.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 29

4. Ngwaọrụ na-enye 683823 | 2023.05.23

4.7. Nchekwa data ihe mgbọrọgwụ igodo inye ihe
Ị na-eji Intel Quartus Prime Programmer iji nye igodo mgbọrọgwụ Secure Data Object Service (SDOS). Onye mmemme na-ebunye ihe onyonyo enyemaka ngwa ngwa iji nye igodo mgbọrọgwụ SDOS.
quartus_pgm c 1 mjtag - igodo_root_key - igodo anaghị agbanwe agbanwe

4.8. Ịkwanye Fuse Ntọala Nchekwa
Jiri Intel Quartus Prime Programmer nyochaa fuses ntọala ngwaọrụ wee dee ha na .fuse ederede dabere na ederede. file dị ka ndị a:
quartus_pgm -c 1 -mjtag -o "ei; mmemme_file.fuse; AGFB014R24B”

Nhọrọ · i: Onye mmemme na-ebunye onyonyo enyemaka ngwa ngwa na ngwaọrụ ahụ. e: Onye mmemme na-agụ fuse site na ngwaọrụ ahụ wee chekwaa ya na .fuse file.

Ihe .fuse file nwere ndepụta nke fuse aha-uru ụzọ abụọ. Ọnụ ahịa ahụ na-akọwapụta ma afụla fuse ma ọ bụ ọdịnaya dị n'ubi fuse.

Ndị na-esonụ example na-egosi usoro nke .fuse file:

# Firmware ejikọtara ọnụ

= "A naghị agba ọsọ"

# Igbu ikike ngwaọrụ

= "A naghị agba ọsọ"

# Ngwaọrụ enweghị nchekwa

= "A naghị agba ọsọ"

# Gbanyụọ ndozi HPS

= "A naghị agba ọsọ"

# Gbanyụọ ndebanye aha ID PUF

= "A naghị agba ọsọ"

# Gbanyụọ JTAG

= "A naghị agba ọsọ"

# Gbanyụọ igodo nzuzo PUF

= "A naghị agba ọsọ"

# Gbanyụọ igodo nzuzo nke onye nwe na BBRAM = "Akụghị ya"

# Gbanyụọ igodo nzuzo nke onye nwe na eFuses = "Akụghị ya"

# Gbanyụọ mgbọrọgwụ igodo ọha hash 0

= "A naghị agba ọsọ"

# Gbanyụọ mgbọrọgwụ igodo ọha hash 1

= "A naghị agba ọsọ"

# Gbanyụọ mgbọrọgwụ igodo ọha hash 2

= "A naghị agba ọsọ"

# Gbanyụọ eFuses mebere

= "A naghị agba ọsọ"

# Kwado elekere SDM ka ọ bụrụ oscillator ime = "A naghị afụ ya"

# Kwado mmelite igodo nzuzo

= "A naghị agba ọsọ"

# Nkagbu igodo doro anya Intel

= "0"

# Mkpọchi eFuses nchekwa

= "A naghị agba ọsọ"

# Emere mmemme igodo nzuzo onye nwe

= "A naghị agba ọsọ"

# Mmemme igodo nzuzo onye nwe bido

= "A naghị agba ọsọ"

# Nkagbu igodo doro anya onye nwe 0

= ""

# Nkagbu igodo doro anya onye nwe 1

= ""

# Nkagbu igodo doro anya onye nwe 2

= ""

# Onye nwe fuses

0x00000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000

0000000000000000000000”

# Hash igodo ọha onye nwe 0

0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Hash igodo ọha onye nwe 1

0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Hash igodo ọha onye nwe 2

0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Nha igodo ọha mgbọrọgwụ onye nwe

= "Ọ dịghị"

# PTS counter

= "0"

# PTS counter base

= "0"

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 30

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23

# QSPI bido igbu oge # RMA Counter # SDMIO0 bụ I2C # SVN counter A # SVN counter B # SVN counter C # SVN counter D

= "10ms" = "0" = "A naghị afụ" = "0" = "0" = "0" = "0"

Gbanwee .fuse file ka ịtọọ fiusi ntọala nchekwa gị chọrọ. A na-ewere ahịrị na-amalite na # dị ka ahịrị okwu. Iji hazie fiusi ntọala nchekwa, wepụ ihe na-eduga # wee tọọ uru ya na Blown. Maka example, iji mee ka fuse ntọala nchekwa Firmware bịanyere aka na ya aka, gbanwee ahịrị mbụ nke fuse file na nke a:
Firmware ejikọtara aka = "Blown"

Ị nwekwara ike ịkenye na hazie Fuses Onye nwe dabere na ihe ị chọrọ.
Ị nwere ike iji iwu na-esonụ iji mee nlele efu, mmemme, na nyochaa igodo ọha nke onye nwe ya:
quartus_pgm -c 1 -mjtag -o "ibpv; mgbọrọgwụ0.qky"

Nhọrọ · i: Na-ebunye onyonyo enyemaka ngwa ngwa na ngwaọrụ ahụ. b: Arụ a oghere ego iji nyochaa chọrọ nche ntọala fuses na-adịghị
fụọlarị. · p: Na-ahazi fuse. · v: Verifies na mmemme igodo na ngwaọrụ.
Mgbe emechara .qky file, ị nwere ike nyochaa ozi fuse site na ịlele fuse ozi ọzọ iji hụ na ma onye nwe igodo ọha hash na onye nwe igodo ọha nwere ụkpụrụ na-abụghị efu.
Ọ bụ ezie na anaghị edepụta mpaghara ndị a site na .fuse file Usoro, a na-etinye ha n'oge mmepụta ọrụ nyocha maka nkwenye: · Ngwaọrụ adịghị echekwa · ikike igbu egbu · Gbanyụọ onye nwe mgbọrọgwụ igodo ọha hash 0 · Gbanyụọ onye nwe mgbọrọgwụ igodo ọha hash 1 · Gbanyụọ onye nwe mgbọrọgwụ igodo ọha hash 2 · Intel key cancellation Mmemme igodo izo ezo nke onye nwe na-amalite · Mmemme igodo nzuzo nke onye emere · Ịkagbu igodo onye nwe · Igodo ọha hash onye nwe · Ogo igodo ọha onye nwe hash 0 · mgbọrọgwụ igodo ọha hash 1 · Onye nwe mgbọrọgwụ igodo ọha hash 2

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 31

4. Ngwaọrụ na-enye 683823 | 2023.05.23
PTS counter · PTS counter base · QSPI ibido igbu oge · RMA counter · SDMIO0 bụ I2C · SVN counter A · SVN counter B · SVN counter C · SVN counter D
Jiri Intel Quartus Prime Programmer mee mmemme .fuse file laghachi na ngwaọrụ. Ọ bụrụ na ị gbakwunye nhọrọ i, Programmer na-ebunye ngwa ngwa ngwa ngwa ngwa iji hazie ntọala ntọala nchekwa.
// Maka anụ ahụ (na-adịghị agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "pi; mmemme_file.fuse” – igodo na-adịghị agbanwe agbanwe
// Maka mebere (na-agbanwe agbanwe) eFuses quartus_pgm -c 1 -mjtag -o "pi; mmemme_file.fuo”
Ị nwere ike iji iwu na-esonụ iji nyochaa ma ọ bụrụ na ngwaọrụ mgbọrọgwụ igodo hash bụ otu ihe ahụ .qky nyere na iwu:
quartus_pgm -c 1 -mjtag -o "v; mgbọrọgwụ0_another.qky"
Ọ bụrụ na igodo ndị ahụ adabaghị, onye mmemme na-ada site na ozi njehie arụghị ọrụ.
4.9. AES mgbọrọgwụ Key inye
Ị ga-eji akwụkwọ kọmpat igodo mgbọrọgwụ AES bịanyere aka na ya iji hazie igodo mgbọrọgwụ AES na ngwaọrụ Intel Agilex 7.
4.9.1. Asambodo kọmpat igodo AES
Ị na-eji ngwá ọrụ ahịrị ahịrị quartus_pfg iji tọghata igodo mgbọrọgwụ AES gị .qek file n'ime akwụkwọ kọmpat .cert usoro. Ị na-akọwapụta ọnọdụ nchekwa igodo mgbe ị na-eke asambodo kọmpat. Ị nwere ike iji ngwa quartus_pfg mepụta akwụkwọ edebanyeghị aha maka ịbịanye aka n'oge ọzọ. Ị ga-eji a mbinye aka yinye na AES mgbọrọgwụ isi akwụkwọ bịanyere aka n'akwụkwọ nkwado ikike, ikike bit 6, nyeere ka ọma banye AES mgbọrọgwụ isi kọmpat akwụkwọ.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 32

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23
1. Mepụta ọzọ igodo ụzọ eji abanye AES isi kọmpat akwụkwọ site na iji otu n'ime iwu ndị a examples:
quartus_sign –family=agilex –operation=eme_private_pem –curve=secp384r1 aesccert1_private.pem
quartus_sign –family=agilex –operation=eme_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-tool –module=/usr/local/lib/softhsm/libsofthsm2.so –token-label agilex-token –login –pin agilex-token-pin –keypairgen usoro ECDSA-KEY-PAIR-GEN – isi ụdị EC: secp384r1 – ojiji-akara –label aesccert1 – id 2
2. Mepụta yinye mbinye aka nwere ntakịrị ikike ntọala site na iji otu n'ime iwu ndị a:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccert1_sign_chain.
quartus_sign –family=agilex –operation=append_key –module=softHSM -module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -prema aha mgbọrọgwụ0 -previous_qky = mgbọrọgwụ0.qky - ikike = 0x40 -cancel = 1 -input_keyname = aesccert1 aesccert1_sign_chain.qky
3. Mepụta akwụkwọ nkwekọrịta AES na-edeghị akwụkwọ maka ebe nchekwa isi mgbọrọgwụ AES chọrọ. Nhọrọ nchekwa isi mgbọrọgwụ AES dị:
EFUSE_WRAPPED_AES_KEY
IID_PUF_WRAPPED_AES_KEY
UDS_IID_PUF_WRAPPED_AES_KEY
BBRAM_WRAPPED_AES_KEY
BBRAM_IID_PUF_WRAPPED_AES_KEY
BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
// Mepụta eFuse AES mgbọrọgwụ isi akwụkwọ edeghị akwụkwọ quartus_pfg –ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek enweghị akara_efuse1.cert
4. Jiri iwu quartus_sign ma ọ bụ mmejuputa nrụtụ aka banye akwụkwọ kọmpat.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_sign_chain.qky unsigned_ 1.cert bịanyere aka na ya_ 1.cert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 33

