Intel Agilex 7 Chishandiso Chekuchengetedza Mushandisi Manual

Intel yakazvipira kune kuchengetedzwa kwechigadzirwa uye inokurudzira vashandisi kuti vajairane nezviwanikwa zvekuchengetedza zvigadzirwa zvakapihwa. Izvi zviwanikwa zvinofanirwa kushandiswa mukati mehupenyu hweIntel chigadzirwa.

2. Yakarongwa Chengetedzo Zvinhu

Aya anotevera ekuchengetedza maficha akarongerwa kuburitswa kweIntel Quartus Prime Pro Edition software:

Partial Reconfiguration Bitstream Security Verification: Inopa imwe vimbiso yekuti Partial Reconfiguration (PR) bitstreams haigoni kuwana kana kukanganisa mamwe PR persona bitstreams.

Mudziyo Kuzviuraya kwePhysical Anti-Tamper: Inoita yekupukuta mudziyo kana mudziyo zeroization mhinduro uye zvirongwa eFuses kudzivirira mudziyo kubva kumisikidza zvakare.

3. Available Security Documentation

Tafura inotevera inonyora zvinyorwa zviripo zvekuchengetedza mudziyo maficha paIntel FPGA uye Yakagadzirwa ASIC zvishandiso:

Document Name	Chinangwa
Chengetedzo Methodology yeIntel FPGAs uye Yakagadziriswa ASICs Mushandisi Guide	Gwaro repamusoro-soro rinopa tsananguro dzakadzama dze kuchengetedza maficha uye matekinoroji muIntel Programmable Solutions Products. Inobatsira vashandisi kusarudza anodiwa ekuchengetedza maficha kuti kuzadzisa zvinangwa zvavo zvekuchengetedza.
Intel Stratix 10 Chidimbu Chengetedza Mushandisi Yekushandisa	Mirayiridzo yevashandisi veIntel Stratix 10 zvishandiso zvekushandisa izvo zvekuchengetedza zvakaonekwa uchishandisa Security Methodology User Guide.
Intel Agilex 7 Chidimbu Chengetedzo Mushandisi Gadhi	Mirayiridzo yevashandisi veIntel Agilex 7 zvishandiso zvekushandisa izvo zvekuchengetedza zvakaonekwa uchishandisa Security Methodology User Guide.
Intel eASIC N5X Chidimbu Chengetedza Mushandisi Gwaro	Mirayiridzo yevashandisi veIntel eASIC N5X zvishandiso zvekushandisa izvo zvekuchengetedza zvakaonekwa uchishandisa Security Methodology User Guide.
Intel Agilex 7 uye Intel eASIC N5X HPS Cryptographic Services User Guide	Ruzivo rweHPS software mainjiniya pakuita uye kushandisa HPS software raibhurari kuwana cryptographic masevhisi yakapihwa neSDM.
AN-968 Black Key Provisioning Service Yekukurumidza Kutanga Gwaro	Zadzisa seti yematanho ekumisikidza iyo Black Key Provisioning service.

Mibvunzo Inowanzo bvunzwa

Q: Chii chinangwa cheSecurity Methodology User Guide?

A: Iyo Chengetedzo Methodology Mushandisi Inopa tsananguro yakadzama yezvekuchengetedza maficha uye matekinoroji muIntel Programmable Solutions Zvigadzirwa. Inobatsira vashandisi kusarudza anodiwa ekuchengetedza maficha kuti asangane nezvinangwa zvavo zvekuchengetedza.

Mubvunzo: Ndingawane kupi Intel Agilex 7 Chishandiso Chekuchengetedza Mushandisi Guide?

A: Iyo Intel Agilex 7 Chidimbu Chengetedzo Mushandisi Guide inogona kuwanikwa paIntel Resource uye Dhizaini Center website.

Mubvunzo: Chii chinonzi Black Key Provisioning service?

A: Iyo Black Key Provisioning sevhisi ibasa rinopa rakakwana seti yematanho ekumisikidza kiyi yekupa mabasa akachengeteka.

View Fullscreen

Intel Agilex® 7 Chidimbu Chengetedza Mushandisi Gadhi
Yakagadziridzwa Intel® Quartus® Prime Dhizaini Suite: 23.1

Online Version Send Feedback

UG-20335

683823 2023.05.23

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 2

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 3

683823 | 2023.05.23 Tumira Mhinduro
1. Intel Agilex® 7

Chengetedzo Yemudziyo Pamusoroview

Intel® inogadzira iyo Intel Agilex® 7 michina ine yakatsaurirwa, yakanyanya-inogadziriswa yekuchengetedza hardware uye firmware.
Gwaro iri rine mirairo yekukubatsira kushandisa Intel Quartus® Prime Pro Edition software kuita kuchengetedza maficha pane yako Intel Agilex 7 zvishandiso.
Pamusoro pezvo, iyo Chengetedzo Methodology yeIntel FPGAs uye Yakarongeka ASICs Mushandisi Gwaro inowanikwa paIntel Resource & Dhizaini Center. Gwaro iri rine tsananguro yakadzama yezvekuchengetedza maficha uye matekinoroji anowanikwa kuburikidza neIntel Programmable Solutions zvigadzirwa zvekukubatsira iwe kusarudza maficha anodiwa kuti asangane nezvinangwa zvako zvekuchengetedza. Bata Intel Tsigiro ine referensi nhamba 14014613136 kuti uwane iyo Chengetedzo Methodology yeIntel FPGAs uye Yakarongeka ASICs Mushandisi Wekushandisa.
Gwaro rakarongwa sezvizvi: · Kusimbisa uye Mvumo: Inopa mirairo yekugadzira
makiyi echokwadi uye siginicha cheni, shandisa mvumo uye kudzoserwa, kusaina zvinhu, uye chirongwa chechokwadi maficha paIntel Agilex 7 zvishandiso. · AES Bitstream Encryption: Inopa mirairo yekugadzira AES midzi kiyi, encrypt kumisikidza bitstreams, uye kupa iyo AES midzi kiyi kuIntel Agilex 7 zvishandiso. · Kugovera Chishandiso: Inopa mirairo yekushandisa Intel Quartus Prime Programmer uye Chengetedza Chishandiso Maneja (SDM) yekupa firmware kune chirongwa chekuchengetedza maficha paIntel Agilex 7 zvishandiso. · Yepamberi Zvimiro: Inopa mirairo yekugonesa epamusoro kuchengetedza maficha, anosanganisira akachengeteka debug mvumo, Hard processor System (HPS) debug, uye kure system update.
1.1. Kuzvipira kune Chigadzirwa Chekuchengetedza
Kuzvipira kweIntel kwenguva refu kuchengetedzeka hakuna kumbove kwakasimba. Intel inokurudzira zvakasimba kuti iwe ujairane neyedu zvigadzirwa zvekuchengetedza zviwanikwa uye kuronga kuzvishandisa muhupenyu hwese hweIntel chigadzirwa.
Ruzivo Rwakabatana · Kuchengetedzwa Kwechigadzirwa kuIntel · Intel Chigadzirwa Chekuchengetedza Center Advisory

Intel Corporation. Kodzero dzese dzakachengetwa. Intel, iyo Intel logo, uye mamwe maIntel mamaki zviratidzo zveIntel Corporation kana vatsigiri vayo. Intel inobvumidza kuita kwayo FPGA uye semiconductor zvigadzirwa kune zvazvino zvirevo zvinoenderana neIntel's standard waranti, asi inochengetera kodzero yekuita shanduko kune chero zvigadzirwa nemasevhisi chero nguva pasina chiziviso. Intel haitore mutoro kana mutoro unobva mukushandisa kana kushandiswa kwechero ruzivo, chigadzirwa, kana sevhisi inotsanangurwa pano kunze kwekunge yakabvumiranwa nekunyora neIntel. Vatengi veIntel vanorairwa kuti vawane yazvino vhezheni yezvakatemwa zvemudziyo vasati vavimba nechero ruzivo rwakaburitswa uye vasati vaisa maodha ezvigadzirwa kana masevhisi. *Mamwe mazita nemhando zvinogona kunzi ndezvevamwe.

ISO 9001:2015 Yakanyoreswa

1. Intel Agilex® 7 Device Security Overview 683823 | 2023.05.23

1.2. Yakarongwa Chengetedzo Zvinhu

Zvimiro zvataurwa muchikamu chino zvakarongerwa kuburitswa kweIntel Quartus Prime Pro Edition software.

Cherechedza:

Ruzivo rwuri muchikamu chino nderwekutanga.

1.2.1. Chikamu Reconfiguration Bitstream Chengetedzo Verification
Partial reconfiguration (PR) bitstream chengetedzo inosimbisa inobatsira kupa imwe vimbiso yekuti PR persona bitstreams haigone kuwana kana kukanganisa mamwe PR persona bitstreams.

1.2.2. Mudziyo Kuzviuraya kwePhysical Anti-Tamper
Chigadzirwa chekuzviuraya chinopukuta mudziyo kana mudziyo zeroization mhinduro uye nekuwedzera zvirongwa eFuses kudzivirira mudziyo kubva kugadziriso zvakare.

1.3. Available Security Documentation

Tafura inotevera inotsanangura zvinyorwa zviripo zvekuchengetedza mudziyo maficha paIntel FPGA uye Yakagadzirwa ASIC zvishandiso:

Tafura 1.

Inowanikwa Device Security Documentation

Document Name
Chengetedzo Methodology yeIntel FPGAs uye Yakagadziriswa ASICs Mushandisi Gwaro

Chinangwa
Gwaro repamusoro-soro rine tsananguro yakadzama yezvekuchengetedza maficha uye matekinoroji muIntel Programmable Solutions Zvigadzirwa. Yakaitirwa kukubatsira iwe kusarudza maficha anodiwa kuti asangane nezvinangwa zvako zvekuchengetedza.

Gwaro ID 721596

Intel Stratix 10 Chidimbu Chengetedza Mushandisi Yekushandisa
Intel Agilex 7 Chidimbu Chengetedzo Mushandisi Gadhi

Kune vashandisi veIntel Stratix 10 zvishandiso, gwara iri rine mirairo yekushandisa Intel Quartus Prime Pro Edition software kuita zvekuchengetedza zvakaonekwa uchishandisa Chengetedzo Methodology User Guide.
Kune vashandisi veIntel Agilex 7 zvishandiso, gwara iri rine mirairo yekushandisa Intel Quartus Prime Pro Edition software kuita zvekuchengetedza zvakaonekwa uchishandisa Security Methodology User Guide.

683642 683823

Intel eASIC N5X Chidimbu Chengetedza Mushandisi Gwaro

Kune vashandisi veIntel eASIC N5X zvishandiso, gwara iri rine mirairo yekushandisa Intel Quartus Prime Pro Edition software kuita zvekuchengetedza zvakaonekwa uchishandisa Security Methodology Mushandisi Guide.

626836

Intel Agilex 7 uye Intel eASIC N5X HPS Cryptographic Services User Guide

Gwaro iri rine ruzivo rwekubatsira mainjiniya esoftware eHPS mukuita uye kushandiswa kwemaraibhurari esoftware yeHPS kuwana masevhisi ekriptographic anopihwa neSDM.

713026

AN-968 Black Key Provisioning Service Yekukurumidza Kutanga Gwaro

Gwaro iri rine seti yakakwana yematanho ekumisikidza iyo Black Key Provisioning sevhisi.

739071

Nzvimbo Intel Resource uye
Design Center
Intel.com
Intel.com
Intel Resource uye Dhizaini Center
Intel Resource uye Dhizaini Center
Intel Resource uye Dhizaini Center

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 5

683823 | 2023.05.23 Tumira Mhinduro

Authentication uye Mvumo

Kugonesa echokwadi maficha eIntel Agilex 7 mudziyo, unotanga nekushandisa Intel Quartus Prime Pro Edition software uye maturusi anobatanidzwa kuvaka siginecha cheni. Siginecha cheni ine midzi kiyi, imwe kana anopfuura makiyi ekusaina, uye mvumo inoshanda. Iwe unoisa siginecha cheni kune yako Intel Quartus Prime Pro Edition chirongwa uye yakarongwa hurongwa files. Shandisa mirairo muChigadzirwa Kugovera kuronga yako midzi kiyi muIntel Agilex 7 zvishandiso.
Related Information
Kugoverwa kweDhidhiyo papeji 25

2.1. Kugadzira Siginecha Chain
Unogona kushandisa quartus_sign turusi kana iyo agilex_sign.py referensi yekushandisa kuita siginecha cheni mashandiro. Gwaro iri rinopa exampshandisa quartus_sign.
Kuti ushandise referensi yekushandisa, unotsiva runhare kune muturikiri wePython inosanganisirwa neIntel Quartus Prime software uye wosiya iyo -family=agilex sarudzo; dzimwe sarudzo dzese dzakafanana. For example, iyo quartus_sign command inowanikwa gare gare muchikamu chino
quartus_sign -family=agilex -operation=make_root root_public.pem root.qky inogona kushandurwa kuita yakaenzana kufona kune referensi kuita sezvinotevera
pgm_py agilex_sign.py -operation=make_root root_public.pem root.qky

Intel Quartus Prime Pro Edition software inosanganisira iyo quartus_sign, pgm_py, uye agilex_sign.py zvishandiso. Iwe unogona kushandisa iyo Nios® II yekuraira shell tool, iyo inogadzirisa zvakakodzera nharaunda dzakasiyana kuti uwane maturusi.

Tevedza mirairo iyi kuunza Nios II yekuraira shell. 1. Uya negoko rekuraira reNios II.

Option Windows
Linux

Tsanangudzo
PaKutanga menyu, nongedzera kuZvirongwa Intel FPGA Nios II EDS uye tinya Nios II Raira Shell.
Mune yekuraira shell chinja kune /nios2eds uye mhanyisa unotevera kuraira:
./nios2_command_shell.sh

The examples muchikamu chino tora siginecha cheni uye gadziriso bitstream files dziri mune yazvino dhairekitori rekushanda. Kana ukasarudza kutevera examples where key files inochengetwa pa file system, avo exampngatitorei kiyi files vari

ISO 9001:2015 Yakanyoreswa

2. Kutendesa uye Mvumo 683823 | 2023.05.23
iri mune yazvino dhairekitori rekushanda. Iwe unogona kusarudza kuti ndeapi madhairekitori ekushandisa, uye maturusi anotsigira hama file nzira. Kana ukasarudza kuchengeta kiyi files pa file system, iwe unofanirwa kunyatso gadzirisa mvumo yekuwana kune avo files.
Intel inokurudzira kuti inotengeswa Hardware Security Module (HSM) ishandiswe kuchengeta cryptographic kiyi uye kuita cryptographic mashandiro. Chishandiso chequartus_sign uye kushandisa referensi kunosanganisira Public Key Cryptography Standard #11 (PKCS #11) Application Programming Interface (API) yekudyidzana neHSM uchiita masiginecha cheni. Iyo agilex_sign.py referensi yekushandisa inosanganisira interface abstract pamwe neye exampuye interface kune SoftHSM.
Unogona kushandisa idzi example interfaces yekushandisa interface kune HSM yako. Tarisa kune zvinyorwa kubva kumutengesi wako weHSM kuti uwane rumwe ruzivo nezve kushandisa interface uye kushandisa HSM yako.
SoftHSM isoftware yekumisikidza yegeneric cryptographic mudziyo ine PKCS #11 interface iyo inowanikwa neiyo OpenDNSSEC® chirongwa. Unogona kuwana rumwe ruzivo, kusanganisira mirairo yekudhawunirodha, kuvaka, uye kuisa OpenHSM, paOpenDNSSEC chirongwa. The exampses muchikamu chino shandisa SoftHSM vhezheni 2.6.1. The examples muchikamu chino shandisawo pkcs11-chishandiso chinobva kuOpenSC kuita mamwe ma PKCS #11 mashandiro ane SoftHSM tokeni. Unogona kuwana rumwe ruzivo, kusanganisira mirairo yekurodha, kuvaka, uye kuisa pkcs11tool kubva OpenSC.
Related Information
‣ Iyo OpenDNSSEC purojekiti-yakavakirwa zone signer ye automating maitiro eDNSSEC makiyi ekutevera.
· SoftHSM Ruzivo rwekuitwa kwechitoro checryptographic chinowanikwa kuburikidza nePKCS #11 interface.
OpenSC Inopa seti yemaraibhurari uye zvishandiso zvinokwanisa kushanda neakangwara makadhi.
2.1.1. Kugadzira Kusimbisa Makiyi Pairi paNzvimbo File System
Iwe unoshandisa iyo quartus_sign chishandiso kugadzira echokwadi makiyi maviri epanzvimbo file system inoshandisa make_private_pem uye make_public_pem maturusi mashandiro. Iwe unotanga wagadzira kiyi yakavanzika ine make_private_pem oparesheni. Unotsanangura elliptic curve yekushandisa, kiyi yakavanzika filezita, uye nesarudzo kana kudzivirira kiyi yakavanzika nezwi rekupfuura. Intel inokurudzira kushandiswa kwesecp384r1 curve uye kutevera indasitiri maitiro akanakisa kugadzira yakasimba, isina kurongeka passphrase pane ese akavanzika kiyi. files. Intel inokurudzirawo kudzora iyo file system mvumo pakiyi yakavanzika .pem files yekuverenga nemuridzi chete. Iwe unotora kiyi yeruzhinji kubva kukiyi yakavanzika ine make_public_pem oparesheni. Zvinobatsira kudoma kiyi .pem files zvinotsanangura. Gwaro rino rinoshandisa gungano rekuti _.pem mune inotevera examples.
1. MuNios II yekuraira shell, shandisa murairo unotevera kuti ugadzire kiyi yega. Kiyi yakavanzika, inoratidzwa pazasi, inoshandiswa sekiyi yemudzi mune gare gare exampizvo zvinogadzira siginecha cheni. Intel Agilex 7 zvishandiso zvinotsigira akawanda midzi makiyi, saka iwe

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 7

2. Kutendesa uye Mvumo 683823 | 2023.05.23

dzokorora danho iri kuti ugadzire nhamba yako inodiwa yemakiyi emidzi. ExampLes mugwaro rino ese anoreva kiyi yekutanga mudzi, kunyangwe iwe uchigona kuvaka masiginecha macheni nenzira yakafanana nechero root key.