4. Ngwaọrụ na-enye 683823 | 2023.05.23

–keyname=aesccert1 –qky=aesccert1_sign_chain.qky unsigned_ 1.cert bịanyere aka na ya_ 1.cert
5. Jiri Intel Quartus Prime Programmer mee mmemme akwụkwọ kọmpat akwụkwọ mgbọrọgwụ AES na ngwaọrụ Intel Agilex 7 site na J.TAG. Intel Quartus Prime Programmer na-adaba na mmemme eFuses mebere mgbe ọ na-eji ụdị akwụkwọ kọmpat EFUSE_WRAPPED_AES_KEY.
Ị gbakwunye nhọrọ -non_volatile_key iji kọwapụta fuses anụ ahụ mmemme.
// Maka anụ ahụ (na-adịghị agbanwe agbanwe) eFuse AES mgbọrọgwụ igodo quartus_pgm -c 1 -mjtag -o "pi; signed_efuse1.cert" -non_volatile_key

// Maka mebere (na-agbanwe agbanwe) eFuse AES mgbọrọgwụ igodo quartus_pgm -c 1 -mjtag -o "pi; signed_efuse1.cert"

// Maka BBRAM AES mgbọrọgwụ igodo quartus_pgm -c 1 -mjtag -o "pi; signed_bbram1.cert"

Ngwunye ngwa SDM na isi ngwa ngwa na-akwado mmemme akwụkwọ mgbọrọgwụ AES. Ịnwekwara ike iji interface igbe ozi SDM sitere na akwa FPGA ma ọ bụ HPS iji hazie akwụkwọ ikike mgbọrọgwụ AES.

Mara:

Iwu quartus_pgm anaghị akwado nhọrọ b na v maka asambodo kọmpat(.ccert).

4.9.2. Intrinsic ID® PUF AES Mgbọrọgwụ Key inye
Ịmejuputa Intrinsic* ID PUF ọbọp AES Key gụnyere usoro ndị a: 1. Ịdebanye aha ID PUF n'ime ime site na JTAG. 2. Na-ekpuchi igodo mgbọrọgwụ AES. 3. Ịmepụta data enyemaka na igodo kechie n'ime ebe nchekwa quad SPI. 4. Na-ajụ ajụjụ ọnọdụ mmalite PUF ID intrinsic.
Ojiji teknụzụ NJ Intrinsic chọrọ nkwekọrịta ikike dị iche na NJ Intrinsic. Akụrụngwa Intel Quartus Prime Pro na-amachibido ọrụ PUP na-enweghị ikike kwesịrị ekwesị, dị ka ndebanye aha, mkpuchi igodo, na mmemme data PUP na flash QSPI.

4.9.2.1. Ndebanye aha PUF ID dị n'ime
Iji denye aha PUF, ị ga-ejiri ngwa ngwa ihe nkwado SDM. Firmware nkwado ahụ ga-abụ ngwa ngwa mbụ ebugoro mgbe okirikiri ike gasịrị, ị ga-enyerịrị iwu ndebanye aha PUF tupu iwu ọ bụla ọzọ. Firmware na-enye nkwado na-akwado iwu ndị ọzọ mgbe ndebanye aha PUF gụnyere AES mgbọrọgwụ isi wrapping na programming quad SPI, Otú ọ dị, ị ga-enwe ike okirikiri ngwaọrụ ibu a nhazi bitstream.
Ị na-eji Intel Quartus Prime Programmer kpalite ndebanye aha PUF wee mepụta data enyemaka PUF .puf file.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 34

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Onyonyo 7.

Ndebanye aha PUF ID dị n'ime
quartus_pgm ndebanye aha PUF

Debanye aha PUF data enyemaka

Onye njikwa ngwaọrụ echekwara (SDM)

wrapper.puf Data inyeaka
Onye mmemme na-ebunye onyonyo enyemaka ngwa ngwa ngwa ngwa mgbe ị kọwapụtara ma arụmọrụ i yana arụmụka .puf.
quartus_pgm -c 1 -mjtag -o "ei; help_data.puf; AGFB014R24A"
Ọ bụrụ na ị na-eji firmware mbinye aka, ị na-ahazi onyonyo enyemaka firmware mbinye aka tupu i jiri iwu ndebanye aha PUF.
quartus_pgm -c 1 -mjtag -o "p; aka_provision_helper_image.rbf" -force quartus_pgm -c 1 -mjtag -o "e;help_data.puf;AGFB014R24A"
UDS IID PUF edebanye aha n'oge a na-emepụta ngwaọrụ, ọ dịghịkwa maka ndebanye aha. Kama, ị na-eji Programmer chọpụta ebe data enyemaka UDS PUF dị na IPCS, budata .puf. file ozugbo, wee jiri UDS .puf file n'otu ụzọ ahụ ka .puf file ewepụtara na ngwaọrụ Intel Agilex 7.
Jiri iwu mmemme mmemme ka ịmepụta ederede file nwere ndepụta nke URLs na-atụ aka kpọmkwem ngwaọrụ files na IPCS:
quartus_pgm -c 1 -mjtag -ọ "e;ipcs_urls.txt; AGFB014R24B” –ipcs_urls
4.9.2.2. Na-ekechi igodo AES Root
Ị na-emepụta IID PUF ọbọp AES mgbọrọgwụ igodo .wkey file site na izipu akwụkwọ mbinye aka na SDM.
Ị nwere ike iji Intel Quartus Prime Programmer mepụta, bịanyere aka na ya, na zipu akwụkwọ ahụ iji kechie igodo mgbọrọgwụ AES gị, ma ọ bụ ị nwere ike iji Intel Quartus Prime Programming. File Generator iji mepụta asambodo etinyeghị aka. Ị na-eji ngwaọrụ nke gị ma ọ bụ Quartus bịanyere aka n'akwụkwọ nkwado bịanyere aka n'akwụkwọ nkwado. Ị na-eji Programmer iziga bịanyere aka n'akwụkwọ nkwado na kechie gị AES mgbọrọgwụ igodo. Enwere ike iji asambodo etinyere aka na mmemme ngwaọrụ niile nwere ike kwado yinye mbinye aka.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 35

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Onyonyo 8.

Iji Intel Quartus Prime Programmer na-ekechi igodo AES
.pem nkeonwe
Igodo

.qk

quartus_pgm

Kechie igodo AES

Igodo AES.QSKigYnature RootCPhuabilnic

Mepụta PUF igodo kechie

Igodo AES kechie

SDM

.qek nzuzo
Igodo

.wkey PUF-Kechie
Igodo AES

1. Ị nwere ike ịmepụta IID PUF ọbọp AES mgbọrọgwụ igodo (.wkey) na Programmer na-eji ndị a arụmụka:
· Nke .qky file nwere a mbinye aka yinye na AES mgbọrọgwụ isi akwụkwọ ikike
· Nkeonwe .pem file maka igodo ikpeazụ na yinye mbinye aka
· Nke .qk file na-ejide igodo mgbọrọgwụ AES
· Vector mmalite nke 16-byte (iv).

quartus_pgm -c 1 -mjtag -nke ọma_file= aes0_sign_chain.qky –pem_file=aes0_sign_private.pem -qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”

2. Nhọrọ, ị nwere ike igbanye ihe unsigned IID PUF wrapping AES mgbọrọgwụ isi akwụkwọ na Programming File Generator na-eji arụmụka ndị a:

quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert

3. Ị bịanyere aka n'akwụkwọ na-edeghị akwụkwọ na ngwaọrụ gị aka ma ọ bụ ngwá ọrụ quartus_sign site na iji iwu ndị a:

quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert sign_aes.ccert

4. Ị wee jiri programmer zipu akwụkwọ AES bịanyere aka na ya wee weghachi igodo ọbọp (.wkey) file:

quarts_pgm -c 1 -mjtag -cert_file=signed_aes.ccert -o "ei;aes.wkey;AGFB014R24A"

Mara: Arụ ọrụ i adịghị mkpa ma ọ bụrụ na i bugoro ihe onyonyo inyeaka ngwa ngwa, maka example, idebanye aha PUF.