Sarudzo Nezwi rekupfuura

Tsanangudzo
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem Isa izwi rekutaura kana wakumbirwa kuita kudaro.

Pasina chirevo

quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 -no_passphrase root0_private.pem

2. Mhanya unotevera kuraira kuti ugadzire kiyi yeruzhinji uchishandisa kiyi yakavanzika yakagadzirwa mudanho rakapfuura. Haufanire kuchengetedza kuvanzika kwekiyi yeruzhinji.
quartus_sign -family=agilex -operation=make_public_pem midzi0_private.pem midzi0_public.pem
3. Mhanya mirairo zvakare kuti ugadzire makiyi maviri anoshandiswa sekiyi yekusaina yedhizaini mune siginicha cheni.
quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 design0_sign_private.pem

quartus_sign -family=agilex -operation=make_public_pem design0_sign_private.pem design0_sign_public.pem

2.1.2. Kugadzira Kusimbisa Makiyi Pairi muSoftHSM
Iyo SoftHSM exampZvishoma muchitsauko chino zvinonyatsoenderana. Mamwe ma paramita anoenderana nekumisikidzwa kwako kweSoftHSM uye kutanga kwechiratidzo mukati meSoftHSM.
Iyo quartus_sign tool inoenderana nePKCS #11 API raibhurari kubva kuHSM yako.
The examples muchikamu chino fungidzira kuti raibhurari yeSoftHSM yakaiswa kune imwe yenzvimbo dzinotevera: · /usr/local/lib/softhsm2.so paLinux · C:SoftHSM2libsofthsm2.dll pa32-bit vhezheni yeWindows · C:SoftHSM2libsofthsm2-x64 .dll pane 64-bit shanduro yeWindows.
Tanga chiratidzo mukati meSoftHSM uchishandisa softhsm2-util tool:
softhsm2-util -init-token -label agilex-token -pin agilex-token-pin -so-pin agilex-so-pin -free
Iyo sarudzo paramita, kunyanya iyo tokeni label uye tokeni pini ndeye exampmashoma anoshandiswa muchitsauko chino. Intel inokurudzira kuti uteedzere mirairo kubva kune wako HSM mutengesi kugadzira uye kubata tokeni nemakiyi.
Iwe unogadzira echokwadi makiyi pairi uchishandisa pkcs11-chishandiso chekushandisa kupindirana nechiratidzo muSoftHSM. Panzvimbo pekutaura zvakajeka kune yakavanzika uye yeruzhinji kiyi .pem files muri file system exampLes, iwe unotarisa kune kiyi mbiri neiyo label uye chishandiso chinosarudza kiyi yakakodzera otomatiki.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 8

Send Feedback

2. Kutendesa uye Mvumo 683823 | 2023.05.23

Mhanya iyo inotevera mirairo kuti ugadzire kiyi peya inoshandiswa sekiyi yemudzi mune gare gare exampzvishoma pamwe chete nekiyi peya inoshandiswa sekiyi yekusaina dhizaini mune siginicha cheni:
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen -mechanism ECDSA-KEY-PAIR-GEN -key-type EC : secp384r1 -kushandiswa-chiratidzo -label midzi0 -id 0
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen -mechanism ECDSA-KEY-PAIR-GEN -key-type EC :secp384r1 -kushandisa-chiratidzo -label design0_sign -id 1

Cherechedza:

Iyo ID sarudzo mune ino nhanho inofanirwa kuve yakasarudzika kune yega kiyi, asi inoshandiswa chete neHSM. Iyi ID sarudzo haina hukama nekiyi yekukanzura ID yakapihwa mumasaini cheni.

2.1.3. Kugadzira iyo Signature Chain Root Entry
Shandura kiyi yeruzhinji kuita siginecha cheni midzi yekupinda, yakachengetwa panzvimbo file system muIntel Quartus Prime kiyi (.qky) fomati file, ne make_root oparesheni. Dzokorora danho iri pamudzi wega wega kiyi yaunogadzira.
Mhanya unotevera kuraira kuti ugadzire siginecha cheni ine midzi yekupinda, uchishandisa mudzi weruzhinji kiyi kubva kune file system:
quartus_sign -family=agilex -operation=make_root -key_type=muridzi mudzi0_public.pem midzi0.qky
Mhanya unotevera kuraira kuti ugadzire siginecha cheni ine midzi yekupinda, uchishandisa kiyi yemidzi kubva kuSoftHSM tokeni yakagadzwa muchikamu chekutanga:
quartus_sign –family=agilex –operation=make_root –key_type=owner –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm2. ” root0 root0.qky

2.1.4. Kugadzira Siginecha Chain Public Key Entry
Gadzira itsva yeruzhinji kiyi yekupinda ye siginecha cheni ine append_kiyi mashandiro. Iwe unotsanangudza cheni yekutanga siginecha, kiyi yakavanzika yekupinda kwekupedzisira mune yekutanga siginecha cheni, inotevera nhanho yeruzhinji kiyi, mvumo uye ID yekudzima yaunopa kune inotevera nhanho yeruzhinji kiyi, uye itsva siginicha cheni. file.
Ziva kuti raibhurari yeSoftHSM haiwanikwe neQuartus yekumisikidza uye pachinzvimbo inoda kuiswa zvakasiyana. Kuti uwane rumwe ruzivo nezve softHSM tarisa kune Chikamu Kugadzira Siginecha Chain pamusoro.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 9

2. Kutendesa uye Mvumo 683823 | 2023.05.23
Zvichienderana nekushandisa kwako makiyi pa file system kana muHSM, unoshandisa imwe yeinotevera example anoraira kuwedzera iyo design0_sign kiyi yeruzhinji kune midzi siginecha cheni yakagadzirwa muchikamu chekutanga:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=6 –cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” root2 -previous_qky=root0.qky -permission=0 -cancel=6 -input_keyname=design0_sign design0_sign_chain.qky
Iwe unogona kudzokorora append_kiyi mashandiro anosvika kaviri kune anokwana matatu eruzhinji makiyi ekupinda pakati peiyo midzi yekupinda uye musoro block yekupinda mune imwe siginecha cheni.
Anotevera exampuye unofunga kuti wagadzira imwe kiyi yekusimbisa yeruzhinji ine mvumo yakafanana uye wakapihwa kudzima ID 1 inonzi design1_sign_public.pem, uye uri kuwedzera kiyi iyi kune siginecha kubva kune yakapfuura ex.ample:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –permission=6 –cancel=1 –input_pem=design1_sign_public.pem design1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” design2_sign –previous_qky=design0_sign_chain.qky –permission=0 –cancel=6 –input_keyname=design1_sign design1_sign_chain.qky
Intel Agilex 7 zvishandiso zvinosanganisira imwe kiyi yekukanzura counter kufambisa kushandiswa kwekiyi inogona kuchinja nguva nenguva muhupenyu hwechigadzirwa chakapihwa. Iwe unogona kusarudza iyi kiyi yekudzima counter nekushandura gakava re -cancel sarudzo kuti pts:pts_value.
2.2. Kusaina Configuration Bitstream
Intel Agilex 7 zvishandiso zvinotsigira Security Version Number (SVN) counters, iyo inokutendera kuti udzore mvumo yechinhu pasina kudzima kiyi. Iwe unopa iyo SVN counter uye yakakodzera SVN counter value panguva yekusaina chero chinhu, senge bitstream chikamu, firmware .zip file, kana compact certificate. Iwe unopa iyo SVN counter uye SVN kukosha uchishandisa iyo -cancel sarudzo uye svn_counter:svn_value senharo. Makoshero anoshanda e svn_counter anoti svnA, svnB, svnC, uye svnD. Iyo svn_value iverengero mukati mechikamu [0,63].

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 10

Send Feedback

2. Kutendesa uye Mvumo 683823 | 2023.05.23
2.2.1. Quartus Key File Basa
Iwe unotsanangura siginecha cheni muIntel Quartus Prime software purojekiti yekugonesa iyo yechokwadi chimiro cheiyo dhizaini. Kubva pane Migove menyu, sarudza Chishandiso Chishandiso uye Pin Sarudzo Chengetedzo Quartus Key File, wobva watarisa kune siginecha cheni .qky file wakasika kusaina dhizaini iyi.
Mufananidzo 1. Ita kuti Kugadzirisa Bitstream Kugadzirisa

Neimwe nzira, iwe unogona kuwedzera inotevera yekugovera chirevo kune yako Intel Quartus Prime Settings file (.qsf):
set_global_assignment -zita QKY_FILE design0_sign_chain.qky
Kugadzira a .sof file kubva pane yakambogadzirwa dhizaini, iyo inosanganisira iyi yekumisikidza, kubva kuKugadziridza menyu, sarudza Start Start Assembler. The new output .sof file inosanganisira mabasa ekugonesa kutendeseka neakapihwa siginicha cheni.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 11

2. Kutendesa uye Mvumo 683823 | 2023.05.23
2.2.2. Co-Kusaina SDM Firmware
Unoshandisa quartus_sign turusi kubvisa, kusaina, uye kuisa inoshanda SDM firmware .zip file. Iyo co-signed firmware inobva yabatanidzwa neprogramming file jenareta mudziyo paunoshandura .sof file kupinda gadziriro bitstream .rbf file. Iwe unoshandisa iyo inotevera mirairo kugadzira nyowani siginecha cheni uye kusaina SDM firmware.
1. Gadzira makiyi matsva ekusaina maviri.
a. Gadzira makiyi matsva ekusaina pa file system:
quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 firmware1_private.pem
quartus_sign -family=agilex -operation=make_public_pem firmware1_private.pem firmware1_public.pem
b. Gadzira imwe nyowani yekusaina kiyi muHSM:
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen -mechanism ECDSA-KEY-PAIR-GEN -key-type EC :secp384r1 -kushandiswa-chiratidzo -label firmware1 -id 1
2. Gadzira siginicha nyowani ine kiyi itsva yeruzhinji:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x1 –cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” root2 -previous_qky=root0.qky -permission=0 -cancel=1 -input_keyname=firmware1 firmware1_sign_chain.qky
3. Kopa firmware .zip file kubva kuIntel Quartus Prime Pro Edition software yekuisa dhairekitori (/devices/programmer/firmware/ agilex.zip) kune yazvino dhairekitori rekushanda.
quartus_sign -family=agilex -get_firmware=.
4. Saina firmware .zip file. Chishandiso chinoburitsa otomatiki iyo .zip file uye mumwe nemumwe anosaina zvese firmware .cmf files, wobva wavaka patsva .zip file kushandiswa nemidziyo muzvikamu zvinotevera:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip sign_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 12

Send Feedback

2. Kutendesa uye Mvumo 683823 | 2023.05.23

-keyname=firmware1 -cancel=svnA:0 -qky=firmware1_sign_chain.qky agilex.zip sign_agilex.zip

2.2.3. Kusaina Configuration Bitstream Uchishandisa iyo quartus_sign Command
Kuti usaine configuration bitstream uchishandisa quartus_sign command, unotanga washandura .sof file kune isina kusaina mbishi binary file (.rbf) chimiro. Iwe unogona kusarudza kusarudza co-signed firmware uchishandisa iyo fw_source sarudzo panguva yekutendeuka nhanho.
Unogona kugadzira iyo isina kusaina mbishi bitstream mu.rbf fomati uchishandisa murairo unotevera:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
Mhanya imwe yeinotevera mirairo kusaina bitstream uchishandisa quartus_sign chishandiso zvichienderana nenzvimbo yemakiyi ako:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbf sign_bitstream.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbf sign_bitstream.rbf
Unogona kushandura kusaina .rbf files kune imwe gadziriso bitstream file formats.
For exampuye, kana uri kushandisa Jam* Yakajairwa Muedzo uye Chirongwa Mutauro (STAPL) Mutambi kuronga zvishoma pamusoro peJ.TAG, unoshandisa murairo unotevera kushandura .rbf file kune iyo .jam fomati inodiwa neJam STAPL Player:
quartus_pfg -c sign_bitstream.rbf sign_bitstream.jam

2.2.4. Partial Reconfiguration Multi-Authority Support

Intel Agilex 7 zvishandiso zvinotsigira zvishoma kugadziridzwa kwehuwandu hwemvumo, uko muridzi wemudziyo anogadzira uye anosaina iyo static bitstream, uye yakaparadzana PR muridzi anogadzira uye anosaina PR persona bitstreams. Intel Agilex 7 zvishandiso zvinoshandisa tsigiro yemvumo yakawanda nekupa yekutanga yechokwadi midzi kiyi inotsvedza kune mudziyo kana static bitstream muridzi uye nekupa yekupedzisira yekusimbisa mudzi kiyi slot kune chikamu chekugadzirisazve munhu bitstream muridzi.
Kana iyo yechokwadi ficha ikagoneswa, ipapo mifananidzo yese yePR persona inofanirwa kusainwa, kusanganisira nested PR persona mifananidzo. PR persona mifananidzo inogona kusainwa nemuridzi wemudziyo kana nemuridzi wePR; zvisinei, static region bitstreams inofanira kusainwa nemuridzi wemudziyo.

Cherechedza:

Partial Reconfiguration static uye persona bitstream encryption kana akawanda-ane masimba erutsigiro akagoneswa anorongwa mukuburitswa mune ramangwana.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 13

2. Kutendesa uye Mvumo 683823 | 2023.05.23

Mufananidzo 2.

Kuita chikamu chekugadzirisazve tsigiro yakawanda-yechiremera inoda matanho akati wandei:
1. Mudziyo kana static bitstream muridzi anogadzira imwe kana akawanda echokwadi root keys sezvinotsanangurwa muKugadzira Authentication Key Pairs muSoftHSM papeji 8, apo -key_type sarudzo ine kukosha kwemuridzi.
2. The partial reconfiguration bitstream muridzi anogadzira kiyi yechokwadi asi anochinja iyo -key_type sarudzo kukosha kune yechipiri_owner.
3. Vese varidzi vedhizaini yakatsiga uye chidimbu chegadziriso vanova nechokwadi chekuti Gonesa Multi-Authority tsigiro bhokisi rinogoneswa muAssignments Device Device uye Pin Options Chengetedzo.
Intel Quartus Prime Inogonesa Multi-Authority Option Settings

4. Vese varidzi ve static bitstream uye partial reconfiguration design varidzi vanogadzira masiginecha cheni zvichibva pamakiyi emudzi wavo sezvakatsanangurwa muKugadzira Siginecha Chain papeji 6.
5. Vese varidzi vedhizaini inomira uye zvishoma vanoshandura magadzirirwo avo akaunganidzwa kuita .rbf fomati files uye kusaina iyo .rbf files.
6. Mudziyo kana static bitstream muridzi inogadzira uye isaina PR yeruzhinji kiyi chirongwa chemvumo compact chitupa.
quartus_pfg -ccert o ccert_type=PR_PUBKEY_PROG_AUTH kana muridzi_qky_file=”root0.qky;root1.qky” unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.ccertsign_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=s10-token –user_pin=s10-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname design0_sign -qky=design0_sign_chain.qky -cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 14

Send Feedback

2. Kutendesa uye Mvumo 683823 | 2023.05.23

7. Mudziyo kana kuti static bitstream muridzi anopa echokwadi mudzi kiyi hashes kumudziyo, ipapo zvirongwa PR public kiyi purogiramu mvumo kompakiti chitupa, uye pakupedzisira kupa chikamu reconfiguration bitstream muridzi mudzi kiyi kuti mudziyo. The Device Provisioning chikamu chinotsanangura nzira yekupa iyi.
8. Intel Agilex 7 chigadziro chinogadziriswa ne static region .rbf file.
9. Intel Agilex 7 mudziyo wakagadziridzwa zvishoma ne persona dhizaini .rbf file.
Related Information
· Kugadzira Siginecha Cheni papeji 6
Kugadzira Kusimbisa Makiyi Pairi muSoftHSM pane peji 8
· Kupihwa kweChishandiso papeji 25

2.2.5. Kuongorora Kugadzirisa Bitstream Siginicha Cheni
Mushure mekugadzira masiginecha cheni uye akasaina bitstreams, unogona kuona kuti yakasainwa bitstream inogadzirisa nemazvo mudziyo wakarongwa nekiyi yemidzi yakapihwa. Iwe unotanga kushandisa fuse_info mashandiro eiyo quartus_sign command kudhinda hashi yemudzi weruzhinji kiyi kune chinyorwa. file:
quartus_sign -family=agilex -operation=fuse_info root0.qky hash_fuse.txt

Unobva washandisa check_integrity sarudzo yequartus_pfg command kuti uongorore siginicha cheni pachikamu chega chega chebitstream yakasainwa mu.rbf format. Iyo check_integrity sarudzo inodhinda ruzivo runotevera:
· Mamiriro ezvese bitstream kutendeseka cheki
· Zviri mukati meimwe neimwe yekupinda mune yega yega siginicha cheni yakabatanidzwa kune yega yega chikamu mu bitstream .rbf file,
· Inotarisirwa kukosha kwefuse yehashi yemudzi wekiyi yeruzhinji kune yega siginicha cheni.
Iko kukosha kubva kune fuse_info inobuda inofanira kufanana nemitsara yeFuse mucheck_integrity yakabuda.
quartus_pfg -check_integrity sign_bitstream.rbf

Heino example yecheck_integrity command kubuda:

Ruzivo: Raira: quartus_pfg -check_integrity sign_bitstream.rbf Chimiro chekuvimbika: OK

Chikamu

Type: CMF

Siginecha Descriptor…

Siginicha cheni #0 (mipindi: -1, offset: 96)

Kupinda #0

Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79

72978B22 0731B082 6F596899 40F32048 AD766A24

Gadzira kiyi…

Curve: secp384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Gadzira kiyi…

Curve: secp384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 15

2. Kutendesa uye Mvumo 683823 | 2023.05.23

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Kupinda #1

Gadzira kiyi…

Curve: secp384r1

: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B

C120C7E7A744C357346B424D52100A9

: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5

08A80F3FE7F156DEF0AE5FD95BDFE05

Kupinda #2 Mvumo yeKeyitani: SIGN_CODE Keychain inogona kukanzurwa neID: 3 Siginicha cheni #1 (zvinyorwa: -1, offset: 648)