4.9.2.3. Data onye inyeaka mmemme na igodo kechie na ebe nchekwa Flash QSPI
Ị na-eji Quartus Programming File Ihe ngosi eserese Generator iji wuo onyonyo flash QSPI izizi nwere akụkụ PUF. Ị ga-emepụta na hazie ihe oyiyi mmemme flash dum iji tinye akụkụ PUF na flash QSPI. Ịmepụta PUF

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 36

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Onyonyo 9.

nkebi data na ojiji nke data enyemaka PUF na igodo ọbọp fileA naghị akwado s maka ọgbọ onyonyo flash site na mmemme File Generator iwu akara interface.
Usoro ndị a na-egosi iji data enyemaka PUF na igodo ọbọp wulite onyonyo mmemme ọkụ:
1. Na File menu, pịa Programming File Generator. Na mmepụta Files tab mee nhọrọ ndị a:
a. Maka Ezinụlọ Ngwaọrụ họrọ Agilex 7.
b. Maka ọnọdụ nhazi, họrọ Serial x4 na-arụ ọrụ.
c. Maka ndekọ mmepụta chọgharịa na mmepụta gị file ndekọ. Nke a example na-eji mmepụta_files.
d. Maka Aha, ezipụta aha maka mmemme file a ga-emepụta. Nke a example na-eji mmepụta_file.
e. N'okpuru nkọwa họrọ mmemme files iji mepụta. Nke a example na-emepụta JTAG Nhazi na-apụtaghị ìhè File (.jic) maka nhazi ngwaọrụ na ọnụọgụ abụọ Raw File nke Programming Helper Image (.rbf) maka onyonyo inyeaka ngwaọrụ. Nke a example na-ahọpụtakwa Map ebe nchekwa nhọrọ File (.map) na Data Mmemme Raw File (.rpd). Data mmemme nke raw file dị mkpa naanị ma ọ bụrụ na ị na-eme atụmatụ iji mmemme mmemme nke atọ n'ọdịnihu.
Mmemme File Generator - mmepụta Files Tab – Họrọ JTAG Nhazi na-apụtaghị ìhè

Ụdị nhazi ezinụlọ ngwaọrụ
Mpụta file tab
Ndekọ mmepụta
JTAG Indirect (.jic) Map ebe nchekwa File Ihe enyemaka mmemme data mmemme Raw
Na ntinye Files tab, mee nhọrọ ndị a: 1. Pịa Tinye Bitstream wee chọgharịa na .sof gị. 2. Họrọ .sof gị file wee pịa Properties.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 37

4. Ngwaọrụ na-enye 683823 | 2023.05.23
a. Gbanwuo Gbanye ngwa nbinye aka. b. Maka igodo onwe file họrọ .pem gị file. c. Gbanwuo mechaa izo ya ezo. d. Maka igodo nzuzo file họrọ .qk gị file. e. Pịa OK ka ịlaghachi na mpio bu ụzọ. 3. Ezipụta data enyemaka PUF gị file, pịa Tinye Raw Data. Gbanwee Files nke ụdị ndọda menu gaa na Quartus Physical Unclonable Function File (* .puf). Chọgharịa na .puf gị file. Ọ bụrụ na ị na-eji ma IID PUF na UDS IID PUF, megharịa nzọụkwụ a ka .puf files maka PUF ọ bụla ka agbakwunyere dị ka ntinye files. 4. Ezipụta igodo AES gị ọbọp file, pịa Tinye Raw Data. Gbanwee Files nke ụdị ndọda menu ka Quartus Wrapped Key File (*.wkey). Chọgharịa na .wkey gị file. Ọ bụrụ na i jiri ma IID PUF na UDS IID PUF kechie igodo AES, megharịa usoro a ka .wkey. files maka PUF ọ bụla ka agbakwunyere dị ka ntinye files.
Ọgụgụ 10. Ezipụta ntinye Files maka Nhazi, Nyocha na ezoro ezo

Tinye Bitstream Tinye Data Raw
Njirimara
Igodo nkeonwe file
Mechaa igodo nzuzo nzuzo
Na taabụ nhazi ngwaọrụ, mee nhọrọ ndị a: 1. Pịa Tinye Ngwaọrụ wee họrọ ngwaọrụ flash gị na listi flash dịnụ.
ngwaọrụ. 2. Họrọ ngwaọrụ nhazi nke ị gbakwunyere wee pịa Tinye nkebi. 3. Na Dezie nkebi dialog igbe maka ntinye file wee họrọ .sof gị site na
ndepụta ndọpụta. Ị nwere ike idowe ndabara ma ọ bụ dezie paramita ndị ọzọ na igbe okwu Dezie nkebi.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 38

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23
Ọgụgụ 11. Ịkọwapụta nkebi .sof nhazi Bitstream nkebi gị

Ngwaọrụ nhazi
Dezie nkebi Tinye .sof file

Tinye Nkebi

4. Mgbe ị gbakwunye .puf na .wkey dị ka ntinye files, Mmemme File Generator na-emepụta nkebi PUF na-akpaghị aka na ngwaọrụ nhazi gị. Ka ịchekwaa .puf na .wkey na nkebi PUF, họrọ nkebi PUF wee pịa Dezie. Na igbe okwu Dezie nkebi, họrọ .puf na .wkey gị files site na listi ndọpụta. Ọ bụrụ na i wepụ akụkụ PUF, ị ga-ewepụrịrị ma tinyegharịa ngwaọrụ nhazi maka Mmemme File Generator ka imepụta akụkụ PUF ọzọ. Ị ga-ahụrịrị na ị họrọ nke ziri ezi .puf na .wkey file maka IID PUF na UDS IID PUF, n'otu n'otu.
Ọgụgụ 12. Tinye .puf na .wkey files gaa na PUF Partition

Nkebi nke PUF

Dezie

Dezie nkebi

Ihe nkwụnye ọkụ

Họrọ Mepụta

5. N'ihi na Flash Loader paramita họrọ Intel Agilex 7 ngwaọrụ ezinụlọ na ngwaọrụ aha na dakọtara gị Intel Agilex 7 OPN.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 39

4. Ngwaọrụ na-enye 683823 | 2023.05.23
6. Pịa n'ịwa ka n'ịwa mmepụta filenke ị kọwapụtara na mmepụta Files taabụ.
7. The Programming File Generator na-agụ .qk gị file ma na-akpali gị maka paswọọdụ gị. Pịnye passphrase gị na nzaghachi nye ngwa ngwa Tinye QEK passphrase. Pịa igodo Tinye.
8. Pịa OK mgbe mmemme File Generator na-akọ ọgbọ na-aga nke ọma.
Ị na-eji Intel Quartus Prime Programmer dee onyonyo mmemme QSPI na ebe nchekwa QSPI. 1. Na Intel Quartus Prime Tools menu họrọ Programmer. 2. Na Programmer, pịa Hardware Setup wee họrọ Intel ejikọrọ
Igwe nbudata FPGA. 3. Pịa Tinye File wee chọgharịa na .jic gị file.
Ọgụgụ 13. Mmemme .jic

Mmemme file

Mmemme/Hazie

JTAG nyocha yinye
4. Mepee igbe ejikọtara na onyonyo onye inyeaka. 5. Họrọ Mmemme/Hazie maka mmepụta .jic file. 6. Gbanwuo bọtịnụ Malite ka ịmepụta ebe nchekwa quad SPI gị. 7. Ike okirikiri gị osisi. Emebere ya na ebe nchekwa quad SPI flash
Ngwa wee banye n'ime FPGA ebumnuche.
Ị ga-emepụta na hazie ihe oyiyi mmemme flash dum iji tinye akụkụ PUF na flash quad SPI.
Mgbe akụkụ PUF adịlarị na flash, ọ ga-ekwe omume iji Intel Quartus Prime Programmer nweta data enyemaka PUF ozugbo yana igodo kechie. files. Maka exampYabụ, ọ bụrụ na ịgbalite emebeghị nke ọma, ọ ga-ekwe omume ịdebanye aha PUF ọzọ, kechie igodo AES, wee mechaa naanị PUF. files na-enweghị idegharị flash dum.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 40

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23
Onye mmemme Intel Quartus Prime na-akwado arụmụka ọrụ maka PUF files na nkebi PUF dị adịbu:
· p: mmemme
v: nyochaa
· r: kpochapu
b: nlele efu
Ị ga-esorịrị otu mmachi maka ndebanye aha PUF, ọ bụrụgodị na nkebi PUF dị.
1. Jiri arụmụka i arụ ọrụ iji buo ihe enyemaka enyemaka ngwa ngwa maka ọrụ mbụ. Maka example, usoro iwu na-esote na-edebanye aha PUF ọzọ, kechie igodo mgbọrọgwụ AES, hichapụ data enyemaka PUF ochie na igodo ọbọp, wee mee mmemme ma nyochaa data enyemaka PUF ọhụrụ na igodo mgbọrọgwụ AES.
quartus_pgm -c 1 -mjtag -o "ei; new.puf;AGFB014R24A" quartus_pgm -c 1 -mjtag -cert_file= signed_aes.ccert -o "e; new.wkey; AGFB014R24A" quartus_pgm -c 1 -mjtag -o "r; ochie.puf" quartus_pgm -c 1 -mjtag -o "r; ochie.wkey" quartus_pgm -c 1 -mjtag -o “p;new.puf” quartus_pgm -c 1 -mjtag -o “p;new.wkey” quartus_pgm -c 1 -mjtag -o “v;new.puf” quartus_pgm -c 1 -mjtag -o "v; new.wkey"
4.9.2.4. Na-ajụ NJ Intrinsic PUF Ọnọdụ ịgbalite
Mgbe ị debanyere aha Intrinsic ID PUF, kechie igodo AES, mepụta mmemme flash files, ma melite quad SPI flash, ị na-agbanye ngwaọrụ gị ka ọ kpalite ọrụ PUF na nhazi site na bitstream ezoro ezo. SDM na-akọ ọkwa nkwalite PUF yana ọkwa nhazi. Ọ bụrụ na ịgbalite PUF ada, SDM kama na-akọ ọkwa njehie PUF. Jiri quartus_pgm iwu iji jụọ ọkwa nhazi.
1. Jiri iwu na-esonụ iji jụọ ọkwa mmalite:
quartus_pgm -c 1 -mjtag -status –status_type=”CONFIG”
Nke a bụ sampwepụta site na ịgbalite nke ọma:
Ozi (21597): Azịza nke CONFIG_STATUS Ngwaọrụ na-agba ọsọ na ọnọdụ onye ọrụ 00006000 RESPONSE_CODE=OK, Ogologo = 6 00000000 STATE=IDLE 00160300 Ụdị C000007B MSEL=QSPI_NORMG1, nSTACONUS=QSPI_NORMAL1, nSTACONUS=1,NSTACONSE_CODE.
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Ebe mperi 00000000Nkọwa mperi, Nzaghachi nke PUF_STATUS00002000SE2 00000500 USER_IID Ọnọdụ=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 41

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Ọ bụrụ na ị na-eji naanị IID PUF ma ọ bụ UDS IID PUF, ma i mebebeghị data enyemaka .puf file maka PUF ọ bụla na Flash QSPI, PUF anaghị arụ ọrụ yana ọkwa PUF gosipụtara na data enyemaka PUF adịghị mma. Ndị na-esonụ example na-egosi ọkwa PUF mgbe emebere data enyemaka PUF maka PUF:
Azịza nke PUF_STATUS 00002000 RESPONSE_CODE=OK, Ogologo = 2 00000002 USER_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0

4.9.2.5. Ebe PUF dị na ebe nchekwa Flash
Ọnọdụ nke PUF file dị iche iche maka atụmatụ na-akwado RSU na atụmatụ ndị na-adịghị akwado atụmatụ RSU.