Kupinda #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Kupinda #1

Gadzira kiyi…

Curve: secp384r1

: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D

74D982BC20A4772ABCD0A1848E9DC96

: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D

0DA7C6B53D83CF8A775A8340BD5A5DB

Kupinda #2

Gadzira kiyi…

Curve: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Kupinda #3 Mvumo yeKiyitani: SIGN_CODE Keycheni inogona kukanzurwa neID: 15 Siginicha cheni #2 (mapindiro: -1, gadzirisa: 0) Siginicha cheni #3 (mipindi: -1, kumisa: 0) Siginicha cheni #4 (mapindiro: -1, offset: 0) Siginicha cheni #5 (mipindi: -1, offset: 0) Siginicha cheni #6 (mapindiro: -1, offset: 0) Siginicha cheni #7 (zvinyorwa: -1, offset: 0)

Rudzi rweChikamu: IO Siginicha Descriptor ... Siginicha cheni #0 (mapinda: -1, offset: 96)

Kupinda #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 16

Send Feedback

2. Kutendesa uye Mvumo 683823 | 2023.05.23

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Kupinda #1

Gadzira kiyi…

Curve: secp384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Kupinda #2

Gadzira kiyi…

Curve: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Kupinda #3 Mvumo yeKeyitani: SIGN_CORE Keycheni inogona kukanzurwa neID: 15 Siginicha cheni #1 (mapindiro: -1, offset: 0) Siginicha cheni #2 (mapindiro: -1, offset: 0) Siginicha cheni #3 (mapindiro: -1, offset: 0) Siginicha cheni #4 (mipindi: -1, offset: 0) Siginicha cheni #5 (mapindiro: -1, offset: 0) Siginicha cheni #6 (zvinyorwa: -1, offset: 0) Siginicha cheni #7 (zvinyorwa: -1, offset: 0)

Chikamu

Type: HPS

Siginecha Descriptor…

Siginicha cheni #0 (mipindi: -1, offset: 96)

Kupinda #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Kupinda #1

Gadzira kiyi…

Curve: secp384r1

: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30

09CE3F486200940E81D02E2F385D150

: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E

5AC33EE6D388B1A895AC07B86155E9D

Kupinda #2

Gadzira kiyi…

Curve: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 17

2. Kutendesa uye Mvumo 683823 | 2023.05.23

Entry #3 Keychain mvumo: SIGN_HPS Keychain inogona kukanzurwa neID: 15 Siginicha cheni #1 (mapindiro: -1, offset: 0) Siginicha cheni #2 (zvinyorwa: -1, offset: 0) Siginicha cheni #3 (mapindiro: -1, offset: 0) Siginicha cheni #4 (mipindi: -1, offset: 0) Siginicha cheni #5 (mapindiro: -1, offset: 0) Siginicha cheni #6 (zvinyorwa: -1, offset: 0) Siginicha cheni #7 (zvinyorwa: -1, offset: 0)

Rudzi rweChikamu: CORE Siginicha Descriptor ... Siginicha cheni #0 (mapinda: -1, offset: 96)

Kupinda #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Gadzira kiyi…

Curve: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Kupinda #1

Gadzira kiyi…

Curve: secp384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Kupinda #2

Gadzira kiyi…

Curve: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 18

Send Feedback

683823 | 2023.05.23 Tumira Mhinduro

AES Bitstream Encryption

Advanced Encryption Standard (AES) bitstream encryption chinhu chinoita kuti muridzi wemudziyo achengetedze kuvanzika kwepfuma yehungwaru mukugadzirisa bitstream.
Kubatsira kuchengetedza kuvanzika kwemakiyi, kumisikidza bitstream encryption inoshandisa ketani yemakiyi eAES. Aya makiyi anoshandiswa encrypt muridzi data mune yekumisikidza bitstream, uko yekutanga kiyi yepakati yakavharirwa neiyo AES midzi kiyi.

3.1. Kugadzira iyo AES Root Kiyi

Unogona kushandisa quartus_encrypt turusi kana stratix10_encrypt.py referensi kuita kugadzira AES mudzi kiyi muIntel Quartus Prime software encryption key (.qek) fomati. file.

Cherechedza:

Iyo stratix10_encrypt.py file inoshandiswa kuIntel Stratix® 10, uye Intel Agilex 7 zvishandiso.

Iwe unogona kusarudza kusarudza kiyi yepasi inoshandiswa kutora AES midzi kiyi uye kiyi yekubvisa kiyi, kukosha kweiyo AES midzi kiyi zvakananga, nhamba yemakiyi epakati, uye yakanyanya kushandiswa pakiyi yepakati.

Unofanira kutsanangura mhuri yemudziyo, goho .qek file nzvimbo, uye chirevo chezwi kana wakurudzirwa.
Mhanya unotevera kuraira kuti ugadzire iyo AES midzi kiyi uchishandisa isina kurongeka dhata kune base kiyi uye default kukosha kwenhamba yepakati makiyi uye yakanyanya kushandiswa kiyi.
Kuti ushandise referensi yekushandisa, unotsiva runhare kune muturikiri wePython inosanganisirwa neIntel Quartus Prime software uye wosiya iyo -family=agilex sarudzo; dzimwe sarudzo dzese dzakafanana. For example, iyo quartus_encrypt command inowanikwa gare gare muchikamu

quartus_encrypt -family=agilex -operation=MAKE_AES_KEY aes_root.qek

inogona kushandurwa kuita yakaenzana kufona kune referensi yekushandisa sezvinotevera pgm_py stratix10_encrypt.py -operation=MAKE_AES_KEY aes_root.qek

3.2. Quartus Encryption Settings
Kuti ugone kugonesa bitstream encryption yedhizaini, unofanirwa kutsanangura sarudzo dzakakodzera uchishandisa Assignments Device Device uye Pin Options Chengetedzo pani. Iwe unosarudza iyo Gonesa configuration bitstream encryption cheki bhokisi, uye inodiwa Encryption kiyi yekuchengetedza nzvimbo kubva painodonha menyu.

ISO 9001:2015 Yakanyoreswa

Mufananidzo 3. Intel Quartus Prime Encryption Settings

3. AES Bitstream Encryption 683823 | 2023.05.23

Neimwe nzira, iwe unogona kuwedzera inotevera yekugovera chirevo kune yako Intel Quartus Prime marongero file .qsf:
set_global_assignment -zita ENCRYPT_PROGRAMMING_BITSTREAM pa set_global_assignment -zita PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT eFuses
Kana iwe uchida kugonesa mamwe mamedigations achipokana nedivi-chiteshi kurwisa mavheji, unogona kugonesa iyo Encryption update ratio kudonha uye Gonesa kukwenya cheki bhokisi.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 20

Send Feedback

3. AES Bitstream Encryption 683823 | 2023.05.23

Shanduko dzinoenderana mu.qsf ndedzinoti:
set_global_assignment -zita PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING pa set_global_assignment -zita PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31

3.3. Encrypting a Configuration Bitstream
Iwe unovharira gadziriso bitstream usati wasaina iyo bitstream. Iyo Intel Quartus Prime Programming File Jenareta chishandiso chinogona kunyora otomatiki uye kusaina dhizaini yekumisikidza uchishandisa graphical mushandisi interface kana mutsara wekuraira.
Iwe unogona kusarudza kugadzira bitstream yakadzikwa zvishoma kuti ishandiswe nequartus_encrypt uye quartus_sign maturusi kana mareferenzi ekuita zvakaenzana.

3.3.1. Kugadzirisa Bitstream Encryption Uchishandisa Chirongwa File Jenareta Graphical Interface
Iwe unogona kushandisa iyo Programming File Jenareta kuti encrypt uye kusaina muridzi mufananidzo.

Mufananidzo 4.

1. PaIntel Quartus Prime File menyu sarudza Programming File Jenareta. 2. PaKubuda Files tab, tsanangura zvinobuda file type for your configuration
chirongwa.
Output File Tsanangudzo

Configuration scheme Output file tab
Output file type

3. PaInput Files tab, tinya Wedzera Bitstream uye bhurawuza kune yako .sof. 4. Kutsanangura encryption uye authentication sarudzo sarudza .sof uye baya
Properties. a. Batidza Vhura chishandiso chekusaina. b. For Private key file sarudza kiyi yako yekusaina zvakavanzika .pem file. c. Batidza Finalize encryption.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 21

3. AES Bitstream Encryption 683823 | 2023.05.23

Mufananidzo 5.

d. For Encryption kiyi file, sarudza yako AES .qek file. Input (.sof) File Zvivakwa zveAuthentication uye Encryption

Bvumira huchokwadi Rondedzera zvakavanzika mudzi .pem
Bvisa encryption Taura kiyi yekuvharidzira
5. Kugadzira iyo yakasainwa uye yakavharidzirwa bitstream, pane Input Files tab, tinya Gadzira. Mabhokisi enhaurirano epassword anooneka kuti iwe uise password yako pakiyi yako yeAES .qek file uye kusaina private key .pem file. The programming file jenareta inogadzira iyo yakavharidzirwa uye yakasainwa kubuda_file.rbf.
3.3.2. Kugadzirisa Bitstream Encryption Uchishandisa Chirongwa File Jenareta Command Line Interface
Gadzira yakavharidzirwa uye yakasainwa configuration bitstream mu.rbf fomati ine quartus_pfg command line interface:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o signing=ON -o pem_file=design0_sign_private.pem
Unogona kushandura yakavharidzirwa uye yakasaina bitstream mu.rbf fomati kuenda kune imwe bitstream. file formats.
3.3.3. Partially Encrypted Configuration Bitstream Generation Uchishandisa Command Line Interface
Unogona kugadzira imwe encrypted programming file kupedzisa encryption uye kusaina mufananidzo gare gare. Gadzira purogiramu yakavharidzirwa zvishoma file mu .rbf format ine thequartus_pfgcommand line interface: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 22