Maka atụmatụ na-akwadoghị RSU, ị ga-etinyerịrị .puf na .wkey files mgbe ị mepụtara foto flash emelitere. Maka atụmatụ na-akwado RSU, SDM anaghị edegharị akụkụ data PUF n'oge mmelite onyonyo ma ọ bụ ngwa.

Tebụl 2.

Nhazi akụkụ nke Flash na-enweghị nkwado RSU

Mwepu Flash (na bytes)

Nha (na bytes)

ọdịnaya

Nkọwa

0K 256K

256K 256K

Firmware njikwa nhazi njikwa ngwa ngwa njikwa njikwa

Firmware na-arụ ọrụ na SDM.

512K

256K

Firmware njikwa nhazi

768K

256K

Firmware njikwa nhazi

32K

0.PUF data

Nhazi data maka ịchekwa data enyemaka PUF yana PUF kpuchie isi igodo mgbọrọgwụ AES 0

1M+32K

32K

1.PUF data

Nhazi data maka ịchekwa data enyemaka PUF yana PUF kpuchie isi igodo mgbọrọgwụ AES 1

Tebụl 3.

Nhazi nke akụkụ nke Flash nwere nkwado RSU

Mwepu Flash (na bytes)

Nha (na bytes)

ọdịnaya

Nkọwa

0K 512K

512K 512K

Firmware mkpebi mkpebi firmware

Firmware iji chọpụta ma buo onyonyo kachasị mkpa.

1M 1.5M

512K 512K

Firmware mkpebi mkpebi firmware

8K + 24K

Mkpebi firmware data

Mkpuchi

Edobere maka iji firmware mkpebi.

2M + 32K

32K

Echekwara maka SDM

Echekwara maka SDM.

2M + 64K

Na-agbanwe agbanwe

Onyonyo ụlọ ọrụ

Onyonyo dị mfe ị na-emepụta dị ka ndabere ma ọ bụrụ na ihe oyiyi ngwa ndị ọzọ anaghị ebu. Ihe onyonyo a gụnyere CMF nke na-agba na SDM.

Osote

32K

0.PUF data

Nhazi data maka ịchekwa data enyemaka PUF yana PUF kpuchie isi igodo mgbọrọgwụ AES 0
gara n'ihu…

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 42

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Mwepu Flash (na bytes)

Nha (na bytes)

Na-esote +32K 32K

Ọdịnaya PUF data oyiri 1

Na-esote + 256K 4K Na-esote +32K 4K Na-esote +32K 4K

Mpempe akwụkwọ nkebi nkebi 0 Mpempe akwụkwọ nkebi nkebi 1 CMF pointer ngọngọ oyiri 0

Na-esote +32K _

Mpempe akwụkwọ mgbochi CMF 1

Mgbanwe mgbanwe

Foto ngwa 1 Foto ngwa 2

4.9.3. Enyemaka igodo ojii

Nkọwa
Nhazi data maka ịchekwa data enyemaka PUF yana PUF kpuchie isi igodo mgbọrọgwụ AES 1
Nhazi data iji kwado njikwa nke nchekwa flash.
Ndepụta ntụnye aka na onyonyo ngwa n'usoro dị mkpa. Mgbe ị gbakwunyere onyonyo, onyonyo ahụ ga-abụ nke kachasị elu.
Nkomi nke abụọ nke ndepụta ntụnye aka na onyonyo ngwa.
Onyonyo ngwa mbụ gị.
Onyonyo ngwa nke abụọ gị.

Mara:

TheIntel Quartus PrimeProgrammer na-enyere aka n'ịmepụta njikọ echekwara echekwabara n'etiti ngwaọrụ Intel Agilex 7 yana ọrụ inye igodo ojii. Ewubere njikọ echekwara site na https ma chọọ ọtụtụ asambodo ejiri ederede mara file.
Mgbe ị na-eji Black Key Provisioning, Intel na-atụ aro ka ị zere ijikọ pin TCK na mpụga iji dọpụta ma ọ bụ wetuo resistor ka ị na-eji ya maka J.TAG. Agbanyeghị, ịnwere ike jikọọ pin TCK na ọkụ VCCIO SDM site na iji resistor 10k. Ntuziaka dị na Ntuziaka Njikọ Njikọ iji jikọọ TCK na 1 k resistor na-agbadata gụnyere maka nkwụsị mkpọtụ. Mgbanwe na ntụzịaka gaa na resistor 10k anaghị emetụta ngwaọrụ ahụ n'ọrụ. Maka ozi ndị ọzọ gbasara ijikọ pin TCK, rụtụ aka na Ntuziaka Njikọ Njikọ Intel Agilex 7.
Thebkp_tls_ca_certcertificate na-enyocha ọrụ ntinye igodo ojii gị na ihe mmemme inye igodo ojii gị. Asambodo Thebkp_tls_* na-akwado ihe mmemme inye igodo ojii gị na ọrụ inye igodo ojii gị.
Ị mepụtara ederede file nwere ozi dị mkpa maka Intel Quartus Prime Programmer jikọọ na ọrụ inye igodo ojii. Iji malite inye igodo ojii, jiri interface ahịrị iwu Programmer kọwaa ederede nhọrọ ntinye igodo ojii file. Ndokwa igodo ojii na-aga n'ihu na-akpaghị aka. Maka ịnweta ọrụ ịnye igodo ojii yana akwụkwọ metụtara, biko kpọtụrụ Nkwado Intel.
Ị nwere ike mee ka ntinye igodo ojii jiri thequartus_pgmcommand:
quartus_pgm -c -m – ngwaọrụ –bkp_options=bkp_options.txt
Arụmụka iwu ezipụta ozi ndị a:

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 43

4. Ngwaọrụ na-enye 683823 | 2023.05.23

· -c: nọmba eriri · -m: ezipụta usoro mmemme dịka JTAG · –ngwaọrụ: ezipụta ndepụta ngwaọrụ na JTAG yinye. Uru ndabara bụ 1. · –bkp_options: ezipụta ederede file nwere nhọrọ inye igodo ojii.
Ozi metụtara Intel Agilex 7 Ntuziaka njikọ njikọ ezinaụlọ

4.9.3.1. Nhọrọ inye igodo ojii
Nhọrọ inye igodo ojii bụ ederede file gafere na Programmer site na quartus_pgm iwu. Nke file nwere ozi achọrọ iji kpalite ntinye igodo ojii.
Ihe na-esonụ bụ example nke bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = mgbọrọgwụ.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pem bkp_tls_prog_1234 192.167.5.5:5000 bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password

Tebụl 4.

Nhọrọ inye igodo ojii
Tebụl a na-egosiputa nhọrọ achọrọ iji kpalite ntinye igodo ojii.

Aha nhọrọ

Ụdị

Nkọwa

bkp_ip

Achọrọ

Ezipụta adreesị IP ihe nkesa na-arụ ọrụ inye igodo ojii.

bkp_port

Achọrọ

Na-akọwapụta ọdụ ụgbọ ọrụ ntinye igodo ojii achọrọ iji jikọọ na sava ahụ.

bkp_cfg_id

Achọrọ

Na-achọpụta NJ nhazi nhazi nke igodo ojii.
Ọrụ inye igodo ojii na-emepụta nhazi nhazi igodo ojii gụnyere igodo mgbọrọgwụ AES, ntọala eFuse chọrọ, yana nhọrọ inye ikike igodo ojii ndị ọzọ. Nọmba ekenyere n'oge nhazi ọrụ ịnye igodo ojii na-achọpụta nhazi nhazi igodo ojii.
Mara: Otutu ngwaọrụ nwere ike na-ezo aka n'otu usoro ntinye ọrụ igodo ojii.

bkp_tls_ca_cert

Achọrọ

Asambodo TLS mgbọrọgwụ ejiri iji chọpụta ọrụ ntinye igodo ojii na Intel Quartus Prime Programmer (Programmer). Ndị ikike asambodo ntụkwasị obi maka ọrụ inye igodo ojii nyere asambodo a.
Ọ bụrụ na ị na-eji Microsoft® Windows® sistemụ arụmọrụ (Windows) na-agba ihe mmemme na kọmputa, ị ga-etinyerịrị asambodo a na ụlọ ahịa asambodo Windows.

bkp_tls_prog_cert

Achọrọ

Asambodo emepụtara maka ihe atụ nke onye mmemme mmemme igodo ojii (BKP Programmer). Nke a bụ asambodo ndị ahịa https ejiri chọpụta ihe atụ mmemme BKP a
gara n'ihu…

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 44

Zipu nzaghachi

4. Ngwaọrụ na-enye 683823 | 2023.05.23

Aha nhọrọ

Ụdị

bkp_tls_prog_key

Achọrọ

bkp_tls_prog_key_pass Nhọrọ

bkp_proxy_address bkp_proxy_user bkp_proxy_password

Nhọrọ nhọrọ nhọrọ

Nkọwa
gaa na ọrụ ịnye igodo ojii. Ị ga-etinyerịrị ma nye ikike nke akwụkwọ a na ọrụ inye igodo ojii tupu ịmalite nnọkọ ntinye igodo ojii. Ọ bụrụ na ị na-agba programmer na Windows, nhọrọ a adịghị. N'okwu a, bkp_tls_prog_key etinyelarị asambodo a.
Igodo nzuzo dabara na asambodo BKP Programmer. Igodo ahụ na-akwado njirimara nke ihe atụ mmemme BKP na ọrụ inye igodo ojii. Ọ bụrụ na ị na-agba programmer na Windows, .pfx file na-ejikọta akwụkwọ bkp_tls_prog_cert na igodo nzuzo. Nhọrọ bkp_tlx_prog_key na-agafe .pfx file na bkp_options.txt file.
Okwuntughe maka igodo nzuzo bkp_tls_prog_key. Achọghị na nhọrọ nhazi igodo ojii (bkp_options.txt) ederede file.
Na-akọwapụta ihe nkesa proxy URL adreesị.
Na-akọwapụta aha njirimara ihe nkesa proxy.
Na-akọwapụta paswọọdụ nyocha proxy.

4.10. Ịtụgharị igodo mgbọrọgwụ nke onye nwe, AES Root Key Asambodo, na Fuse files na Jam STAPL File Ụdị

Ị nwere ike iji quartus_pfg iwu-ahịrị iji tọghata .qky, AES mgbọrọgwụ igodo .ccert, na .fuse files na usoro Jam STAPL File (.jam) na Usoro Koodu Jam Byte File (.jbc). Ị nwere ike iji ndị a files iji hazie Intel FPGA site na iji Jam STAPL Player na Jam STAPL Byte-Code Player, n'otu n'otu.

Otu .jam ma ọ bụ .jbc nwere ọtụtụ ọrụ gụnyere nhazi ihe onyonyo na mmemme firmware, nlele oghere, yana nkwenye nke igodo na mmemme fuse.

Ịkpachara anya:

Mgbe ị tụgharịrị igodo mgbọrọgwụ AES .cert file ka .jam usoro, na .jam file nwere igodo AES n'edemede doro anya mana nke emechiri emechi. N'ihi ya, ị ga-echeberịrị .jam file mgbe ị na-echekwa igodo AES. Ị nwere ike ime nke a site na ịnye igodo AES na gburugburu ebe nchekwa.

Ndị a bụ examples nke quartus_pfg iwu mgbanwe:

quartus_pfg -c -o helper_device=AGFB014R24A "root0.qky;root1.qky;root2.qky"RootKey.jam quartus_pfg -c -o helper_device=AGFB014R24A "root0.qqky;root1.qqky;kyproot2.Keyproot014.Kbcky;root24. c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_device = AGFB014 ntọala ntọala AGFB24 er_device=Ntọala AGFBXNUMXRXNUMXA. ntọala fuse_fuse.jbc

Maka ozi ọzọ gbasara iji Jam STAPL Player maka mmemme ngwaọrụ rụtụ aka AN 425: Iji Command-Line Jam STAPL Solution for Device Programming.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 45

4. Ngwaọrụ na-enye 683823 | 2023.05.23
Gbaa iwu ndị a ka ịhazi igodo ọha nke onye nwe ya na igodo nzuzo AES:
// Ka ibunye bitstream enyemaka n'ime FPGA. // Ihe inyeaka bitstream gụnyere ndokwa firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//Imebere onye nwe mgbọrọgwụ igodo ọha n'ime mebere eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//Imebere onye nwe mgbọrọgwụ igodo ọha ka ọ bụrụ eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//Imebere onye nwe PR mgbọrọgwụ igodo ọha n'ime mebere eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
// Iji hazie igodo ọha onye nwe PR ka ọ bụrụ eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//Imebere igodo nzuzo AES CCERT n'ime BBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//Imebere igodo nzuzo AES CCERT n'ime eFuses quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Ozi metụtara AN 425: Iji Command-Line Jam STAPL Solution maka Mmemme Ngwaọrụ

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 46

Zipu nzaghachi

683823 | 2023.05.23 zipu nzaghachi

Atụmatụ dị elu

5.1. Ikike mwepu nke ọma
Iji mee ka Ikikere Debug Secure, onye nwe nbibi kwesịrị iwepụta ụzọ igodo nyocha wee jiri Intel Quartus Prime Pro Programmer wepụta ozi ngwaọrụ. file maka ngwaọrụ na-eme ihe nbibi:
quartus_pgm -c 1 -mjtag -o "ei; ngwaọrụ_info.txt; AGFB014R24A" -dev_info
Onye nwe ngwaọrụ na-eji ngwa quartus_sign ma ọ bụ mmejuputa ntụaka iji tinye ntinye igodo ọhaneze keonodu n'agbụ mbinye aka ezubere maka ịrụ ọrụ ndozi site na iji igodo ọha sitere n'aka onye nwe debug, ikike ndị dị mkpa, ederede ozi ngwaọrụ. file, na ọdabara mmachi ndị ọzọ:
quartus_sign –family=agilex –operation=append_key –previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky –permission=0x6 –cancel=1 –dev_info=ngwaọrụ_info.txt –restriction=1,2,17,18,inpu debug_authorization_public_key.pem secure_debug_auth_chain.qky
Onye nwe ngwaọrụ ahụ na-ezigara onye nwe ya yinye mbinye aka zuru ezu, onye na-eji yinye mbinye aka na igodo nzuzo ha ka ọ bịanye aka na onyonyo ndozi:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
Ị nwere ike iji iwu quartus_pfg nyochaa ụdọ mbinye aka nke ngalaba nke ọ bụla nke bitstream debug debug a kwadoro dị ka ndị a:
quartus_pfg -check_integrity authorized_debug_design.rbf
Nsonaazụ nke iwu a na-ebipụta ụkpụrụ mmachi 1,2,17,18 nke igodo ọhaneze nwere ọnọdụ nke ejiri mepụta bitstream bịanyere aka na ya.
Onye nwe nbibi ahụ nwere ike hazie nhazi nbibi anabatara nke ọma:
quartus_pgm -c 1 -mjtag -o "p;authorized_debug_design.rbf"
Onye nwe ngwaọrụ nwere ike ịkagbu ikike nbibi echekwabara site na ịkagbu NJ kagbuo igodo doro anya ekenyere n'agbụ mbinye aka nbibi echekwara.
5.2. Asambodo mwepu HPS
Na-enyere naanị ikike ịnweta ọdụ ụgbọ mmiri debug Access HPS (DAP) site na JTAG interface chọrọ ọtụtụ usoro:

ISO 9001: 2015 edebanye aha

5. Atụmatụ dị elu 683823 | 2023.05.23
1. Pịa Intel Quartus Prime software Ọrụ menu wee họrọ Ngwaọrụ Ngwaọrụ na Pin Nhọrọ taabụ nhazi.
2. Na nhazi taabụ, mee ka HPS debug nweta ọdụ ụgbọ mmiri (DAP) site na-ahọpụta ma HPS Pin ma ọ bụ SDM Pin si dropdown menu, na n'ịhụ na Kwe ka HPS debug na-enweghị asambodo igbe na-adịghị ahọrọ.
Ọgụgụ 14. Ezipụta ma HPS ma ọ bụ SDM Pin maka HPS DAP

HPS debug access port (DAP)
N'aka nke ọzọ, ịnwere ike ịtọ ọrụ dị n'okpuru na Quartus Prime Settings .qsf file:
set_global_assignment - aha HPS_DAP_SPLIT_MODE "SDM PINS"
3. Chịkọta ma buo nhazi ahụ na ntọala ndị a. 4. Mepụta yinye mbinye aka nwere ikike kwesịrị ekwesị iji bịanye aka na nbibi HPS
akwụkwọ:
quartus_sign –family=agilex –operation=append_key –previous_pem=root_private.pem –previous_qky=root.qky –permission=0x8 –cancel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_chaint.
5. Rịọ akwụkwọ nbibi HPS na-edeghị akwụkwọ site na ngwaọrụ ebe a na-ebufe ihe nbibi:
quartus_pgm -c 1 -mjtag -o “e;unsigned_hps_debug.cert;AGFB014R24A”
6. Jiri quartus_sign ngwá ọrụ ma ọ bụ ntụnye ntinye aka na yinye mbinye aka debug debug bịanye aka na asambodo HPS enweghị mbinye aka:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert sign_hps_debug.cert

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 48

Zipu nzaghachi

5. Atụmatụ dị elu 683823 | 2023.05.23
7. Ziga akwụkwọ ndebug HPS bịanyere aka na ya azụ na ngwaọrụ ahụ iji mee ka ịnweta ọdụ ụgbọ mmiri nbibi HPS (DAP):
quartus_pgm -c 1 -mjtag -o "p; signed_hps_debug.cert"
Asambodo ndozi HPS na-arụ ọrụ naanị site na oge ewepụtara ya ruo mgbe okirikiri ike ngwaọrụ na-esote ma ọ bụ ruo mgbe ebugoro ụdị ma ọ bụ ụdị SDM dị iche. Ị ga-emepụta, bịanye aka na ya, na hazie akwụkwọ ndebiri HPS bịanyere aka na ya, ma rụọ ọrụ nbipu niile, tupu ịgbanye ngwaọrụ ahụ ike. Ị nwere ike mebie akwụkwọ nbibi HPS bịanyere aka na ya site na ịnya igwe ike.
5.3. Ngosipụta Platform
Ị nwere ike iwepụta akwụkwọ ikike iguzosi ike n'ezi ihe (.rim) file iji mmemme file ngwá ọrụ generator:
quartus_pfg -c sign_encrypted_top.rbf top_rim.rim
Soro usoro ndị a iji hụ na ngosipụta ikpo okwu dị na imewe gị: 1. Jiri Intel Quartus Prime Pro Programmer hazie ngwaọrụ gị na ngwa
chepụta ị mepụtara akwụkwọ ikike iguzosi ike n'ezi ihe maka. 2. Jiri ihe nrịba ama n'elu ikpo okwu ka ịdebanye aha ngwaọrụ site n'inye iwu na
SDM site na igbe ozi SDM iji mepụta asambodo NJ ngwaọrụ yana asambodo firmware na mbugharị. 3. Jiri Intel Quartus Prime Pro Programmer ka reconfigure ngwaọrụ gị na imewe. 4. Jiri nkwenye nkwenye ikpo okwu nye SDM iwu iji nweta NJ ngwaọrụ akaebe, ngwa ngwa, na asambodo utu aha. 5. Jiri nkwenye nkwenye nye iwu igbe ozi SDM iji nweta ihe akaebe na onye nyocha na-enyocha ihe akaebe eweghachiri.
Ị nwere ike mejuputa ọrụ nkwenye gị site na iji iwu igbe ozi SDM, ma ọ bụ jiri ọrụ nkwenye nkwenye ikpo okwu Intel. Maka ozi ndị ọzọ gbasara sọftụwia ọrụ nkwenye n'elu ikpo okwu Intel, nnweta, na akwụkwọ, kpọtụrụ Nkwado Intel.
Ozi metụtara Intel Agilex 7 Ntuziaka njikọ njikọ ezinaụlọ
5.4. Mgbochi anụ ahụamper
Ị na-enyere mgbochi anụ ahụamper atụmatụ site na iji usoro ndị a: 1. Ịhọrọ nzaghachi achọrọ na achọpụtara tamper omume 2. Ịhazi ihe achọrọ tamper ụzọ nchọpụta na parameters 3. Gụnyere mgbochi tamper IP na echiche imewe gị iji nyere aka jikwaa mgbochi tamper
ihe omume