Send Feedback

3. AES Bitstream Encryption 683823 | 2023.05.23
Iwe unoshandisa iyo quartus_encrypt yekuraira mutsara chishandiso kupedzisa bitstream encryption:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
Iwe unoshandisa iyo quartus_sign yekuraira mutsara chishandiso kusaina yakavharidzirwa gadziriso bitstream:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbf sign_encrypted_top.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbf sign_encrypted_top.rbf
3.3.4. Chikamu Reconfiguration Bitstream Encryption
Iwe unogona kugonesa bitstream encryption pane mamwe maIntel Agilex 7 FPGA magadzirirwo anoshandisa chikamu chekugadzirisa.
Zvikamu zvekugadzirisa zvakare zvigadziriso uchishandisa Hierarchical Partial Reconfiguration (HPR), kana Static Update Partial Reconfiguration (SUPR) haitsigire bitstream encryption. Kana dhizaini yako iine akawanda PR matunhu, iwe unofanirwa encrypt vanhu vese.
Kugonesa chidimbu chekugadzirisazve bitstream encryption, tevera maitiro akafanana mune ese magadzirirwo edhizaini. 1. PaIntel Quartus Prime File menyu, sarudza Assignments Device Device
uye Pin Options Security. 2. Sarudza yaunoda encryption kiyi yekuchengetedza nzvimbo.
Mufananidzo 6. Chikamu Reconfiguration Bitstream Encryption Setting

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 23

3. AES Bitstream Encryption 683823 | 2023.05.23
Neimwe nzira, unogona kuwedzera chirevo chekugoverwa chinotevera muQuartus Prime marongero file .qsf:
set_global_assignment -zita -ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION pa
Mushure mekunyora yako base dhizaini uye kudzokorora, software inogadzira a.soffile uye imwe kana kupfuura.pmsffiles, inomiririra vanhu. 3. Gadzira encrypted uye yakasaina programming files kubva.sof uye.pmsf files nenzira yakafanana kune madhizaini asina chidimbu chekugadzirisa zvakare inogoneswa. 4. Shandura iyo yakagadzirwa persona.pmsf file kune imwe encrypted.rbf file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. Pedzisa bitstream encryption uchishandisa quartus_encrypt command line tool:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. Saina iyo encrypted configuration bitstream uchishandisa quartus_sign command line tool:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbfsign_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” design0_sign_chain.qky -cancel=svnA:0 -keyname=design0_sign encrypted_persona1.rbfsign_encrypted_persona1.rbf

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 24

Send Feedback

683823 | 2023.05.23 Tumira Mhinduro

Device Provisioning

Yekutanga kuchengetedza ficha inotsigirwa chete muSDM yekupa firmware. Shandisa Intel Quartus Prime Programmer kurodha iyo SDM yekupa firmware uye kuita mashandiro ekupa.
Unogona kushandisa chero rudzi rweJTAG dhawunirodha tambo yekubatanidza iyo Quartus Programmer kune Intel Agilex 7 mudziyo kuti uite mashandiro ekupa.
4.1. Kushandisa SDM Provision Firmware
Iyo Intel Quartus Prime Programmer inogadzira otomatiki uye inoremedza fekitori default mubatsiri mufananidzo paunosarudza iyo yekutanga oparesheni uye kuraira kuronga chimwe chinhu kunze kwekumisikidza bitstream.
Zvichienderana nehurongwa hwekuraira hwakatsanangurwa, iyo fekitori default mubatsiri mufananidzo ndeimwe yemhando mbiri:
· Kugovera mufananidzo wemubatsiri-ine chikamu chimwe chebitstream chine SDM yekugovera firmware.
QSPI mubatsiri mufananidzo-ine maviri bitstream zvikamu, imwe ine SDM main firmware uye imwe I/O chikamu.
Unogona kugadzira fekitori default mubatsiri mufananidzo file kurodha mumudziyo wako usati waita chero chirongwa chekuraira. Mushure mekugadzira yechokwadi midzi kiyi hashi, iwe unofanirwa kugadzira uye kusaina QSPI fekitori default mubatsiri mufananidzo nekuda kweiyo inosanganisirwa I / O chikamu. Kana iwe ukawedzera kuronga iyo-yakasaina firmware kuchengetedza kuseta eFuse, iwe unofanirwa kugadzira kupa uye QSPI fekitori default mubatsiri mifananidzo ine co-yakasaina firmware. Iwe unogona kushandisa co-yakasaina fekitori default mubatsiri mufananidzo pane isina kurongedzerwa mudziyo sezvo isina kurongeka mudziyo unofuratira asiri-Intel siginicha cheni pamusoro peSDM firmware. Tarisa Ku Kushandisa QSPI Factory Default Helper Image paMidziyo Yako iri papeji 26 kuti uwane rumwe ruzivo nezvekugadzira, kusaina, uye kushandisa QSPI fekitori default mubatsiri mufananidzo.
Iyo yekugovera fekitori default mubatsiri mufananidzo unoita chinopa chiitiko, senge chirongwa chechokwadi midzi kiyi hashi, chengetedzo yekumisikidza fuse, kunyoresa kwePUF, kana dema kiyi yekupa. Iwe unoshandisa Intel Quartus Prime Programming File Jenareta yekuraira mutsara wekushandisa kugadzira mufananidzo wemubatsiri wekupa, uchitsanangura iyo yekubatsira_image sarudzo, zita remubatsiri_wemudziyo wako, mufananidzo wemubatsiri wekupa, uye pamwe chete-yakasaina firmware .zip file:
quartus_pfg -helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o fw_source=signed_agilex.zip signed_provision_helper_image.rbf
Ronga mufananidzo wemubatsiri uchishandisa Intel Quartus Prime Programmer chishandiso:
quartus_pgm -c 1 -mjtag -o "p;signed_provision_helper_image.rbf" -force

ISO 9001:2015 Yakanyoreswa

4. Device Provisioning 683823 | 2023.05.23

Cherechedza:

Iwe unogona kusiya iyo yekutanga kushanda kubva kumirairo, kusanganisira exampzvishoma zvakapihwa muchitsauko chino, mushure mekugadzirisa mufananidzo wemubatsiri kana kushandisa murairo une yekutanga kushanda.

4.2. Kushandisa QSPI Factory Default Helper Image pane Ane Midziyo
Iyo Intel Quartus Prime Programmer inogadzira otomatiki uye inoremedza QSPI fekitori default mubatsiri mufananidzo paunosarudza yekutanga kushanda kweQSPI flash programming. file. Mushure mekugadzira yechokwadi midzi kiyi hashi, iwe unofanirwa kugadzira uye kusaina iyo QSPI fekitori default mubatsiri mufananidzo, uye kuronga yakasainwa QSPI fekitori mubatsiri mufananidzo zvakasiyana usati wagadzira iyo QSPI flash. 1. Unoshandisa Intel Quartus Prime Programming File Jenareta yekuraira mutsara chishandiso ku
gadzira mufananidzo wemubatsiri weQSPI, uchitsanangura sarudzo_yemufananidzo, rudzi rwemubatsiri_wemudziyo wako, mufananidzo wemubatsiri weQSPI, uye zvichida cosigned firmware .zip file:
quartus_pfg -helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. Iwe unosaina iyo QSPI fekitori default mubatsiri mufananidzo:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf sign_qspi_helper_image.rbf
3. Unogona kushandisa chero QSPI flash programming file format. Anotevera examples use a configuration bitstream converted to the .jic file fomati:
quartus_pfg -c sign_bitstream.rbf sign_flash.jic -o device=MT25QU128 -o flash_loader=AGFB014R24A -o mode=ASX4
4. Unoronga mufananidzo wemubatsiri wakasainwa uchishandisa Intel Quartus Prime Programmer tool:
quartus_pgm -c 1 -mjtag -o "p;signed_qspi_helper_image.rbf" -force
5. Unoronga mufananidzo we.jic kuti uvheneke uchishandisa Intel Quartus Prime Programmer tool:
quartus_pgm -c 1 -mjtag -o "p;signed_flash.jic"

4.3. Authentication Root Key Provisioning
Kuronga muridzi midzi kiyi hashes kuti muviri fiyuzi, kutanga unofanira kurodha kupiwa firmware, rinotevera chirongwa muridzi mudzi kiyi hashes, uye ipapo pakarepo kuita simba-on reset. Simba reset reset haridiwe kana programming root key hashes kune chaiwo fuse.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 26

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
Kuronga authentication root key hashes, unoronga the provision firmware helper image and run one of the following commandments to programme the root key .qky files.
// Zvemuviri (zvisingaite) eFuses quartus_pgm -c 1 -m jtag -o "p;root0.qky;root1.qky;root2.qky" -non_volatile_key
// Yechokwadi (inoshanduka) eFuses quartus_pgm -c 1 -m jtag -o “p;root0.qky;root1.qky;root2.qky”
4.3.1. Chikamu Reconfiguration Multi-Authority Root Key Programming
Mushure mekupa mudziyo kana static dunhu bitstream muridzi midzi makiyi, iwe zvakare kurodha iyo mudziyo wekupa mubatsiri mufananidzo, ronga yakasainwa PR yeruzhinji kiyi chirongwa chemvumo compact chitupa, uye wozopa iyo PR persona bitstream muridzi mudzi kiyi.
// Zvemuviri (zvisingaite) eFuses quartus_pgm -c 1 -m jtag -o "p; root_pr.qky" -pr_pubkey -non_volatile_key
// Yechokwadi (inoshanduka) eFuses quartus_pgm -c 1 -m jtag -o “p;p;root_pr.qky” –pr_pubkey
4.4. Programming Key Kanzura ID Fuse
Kutanga neIntel Quartus Prime Pro Edition software vhezheni 21.1, kuronga Intel uye muridzi kiyi yekukanzura ID fuse inoda kushandiswa kweyakasainwa kompakiti chitupa. Unogona kusaina kiyi yekudzima ID kompakiti chitupa chine siginecha cheni ine FPGA chikamu chekusaina mvumo. Iwe unogadzira iyo compact chitupa nehurongwa file generator command line tool. Iwe unosaina chitupa chisina kusaina uchishandisa quartus_sign chishandiso kana kuita referensi.
Intel Agilex 7 zvishandiso zvinotsigira mabhangi akaparadzana evaridzi kiyi yekukanzura ID kune yega yega kiyi. Kana muridzi kiyi yekukanzura ID compact setifiketi yakarongerwa muIntel Agilex 7 FPGA, iyo SDM inosarudza kuti ndeipi kiyi yemudzi yakasaina compact setifiketi uye inoridza kiyi yekudzima ID fuse inoenderana neiyo mudzi kiyi.
Anotevera exampgadzira chitupa cheIntel kiyi yekukanzura yeIntel kiyi ID 7. Unogona kutsiva 7 neIntel kiyi yekukanzura ID kubva pa0-31.
Mhanya unotevera kuraira kuti ugadzire isina kusaina Intel kiyi yekukanzura ID compact chitupa:
quartus_pfg -ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 unsigned_cancel_intel7.ccert
Mhanya imwe yeinotevera mirairo kusaina isina kusaina Intel kiyi yekukanzura ID compact chitupa:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 27

4. Device Provisioning 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
Mhanya unotevera kuraira kuti ugadzire isina kusaina muridzi kiyi yekukanzura ID compact chitupa:
quartus_pfg -ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 unsigned_cancel_owner2.ccert
Mhanya imwe yeinotevera mirairo kusaina muridzi asina kusaina kiyi yekukanzura ID kompakiti chitupa:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
Mushure mekugadzira kiyi yakasainwa yekukanzura ID compact chitupa, iwe unoshandisa Intel Quartus Prime Programmer kuronga compact chitupa kune mudziyo kuburikidza naJ.TAG.
// Zvemuviri (zvisingaite) eFuses quartus_pgm -c 1 -m jtag -o “pi;signed_cancel_intel7.ccert” –non_volatile_key quartus_pgm -c 1 -mjtag -o "pi;signed_cancel_owner2.cert" -non_volatile_key
// Yechokwadi (inoshanduka) eFuses quartus_pgm -c 1 -m jtag -o “pi;signed_cancel_intel7.ccert” quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_owner2.ccert”
Iwe unogona zvakare kutumira compact setifiketi kuSDM uchishandisa iyo FPGA kana HPS mailbox interface.
4.5. Kudzima Root Keys
Intel Agilex 7 zvishandiso zvinokurega iwe uchidzima midzi kiyi hashes kana imwe isina kuvharwa midzi kiyi hashi iripo. Iwe unokanzura midzi kiyi hashi nekutanga kugadziridza mudziyo nedhizaini ine siginecha cheni yakadzika midzi mune yakasiyana midzi kiyi hashi, wozoronga yakasainwa midzi kiyi hash kukanzura kompakiti chitupa. Iwe unofanirwa kusaina kiyi yemudzi hashi kukanzura kompakiti chitupa chine siginecha cheni yakadzika midzi mumudzi kiyi kuti ikanzurwe.
Mhanya unotevera kuraira kuti ugadzire isina kusaina midzi kiyi hashi kukanzura kompakiti chitupa:
quartus_pfg -ccert -o -ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 28

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Mhanya imwe yeinotevera mirairo kusaina isina kusaina midzi kiyi hash kukanzura kompakiti chitupa:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” -keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
Unogona kuronga midzi kiyi hash kudzima kompakiti chitupa kuburikidza neJTAG, FPGA, kana HPS mabhokisi etsamba.

4.6. Programming Counter Fuses
Iwe unogadziridza Chengetedzo Shanduro Nhamba (SVN) uye Pseudo Nguva Stamp (PTS) counter fuse uchishandisa akasainwa kompakiti zvitupa.

Cherechedza:

Iyo SDM inocherekedza hushoma hwekaunda ukoshi yakaonekwa panguva yakapihwa zvigadziriso uye haigamuchire zvitupa zve counter increment kana iyo counter value idiki pane yakaderera kukosha. Iwe unofanirwa kuvandudza zvinhu zvese zvakapihwa pakaunda uye kugadzirisa zvakare mudziyo usati wagadzira counter increment compact chitupa.

Mhanya imwe yeinotevera mirairo inoenderana nekaunda increment chitupa chaunoda kugadzira.
quartus_pfg -ccert -o ccert_type=PTS_COUNTER -o counter= unsigned_pts.ccert

quartus_pfg -ccert -o ccert_type=SVN_COUNTER_A -o counter= unsigned_svnA.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter= unsigned_svnB.ccert

quartus_pfg -ccert -o ccert_type=SVN_COUNTER_C -o counter= unsigned_svnC.ccert

quartus_pfg -ccert -o ccert_type=SVN_COUNTER_D -o counter= unsigned_svnD.ccert

A counter value ye1 inogadzira counter increment mvumo setifiketi. Kugadzira counter increment mvumo yekompakiti setifiketi kunoita kuti iwe ugone kuronga zvimwe zvisina kusaina counter increment zvitupa kuti uvandudze iyo counter. Iwe unoshandisa quartus_sign chishandiso kusaina counter compact zvitupa nenzira yakafanana kune kiyi yekukanzura ID zvitupa compact.
Unogona kuronga midzi kiyi hash kudzima kompakiti chitupa kuburikidza neJTAG, FPGA, kana HPS mabhokisi etsamba.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 29

4. Device Provisioning 683823 | 2023.05.23

4.7. Chengetedza Data Object Service Root Key Provisioning
Iwe unoshandisa Intel Quartus Prime Programmer kupa Secure Data Object Service (SDOS) midzi kiyi. Iyo Programmer inotakura otomatiki iyo yekugovera firmware mubatsiri mufananidzo kupa iyo SDOS midzi kiyi.
quartus_pgm c 1 m jtag -service_root_key -non_volatile_key

4.8. Chengetedzo Setting Fuse Provisioning
Shandisa Intel Quartus Prime Programmer kuti uongorore kuchengetedzwa kwemudziyo kuseta fuse uye nyora kune zvinyorwa-based .fuse file sezvinotevera:
quartus_pgm -c 1 -mjtag -o "ei;programming_file.fuse;AGFB014R24B”

Sarudzo · i: Iyo Programmer inotakura iyo yekugovera firmware mubatsiri mufananidzo kune mudziyo. · e: The Programmer anoverenga fiyuzi kubva mudziyo uye anochengeta mu .fuse file.

The .fuse file ine runyoro rwefuse zita-value pairs. Ukoshi hunotsanangura kana fuse yaridzwa kana zviri mukati mendima yefuse.

Anotevera example inoratidza chimiro che .fuse file:

# Co-yakasaina firmware

= "Haina kuputika"

# Chidimbu Mvumo Kuuraya

= "Haina kuputika"

# Chishandiso hachina kuchengetedzeka

= "Haina kuputika"

# Dzima HPS debug

= "Haina kuputika"

# Dzima Intrinsic ID PUF kunyoresa

= "Haina kuputika"

# Dzima JTAG

= "Haina kuputika"

# Dzima PUF-yakaputirwa encryption kiyi

= "Haina kuputika"

# Dzima kiyi yekuvharidzira muridzi muBBRAM = "Haina kuputika"

# Dzivisa muridzi encryption kiyi mu eFuses = "Haina kuvhuvhuta"

# Dzima muridzi mudzi kiyi yeruzhinji hash 0

= "Haina kuputika"

# Dzima muridzi mudzi kiyi yeruzhinji hash 1

= "Haina kuputika"

# Dzima muridzi mudzi kiyi yeruzhinji hash 2

= "Haina kuputika"

# Dzima chaiwo eFuses

= "Haina kuputika"

# Sungidzira wachi yeSDM kune yemukati oscillator = "Isina kuputika"

# Simba encryption kiyi yekuvandudza

= "Haina kuputika"

# Intel yakajeka kiyi kudzima

= "0"

# Kiya kuchengetedza eFuses

= "Haina kuputika"

# Muridzi encryption kiyi chirongwa chaitwa

= "Haina kuputika"