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 49

5. Atụmatụ dị elu 683823 | 2023.05.23
5.4.1. Mgbochi-Tamper Azịza
Ị na-enyere mgbochi anụ ahụamper site na ịhọrọ nzaghachi site na Anti-tampNzaghachi: ndetu mwepu na Ngwaọrụ Ngwaọrụ na Pin Nhọrọ Nchekwa Anti-Tampnke tab. Site na ndabara, mgbochi tampem nzaghachi agbanyụrụ. Nkeji ise nke mgbochi tamper nzaghachi dị. Mgbe ịhọrọ nzaghachi ịchọrọ, a na-enyere nhọrọ iji mee ka otu ụzọ nchọpụta ma ọ bụ karịa aka.
Ọgụgụ 15. Mgbochi-T dịampNhọrọ azịza

Ihe omume kwekọrọ na ntọala Quartus Prime .gsf file bụ ihe a:
set_global_assignment -aha ANTI_TAMPER_RESONSE "ngwaọrụ ngosi na-ehichapụ mkpọchi na ZEROIZATION"
Mgbe ị na-eme ka ihe mgbochi tampNzaghachi, ị nwere ike họrọ abụọ SDM raara onwe ya nye ntụtụ I/O iji wepụta tamper nchọpụta mmemme na ọkwa nzaghachi site na iji Ngwaọrụ Ngwaọrụ na Pin Nhọrọ nhazi nhazi nhazi mpio nhọrọ.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 50

Zipu nzaghachi

5. Atụmatụ dị elu 683823 | 2023.05.23
Ọgụgụ 16. Dị SDM raara onwe ya nye I/O Pin maka Tamper Nchọpụta ihe omume

Ị nwekwara ike ịme ọrụ ntụtụ ndị a na ntọala file: set_global_assignment -aha USE_TAMPER_DETECT SDM_IO15 set_global_assignment -aha ANTI_TAMPER_RESPONSE_FAILED SDM_IO16

5.4.2. Mgbochi-Tamper Nchọpụta

Ị nwere ike ime ka ugboro, okpomọkụ na voltage njirimara njirimara nke SDM. Nchọpụta FPGA dabere na gụnyere Anti-Tamper Lite Intel FPGA IP n'ime imewe gị.

Mara:

Ugboro SDM na voltagetampỤzọ nchọpụta er dabere na nrụtụ aka dị n'ime yana ngwaike nha nwere ike ịdị iche n'ofe ngwaọrụ. Intel na-atụ aro ka ị mara omume nke tampntọala nchọpụta er.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 51

5. Atụmatụ dị elu 683823 | 2023.05.23
Ugboro tampnchọpụta er na-arụ ọrụ na isi mmalite elekere nhazi. Iji mee ka ugboro tampNchọpụta ya, ị ga-ezipụta nhọrọ na-abụghị Oscillator nke ime n'ime ntọala elekere nhazi nhazi na taabụ Ngwaọrụ Ngwaọrụ na Pin Nhọrọ Ozuruọnụ. Ị ga-ahụrịrị na agbanyere Run nhazi CPU si esịtidem oscillator checkbox tupu enyere ugboro tamper nchọpụta. Ọgụgụ 17. Ịtọlite SDM ka ọ bụrụ Oscillator nke ime
Iji mee ka ugboro tampNchọpụta, họrọ Kwado ugboro tampigbe nchọta nchọpụta wee họrọ ugboro achọrọ tampnso nso a chọpụtara site na menu ndọpụta. Ọgụgụ 18. Na-enyere Frequency Tamper Nchọpụta

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 52

Zipu nzaghachi

5. Atụmatụ dị elu 683823 | 2023.05.23
N'aka nke ọzọ, ị nwere ike mee ka Frequency Tamper Nchọpụta site na ime mgbanwe ndị a na Quartus Prime Settings .qsf file:
set_global_assignment -aha AUTO_RESTART_CONFIGURATION Gbanyụọ set_global_assignment - aha DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ set_global_assignment - aha RUN_CONFIG_CPU_FROM_INT_OSC ON set_FROM_INT_OSC ON set_FROM_INT_NCY ahaAMPER_DETECTION ON set_global_assignment -aha FREQUENCY_TAMPER_DETECTION_RANGE 35
Iji mee ka okpomọkụ tampNchọpụta, họrọ Kwado okpomọkụ tampigbe nyocha wee họrọ oke okpomọkụ nke elu na ala dị n'ime mpaghara kwekọrọ. A na-ejupụta oke nke elu na nke ala site na ndabara yana oke okpomọkụ metụtara maka ngwaọrụ ahọpụtara na nhazi ahụ.
Iji mee ka voltagetampNchọpụta, ị họrọ otu ma ọ bụ abụọ nke Kwado VCCL voltagetampNchọpụta ma ọ bụ Kwado VCCL_SDM voltagetampigbe nchọta nchọpụta wee họrọ Voltagetamper nchọpụta mkpate pasenttage na mpaghara kwekọrọ.
Ọgụgụ 19. Na-enyere Voltage Tamper Nchọpụta

N'aka nke ọzọ, ị nwere ike mee ka Voltage Tamper Nchọpụta site na ịkọwapụta ọrụ ndị a na .qsf file:
set_global_assignment - aha ENABLE_TEMPERATURE_TAMPER_DETECTION ON set_global_assignment - aha TEMPERATURE_TAMPER_UPPER_BOUND 100 set_global_assignment -aha ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION ON set_global_assignment - aha ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION NA
5.4.3. Mgbochi-TampNke a bụ Lite Intel FPGA IP
Ihe mgbochi Tamper Lite Intel FPGA IP, dị na katalọgụ IP dị na sọftụwia Intel Quartus Prime Pro Edition, na-eme ka nkwurịta okwu bidirectional n'etiti imewe gị na SDM maka tampihe omume.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 53

Ọgụgụ 20. Anti-TampNke a bụ Lite Intel FPGA IP

5. Atụmatụ dị elu 683823 | 2023.05.23

IP na-enye akara ndị a ka ị jikọọ na imewe gị dịka achọrọ:

Tebụl 5.

Mgbochi-Tamper Lite Intel FPGA IP akara ngosi I/O

Aha mgbaàmà

Ntuziaka

Nkọwa

gpo_sdm_at_event gpi_fpga_at_event

Ntinye Ntinye

Mgbama SDM na mgbagha FPGA akwa nke SDM achọpụtala naampihe omume. Echiche FPGA nwere ihe dị ka 5ms iji mee nhicha ọ bụla achọrọ wee zaghachi SDM site na gpi_fpga_at_response_done na gpi_fpga_at_zeroization_done. SDM na-aga n'ihu na tamper omume nzaghachi mgbe gpi_fpga_at_response_done kwadoro ma ọ bụ mgbe enwetaghị nzaghachi n'oge a kara aka.
FPGA kwụsịtụrụ SDM nke gị mere mgbochi tamper detection circuitry achọpụtala naamper omume na SDM tampEkwesịrị ịkpalite nzaghachi.

gpi_fpga_at_response_emere

Ntinye

FPGA kwụsịtụrụ na SDM na mgbagha FPGA arụla ihicha achọrọ.

gpi_fpga_at_zeroization_d otu

Ntinye

Mgbama FPGA nye SDM na mgbagha FPGA emechaala zeroization data imewe ọ bụla achọrọ. Ihe mgbaàmà a bụ sampna-edu mgbe gpi_fpga_at_response_done kwadoro.

5.4.3.1. Ozi mwepụta

Nọmba mbipute IP (XYZ) na-agbanwe site n'otu ụdị ngwanrọ gaa na nke ọzọ. Mgbanwe na:
X na-egosi ntughari isi nke IP. Ọ bụrụ na imelite ngwa ngwa Intel Quartus Prime gị, ị ga-emerịrị IP ahụ.
Y na-egosi na IP gụnyere atụmatụ ọhụrụ. Megharịa IP gị ka ịtinye atụmatụ ọhụrụ ndị a.
Z na-egosi na IP gụnyere obere mgbanwe. Megharịa IP gị ka ịtinye mgbanwe ndị a.

Tebụl 6.

Mgbochi-Tamper Lite Intel FPGA IP ozi mwepụta

Ụdị IP

Ihe

Nkọwa 20.1.0

Intel Quartus Prime Version

21.2

Ụbọchị mwepụta

2021.06.21

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 54

Zipu nzaghachi

5. Atụmatụ dị elu 683823 | 2023.05.23
5.5. Iji atụmatụ nchekwa chepụta na nwelite sistemu dịpụrụ adịpụ
Mmelite Sistemụ Remote (RSU) bụ atụmatụ Intel Agilex 7 FPGAs na-enyere aka n'imelite nhazi. files n'ụzọ siri ike. RSU dakọtara na atụmatụ nchekwa imewe dị ka nyocha, ntinye aka firmware, na izo ya ezo dị ka RSU adabereghị na ọdịnaya nhazi nke bitstreams nhazi.
Jiri .sof wulite onyonyo RSU Files
Ọ bụrụ na ị na-echekwa igodo nzuzo na mpaghara gị fileSistemu, ị nwere ike ịmepụta ihe oyiyi RSU nwere atụmatụ nchekwa imewe site na iji .sof dị mfe files dị ka ntinye. Iji mepụta onyonyo RSU na .sof file, ị nwere ike soro ntuziaka dị na ngalaba na-emelite onyonyo Nwelite sistemụ Files Iji mmemme File Generator nke Intel Agilex 7 ntuziaka onye ọrụ nhazi. Maka onye ọ bụla .sof file akọwapụtara na ntinye Files taabụ, pịa bọtịnụ Njirimara… wee kọwapụta ntọala na igodo kwesịrị ekwesị maka ngwaọrụ mbinye aka na nzuzo. Mmemme file ngwá ọrụ generator na-akpaghị aka na-abanye ma na-ezobe ụlọ ọrụ mmepụta ihe na ihe oyiyi ngwa mgbe ị na-emepụta mmemme RSU files.
N'aka nke ọzọ, ọ bụrụ na ị na-echekwa igodo nzuzo na HSM, ị ga-eji ngwa quartus_sign wee jiri .rbf. files. Akụkụ ndị ọzọ nke ngalaba a na-akọwa mgbanwe dị na ntinye iji mepụta ihe oyiyi RSU na .rbf files dị ka ntinye. Ị ga-ezoro ezo wee bịanye aka n'ụdị .rbf files tupu ahọpụta ha ka ntinye files maka foto RSU; Agbanyeghị, ozi buut RSU file Agaghị ezobe ezoro ezo kama ka abịanye aka na ya. Mmemme File Generator anaghị akwado imegharị akụrụngwa nke usoro .rbf files.
Ndị na-esonụ exampiji gosi mgbanwe ndị dị mkpa na iwu dị na ngalaba na-emelite onyonyo Nwelite sistemụ Files Iji mmemme File Generator nke Intel Agilex 7 ntuziaka onye ọrụ nhazi.
Ịmepụta Onyonyo Mbụ RSU Iji .rbf Files: Mgbanwe iwu
Site na imepụta onyonyo izizi RSU Iji .rbf Files ngalaba, gbanwee iwu dị na Nzọụkwụ 1. iji mee ka atụmatụ nchekwa imewe dị ka achọrọ site na iji ntụziaka sitere na ngalaba mbụ nke akwụkwọ a.
Maka examplee, ị ga-ezipụta firmware bịanyere aka na ya file Ọ bụrụ na ị na-eji firmware cosigning, wee jiri Quartus encryption tool iji zoo .rbf ọ bụla. file, na n'ikpeazụ jiri quartus_sign ngwá ọrụ iji banye nke ọ bụla file.
Na nzọụkwụ 2, ọ bụrụ na i meela ka ntinye aka firmware, ị ga-eji nhọrọ ọzọ na ịmepụta buut .rbf site na oyiyi ụlọ ọrụ mmepụta ihe. file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
Mgbe ịmechara ozi buut .rbf file, jiri ngwa quartus_sign banye .rbf file. Agaghị ezobe ozi buut .rbf file.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 55

5. Atụmatụ dị elu 683823 | 2023.05.23
Ịmepụta onyonyo ngwa: Mgbanwe Iwu
Iji wepụta onyonyo ngwa nwere atụmatụ nchekwa imewe, ị ga-agbanwe iwu ahụ na imepụta onyonyo ngwa ka iji .rbf nwere atụmatụ nchekwa agbanyere, gụnyere famụwe ejikọtara aka ma ọ bụrụ na achọrọ ya, kama ịbụ ngwa mbụ .sof. file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Ịmepụta onyonyo mmelite ụlọ ọrụ: Mgbanwe Iwu
Mgbe ịmechara ozi buut .rbf file, ị na-eji ngwá ọrụ quartus_sign bịanye aka na .rbf file. Agaghị ezobe ozi buut .rbf file.
Iji wepụta onyonyo nwelite ụlọ ọrụ RSU, ị na-agbanwe iwu site na imepụta onyonyo mmelite ụlọ ọrụ iji jiri .rbf file nwere atụmatụ nchekwa imewe enyere ma gbakwunye nhọrọ iji gosi ojiji firmware ejiri aka bịanyere aka na ya:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
Ozi metụtara Intel Agilex 7 ntuziaka onye ọrụ nhazi
5.6. Ọrụ Cryptographic SDM
SDM dị na ngwaọrụ Intel Agilex 7 na-enye ọrụ cryptographic nke FPGA ákwà mgbagha ma ọ bụ HPS nwere ike ịrịọ site na nrụnye igbe ozi SDM dị iche iche. Maka ozi ndị ọzọ gbasara iwu igbe akwụkwọ ozi na usoro data maka ọrụ cryptographic SDM niile, rụtụ aka na Mgbakwunye B na Usoro nchekwa maka Intel FPGAs na ntuziaka onye ọrụ ASIC Haziri.
Iji nweta interface igbe ozi SDM gaa na mgbagha FPGA maka ọrụ cryptographic SDM, ị ga-emerịrị ngwa ngwa ngwa ahịa nke Intel FPGA IP n'ime imewe gị.
Koodu nrụtụaka iji nweta interface igbe ozi SDM sitere na HPS gụnyere na koodu ATF na Linux nke Intel nyere.
Ozi metụtara igbe akwụkwọ ozi ndị ahịa Intel FPGA IP ntuziaka onye ọrụ
5.6.1. Akpụkpọ ụkwụ nwere ikike ire ere
Intel na-enye mmejuputa ntụaka maka sọftụwia HPS nke na-eji njirimara akpụkpọ ụkwụ onye na-ere ahịa nyere ikike ịchọpụta ngwa ngwa akpụkpọ ụkwụ HPS site na s mbụ.tage bootloader site na Linux kernel.
Ozi metụtara Intel Agilex 7 SoC Secure Boot Demo Design

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 56

Zipu nzaghachi

5. Atụmatụ dị elu 683823 | 2023.05.23
5.6.2. Ọrụ Ihe Data echekwara
Ị na-eziga iwu ndị a site na igbe ozi SDM iji mee ihe nzuzo na mwepu ihe SDOS. Ị nwere ike iji njirimara SDOS mgbe ịnyechara igodo mgbọrọgwụ SDOS.
Ozi emetụtara Chekwaa nchekwa ihe nchekwa ihe mgbọrọgwụ na ibe 30
5.6.3. Ọrụ mbụ Cryptographic SDM
Ị na-eziga iwu ndị a site na igbe ozi SDM iji malite ọrụ ọrụ mbụ cryptographic SDM. Ụfọdụ ọrụ mbụ nke cryptographic chọrọ ka ebufekwu data gaa na na site na SDM karịa ngwa ngwa igbe ozi nwere ike ịnakwere. N'okwu ndị a, iwu nke usoro na-agbanwe iji nye ndị na-atụ aka na data na ebe nchekwa. Na mgbakwunye, ị ga-agbanwe ngwa ngwa nke igbe ozi igbe ozi Client Intel FPGA IP iji jiri ọrụ mbụ cryptographic SDM sitere na mgbagha akwa FPGA. Ị ga-edozikwa paramita ọrụ Crypto Enable na 1 wee jikọọ interface mmalite AXI ọhụrụ ekpughere na ebe nchekwa dị na nhazi gị.
Ọgụgụ 21. Na-enyere SDM Cryptographic ọrụ na igbe ozi igbe ozi onye ahịa Intel FPGA IP

5.7. Ntọala nchekwa Bitstream (FM/S10)
Nhọrọ nchekwa FPGA Bitstream bụ nchịkọta atumatu na-egbochi njirimara akọwapụtara ma ọ bụ ụdị ọrụ n'ime oge akọwapụtara.
Nhọrọ nchekwa Bitstream nwere ọkọlọtọ ị debere na sọftụwia Intel Quartus Prime Pro Edition. A na-eṅomi ọkọlọtọ ndị a na-akpaghị aka na nhazi bitstreams.
Ị nwere ike ịmanye nhọrọ nchekwa ruo mgbe niile na ngwaọrụ site na iji eFuse ntọala nchekwa kwekọrọ.
Iji jiri ntọala nchekwa ọ bụla na nhazi bitstream ma ọ bụ eFuses ngwaọrụ, ị ga-emerịrị njirimara njirimara.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 57

5. Atụmatụ dị elu 683823 | 2023.05.23
5.7.1. Ịhọrọ na ime nhọrọ nchekwa
Ka ịhọrọ ma mee nhọrọ nchekwa, mee dị ka ndị a: Site na menu ihe omume, họrọ Ngwaọrụ Ngwaọrụ na Pin Nhọrọ Nchekwa Nhọrọ ndị ọzọ… Figure 22. Ịhọrọ na ime nhọrọ nchekwa.

Wee họrọ ụkpụrụ ndị dị na listi ndọpụta maka nhọrọ nchekwa nke ịchọrọ ịme ka egosiri na ex na-esonụ.ampLe:
Ọgụgụ 23. Ịhọrọ ụkpụrụ maka Nhọrọ nchekwa

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 58

Zipu nzaghachi

5. Atụmatụ dị elu 683823 | 2023.05.23
Ndị a bụ mgbanwe kwekọrọ na Quartus Prime .qsf file:
set_global_assignment - aha SECU_OPTION_DISABLE_JTAG "Na ndenye" set_Gabal_Amet -Name Secu_Force_forpy_Gobition_Sopial_Gopial_Gopial_Gopial_Gasal_Sopy n Nchekwa_Gobal_global_Gobil_Gig-Ation_Dobig_Dorg_Gigy_Gigyption_Gin_Gigyption_GEKENTIGHION_GIGHIGHION_GIGHIGENTIGHIOTIGHION_DICE_DICE Ike_encriment_key_in_ifses na set_global_Ame SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -aha SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM NA set_global_assignment -aha SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 59

683823 | 2023.05.23 zipu nzaghachi

Nchọpụta nsogbu

Isiakwụkwọ a na-akọwa njehie nkịtị yana ozi ịdọ aka ná ntị ị nwere ike izute mgbe ị na-agbalị iji atụmatụ nchekwa ngwaọrụ yana usoro iji dozie ha.
6.1. Iji iwu Quartus na mperi gburugburu gburugburu Windows
Error quartus_pgm: Achọghị iwu nkọwa Nkọwa njehie a na-egosipụta mgbe ị na-achọ iji iwu Quartus na NIOS II Shell na gburugburu Windows site na iji WSL. Mkpebi Iwu a na-arụ ọrụ na gburugburu Linux; Maka ndị ọbịa Windows, jiri iwu a: quartus_pgm.exe -h N'otu aka ahụ, tinye otu syntax ahụ na iwu Quartus Prime ndị ọzọ dị ka quartus_pfg, quartus_sign, quartus_encrypt n'etiti iwu ndị ọzọ.

ISO 9001: 2015 edebanye aha

6. Nchọpụta nsogbu 683823 | 2023.05.23

6.2. Ịmepụta ịdọ aka ná ntị igodo nkeonwe

Ịdọ aka ná ntị:

A na-ewere okwuntughe akọwapụtara ka ọ nweghị nchekwa. Intel na-atụ aro ka ejiri opekata mpe mkpụrụedemede 13 mee ihe. A na-atụ aro ka ị gbanwee paswọọdụ site na iji OpenSSL executable.

openssl ec-in -apụ - nke 256

Nkọwa
Ịdọ aka ná ntị a metụtara ike okwuntughe na ngosipụta mgbe ị na-agbalị ịmepụta igodo nzuzo site n'inye iwu ndị a:

quartus_sign –family=agilex –operation=eme_private_pem –curve=secp3841 mgbọrọgwụ.pem

Mkpebi Jiri openssl executable kọwaa paswọọdụ ogologo wee sie ike.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 61

6. Nchọpụta nsogbu 683823 | 2023.05.23
6.3. Ịtinye igodo mbinye aka na mperi Project Quartus
Njehie…File nwere ozi isi mgbọrọgwụ…
Nkọwa
Ka ịgbakwunye igodo mbinye aka .qky file na ọrụ Quartus, ịkwesịrị ịmegharị .sof ahụ file. Mgbe ị gbakwunyere nke a emegharịrị .sof file na ngwaọrụ ahọpụtara site na iji Quartus Programmer, ozi njehie na-egosi na nke a file nwere ozi isi mgbọrọgwụ:
Ịgbakwunye agaghịfile-path-name> na Programmer. Nke file nwere ozi isi mgbọrọgwụ (.qky). Agbanyeghị, Programmer anaghị akwado atụmatụ nbinye aka bitstream. Ị nwere ike iji Programming File Generator iji tọghata ndị file na ọnụọgụ abụọ Raw bịanyere aka na ya file (.rbf) maka nhazi.
Mkpebi
Jiri Quartus Programming file generator iji tọghata nke file n'ime ọnụọgụ abụọ Raw bịanyere aka na ya File .rbf maka nhazi.
Ozi emetụtara Ịbanye nhazi Bitstream Iji quartus_sign Command na ibe 13

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 62

Zipu nzaghachi

6. Nchọpụta nsogbu 683823 | 2023.05.23
6.4. Na-emepụta mmemme Quartus Prime File emechaghị nke ọma
Njehie
Njehie (20353): X nke igodo ọha sitere na QKY adabaghị na igodo nzuzo sitere na PEM file.
Njehie (20352): Edaghị ịbanye na bitstream site na edemede Python agilex_sign.py.
Njehie: Quartus Prime Programming File Generator enweghị ihe ịga nke ọma.
Nkọwa Ọ bụrụ na ị nwaa ịbanye na nhazi bitstream site na iji igodo nzuzo na-ezighi ezi .pem file ma ọ bụ .pem file nke na-adabaghị na .qky agbakwunyere na oru ngo ahụ, na-egosipụta njehie nkịtị nke dị n'elu. Mkpebi Gbaa mbọ hụ na ị na-eji igodo nzuzo ziri ezi .pem ịbanye na bitstream.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 63

6. Nchọpụta nsogbu 683823 | 2023.05.23
6.5. Njehie arụmụka amabeghị
Njehie
Njehie (23028): arụmụka amaghị ama "ûc". Tụtụ aka na-enyemaka maka arụmụka gbasara iwu.
Njehie (213008): eriri nhọrọ mmemme “ûp” bụ iwu na-akwadoghị. Tụtụ aka na-help maka ụdị nhọrọ mmemme iwu.
Nkọwa Ọ bụrụ na idetuo na mado nhọrọ ahịrị iwu site na .pdf file na Windows NIOS II Shell, ị nwere ike izute njehie arụmụka amaghị ama dị ka egosiri n'elu. Mkpebi N'ọnọdụ ndị dị otú ahụ, ịnwere ike iji aka tinye iwu kama mado na klipbọọdụ.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 64

Zipu nzaghachi

6. Nchọpụta nsogbu 683823 | 2023.05.23
6.6. Enwere mgbaghara nhọrọ nzuzo nzuzo Bitstream
Njehie
Enweghị ike mechaa ezoro ezo maka file imewe .sof n'ihi na ejiri nhọrọ nzuzo bitstream chịkọta ya nwere nkwarụ.
Nkọwa Ọ bụrụ na ị na-agbalị izo ya ezo bitstream site GUI ma ọ bụ iwu-akara mgbe ị chịkọtara oru ngo na bitstream nzuzo nhọrọ nwere nkwarụ, Quartus jụrụ iwu dị ka egosiri n'elu.
Mkpebi jide n'aka na ị na-eji nhọrọ nzuzo bitstream chịkọta ọrụ a site na GUI ma ọ bụ ahịrị iwu. Iji mee ka nhọrọ a dị na GUI, ị ga-elele igbe nlele maka nhọrọ a.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 65

6. Nchọpụta nsogbu 683823 | 2023.05.23
6.7. Na-akọwapụta ụzọ ziri ezi na igodo ahụ
Njehie
Njehie (19516): Mmemme achọpụtara File Njehie ntọala generator: Enweghị ike ịhụ 'key_file'. Gbaa mbọ hụ na file dị na ebe a na-atụ anya ma ọ bụ melite ntọala.sec
Njehie (19516): Mmemme achọpụtara File Njehie ntọala generator: Enweghị ike ịhụ 'key_file'. Gbaa mbọ hụ na file dị na ebe a na-atụ anya ma ọ bụ melite ntọala.
Nkọwa
Ọ bụrụ na ị na-eji igodo echekwara na ya file Sistemu, ịkwesịrị ijide n'aka na ha ezipụta ụzọ ziri ezi maka igodo eji ezoro ezo na ntinye aka bitstream. Ọ bụrụ na Programming File Generator enweghị ike ịchọpụta ụzọ ziri ezi, ozi njehie dị n'elu gosipụtara.
Mkpebi
Rụtụ aka na ntọala Quartus Prime .qsf file ka ịchọta ụzọ ziri ezi maka igodo. Gbaa mbọ hụ na ị na-eji ụzọ ndị ikwu kama iji ụzọ zuru oke.

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 66

Zipu nzaghachi

6. Nchọpụta nsogbu 683823 | 2023.05.23
6.8. Iji mmepụta anaghị akwado File Ụdị
Njehie
quartus_pfg -c design.sof mmepụta_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o bịanyere aka n'akwụkwọ =ON -o pem_file= sign_private.pem
Njehie (19511): Mmepụta anaghị akwado file ụdị (ebf). Jiri “-l” ma ọ bụ “-list” nhọrọ iji gosipụta nkwado file ụdị ozi.
Nkọwa Mgbe ị na-eji mmemme Quartus File Generator iji mepụta ezoro ezo na mbinye aka nhazi bitstream, ị nwere ike ịhụ njehie dị n'elu ma ọ bụrụ na mmepụta anaghị akwado file ụdị kpọmkwem. Mkpebi Jiri -l ma ọ bụ -list nhọrọ ịhụ ndepụta akwadoro file ụdị.

Zipu nzaghachi

Ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex® 7 67

683823 | 2023.05.23 zipu nzaghachi
7. Intel Agilex 7 nchekwa nchekwa ngwaọrụ Archives
Maka ụdị ọhụrụ na nke gara aga nke ntuziaka onye ọrụ a, rụtụ aka na ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7. Ọ bụrụ na edepụtaghị ụdị IP ma ọ bụ sọftụwia, ntuziaka onye ọrụ maka ụdị IP gara aga ma ọ bụ ụdị ngwanrọ na-emetụta.

ISO 9001: 2015 edebanye aha

683823 | 2023.05.23 zipu nzaghachi

8. Akụkọ ngbanwe maka ntuziaka onye ọrụ nchekwa ngwaọrụ Intel Agilex 7

Ụdị akwụkwọ 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09

Akwụkwọ / akụrụngwa

Nchekwa ngwaọrụ Intel Agilex 7 [pdf] Akwụkwọ ntuziaka onye ọrụ
Agilex 7 Nchekwa ngwaọrụ, Agilex 7, nchekwa ngwaọrụ, nchekwa

Ntụaka

Akwụkwọ ntuziaka onye ọrụ

Nchekwa ngwaọrụ Intel Agilex 7

Ozi ngwaahịa

Ntuziaka ojiji ngwaahịa

Ajụjụ a na-ajụkarị

Nchekwa ngwaọrụ gafereview

Nyocha na ikike

Ihe nzuzo AES Bitstream

Na-enye ngwaọrụ

Atụmatụ dị elu

Nchọpụta nsogbu

Akwụkwọ / akụrụngwa

Ntụaka

Hapụ ikwu

Kagbuo nzaghachi