# Muridzi encryption kiyi chirongwa kutanga

= "Haina kuputika"

# Muridzi akajeka kiyi kudzima 0

= ""

# Muridzi akajeka kiyi kudzima 1

= ""

# Muridzi akajeka kiyi kudzima 2

= ""

# Muridzi fuse

"0x00000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000

0000000000000000000000”

# Muridzi midzi yeruzhinji kiyi hash 0

"0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Muridzi midzi yeruzhinji kiyi hash 1

"0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Muridzi midzi yeruzhinji kiyi hash 2

"0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Muridzi midzi yeruzhinji kiyi saizi

= "Hapana"

# PTS counter

= "0"

# PTS counter base

= "0"

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 30

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

# QSPI kutanga kunonoka # RMA Counter # SDMIO0 iri I2C # SVN counter A # SVN counter B # SVN counter C # SVN counter D

= “10ms” = “0” = “Haina kuvhuvhuta” = “0” = “0” = “0” = “0”

Shandura .fuse file kuseta yako yaunoda chengetedzo kuseta fuse. Mutsetse unotanga ne# unobatwa semutsara wekutaura. Kuronga chengetedzo yekumisikidza fuse, bvisa inotungamira # uye isa kukosha kuBlown. For example, kugonesa iyo Co-yakasaina Firmware chengetedzo yekumisikidza fuse, shandura mutsara wekutanga wefuse file kune zvinotevera:
Co-signed firmware = "Kuputika"

Iwe unogona zvakare kugovera uye kuronga iwo Muridzi Fuse zvichienderana nezvaunoda.
Unogona kushandisa murairo unotevera kuita cheki isina chinhu, chirongwa, uye simbisa muridzi midzi yeruzhinji kiyi:
quartus_pgm -c 1 -mjtag -o "ibpv;root0.qky"

Sarudzo · i: Inotakura iyo yekugovera firmware mubatsiri mufananidzo kune mudziyo. b: Inoita cheki isina chinhu kuratidza kuti yaunoda kuchengetedzwa kwemafuse haasi
yatofuridzwa. · p: Zvirongwa fiyuzi. · v: Inosimbisa kiyi yakarongwa pamudziyo.
Mushure mekugadzirisa .qky file, unogona kuongorora ruzivo rwefuse nekutarisa ruzivo rwefuse zvakare kuti uve nechokwadi chekuti muridzi wekiyi yeruzhinji hashi uye muridzi wekiyi yeruzhinji saizi ine asiri-zero values.
Nepo minda inotevera isinganyorwi kuburikidza ne.fuse file nzira, ivo vanosanganisirwa panguva yekuongorora oparesheni kubuda kuti zvionekwe: · Chishandiso hachina kuchengetedzeka · Chidimbu chemvumo uraya · Dzimai muridzi mudzi public kiyi hashi 0 · Dzima muridzi mudzi kiyi yeruzhinji hashi 1 · Dzima muridzi midzi yeruzhinji kiyi hashi 2 · Intel key cancellation · Owner encryption key program start · Owner encryption key programme · Owner key cancellation · Owner public key hashi · Muridzi public key size · Owner root public key hashi 0 · Owner root public key hashi 1 · Owner root public key hashi 2

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 31

4. Device Provisioning 683823 | 2023.05.23
· PTS counter · PTS counter base · QSPI start up delay · RMA counter · SDMIO0 is I2C · SVN counter A · SVN counter B · SVN counter C · SVN counter D
Shandisa Intel Quartus Prime Programmer kuronga .fuse file kudzokera kumudziyo. Kana iwe ukawedzera iyo i sarudzo, iyo Programmer inotakura otomatiki iyo yekupa firmware kuronga chengetedzo yekumisikidza fuse.
// Zvemuviri (zvisingaite) eFuses quartus_pgm -c 1 -m jtag -o “pi;programming_file.fuse” –non_volatile_key
// Yechokwadi (inoshanduka) eFuses quartus_pgm -c 1 -m jtag -o “pi;programming_file.fuse”
Unogona kushandisa murairo unotevera kuona kana kiyi yemudziyo hashi yakafanana neiyo .qky yakapihwa mukuraira:
quartus_pgm -c 1 -mjtag -o "v;root0_another.qky"
Kana makiyi asingaenderane, Programmer inotadza neOperation yakundikana meseji.
4.9. AES Root Kiyi Kupa
Iwe unofanirwa kushandisa yakasainwa AES midzi kiyi kompakiti chitupa kuronga AES mudzi kiyi kune Intel Agilex 7 mudziyo.
4.9.1. AES Root Key Compact Certificate
Unoshandisa quartus_pfg command line tool kushandura AES root key yako .qek file mu compact certificate .cert format. Iwe unotsanangura kiyi yekuchengetera nzvimbo uchigadzira iyo compact chitupa. Unogona kushandisa quartus_pfg chishandiso kugadzira chitupa chisina kusaina chekuzosaina. Iwe unofanirwa kushandisa siginecha cheni ine AES midzi kiyi chitupa chekusaina mvumo, mvumo bit 6, inogoneswa kuitira kuti ubudirire kusaina AES midzi kiyi compact chitupa.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 32

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
1. Gadzira imwe kiyi yekuwedzera inoshandiswa kusaina AES kiyi kompakiti chitupa uchishandisa imwe yeinotevera command exampzvishoma:
quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 aesccert1_private.pem
quartus_sign -family=agilex -operation=make_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen mechanism ECDSA-KEY-PAIR-GEN -key-type EC: secp384r1 -kushandiswa-chiratidzo -label aesccert1 -id 2
2. Gadzira siginicha cheni ine mvumo chaiyo bhiti set uchishandisa imwe yeinotevera mirairo:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccertqky_sign_chain.
quartus_sign –family=agilex –operation=append_key –module=softHSM -module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” root2 -previous_qky=root0.qky -permission=0x0 -cancel=40 -input_keyname=aesccert1 aesccert1_sign_chain.qky
3. Gadzira isina kusaina AES compact certificate yeinodiwa AES mudzi kiyi yekuchengetedza nzvimbo. Inotevera AES midzi kiyi yekuchengetedza sarudzo dziripo:
EFUSE_WRAPPED_AES_KEY
IID_PUF_WRAPPED_AES_KEY
UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
· BBRAM_IID_PUF_WRAPPED_AES_KEY
· BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
//Gadzira eFuse AES midzi kiyi isina kusaina chitupa quartus_pfg -ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.cert
4. Saina compact certificate nequartus_sign command kana referensi kuita.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_sign_chain.qky unsigned_1.ccert signed_1.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 33

4. Device Provisioning 683823 | 2023.05.23

–keyname=aesccert1 –qky=aesccert1_sign_chain.qky unsigned_1.ccert signed_1.ccert
5. Shandisa Intel Quartus Prime Programmer kuronga AES mudzi kiyi kompakiti chitupa kune Intel Agilex 7 mudziyo kuburikidza J.TAG. Iyo Intel Quartus Prime Programmer inotadza kuronga eFuse chaiyo kana uchishandisa EFUSE_WRAPPED_AES_KEY compact certificate type.
Iwe unowedzera iyo -non_volatile_key sarudzo yekutsanangura hurongwa hwemafusi emuviri.
// Zvemuviri (zvisingaite) eFuse AES mudzi kiyi quartus_pgm -c 1 -m jtag -o “pi;signed_efuse1.ccert” –non_volatile_key

// Yechokwadi (inoshanduka) eFuse AES midzi kiyi quartus_pgm -c 1 -m jtag -o “pi;signed_efuse1.ccert”

// Ye BBRAM AES midzi kiyi quartus_pgm -c 1 -m jtag -o "pi;signed_bram1.ccert"

Iyo SDM yekupa firmware uye main firmware inotsigira AES midzi kiyi chitupa chirongwa. Iwe unogona zvakare kushandisa iyo SDM mailbox interface kubva kuFPGA jira kana HPS kuronga AES midzi kiyi chitupa.

Cherechedza:

Murairo wequartus_pgm hautsigire sarudzo b uye v yezvitupa zvecompact(.cert).

4.9.2. Intrinsic ID® PUF AES Root Key Provisioning
Kuita Intrinsic* ID PUF yakaputirwa AES Key inosanganisira anotevera matanho: 1. Kunyoresa Intrinsic ID PUF kuburikidza naJ.TAG. 2. Kuputira AES mudzi kiyi. 3. Kuronga data yemubatsiri uye kiyi yakaputirwa muquad SPI flash memory. 4. Kubvunza iyo Intrinsic ID PUF activation mamiriro.
Kushandiswa kweIntrinsic ID tekinoroji kunoda chibvumirano cherezinesi chakasiyana neIntrinsic ID. Intel Quartus Prime Pro Edition software inorambidza PUF mashandiro pasina rezinesi rakakodzera, sekunyoresa, kiyi kuputira, uye PUF data programming kuQSPI flash.

4.9.2.1. Intrinsic ID PUF Kunyoresa
Kuti unyore iyo PUF, unofanirwa kushandisa iyo SDM yekupa firmware. Iyo yekugovera firmware inofanirwa kunge iri yekutanga firmware kurodha mushure mekutenderera kwemagetsi, uye iwe unofanirwa kuburitsa iyo PUF yekunyoresa kuraira pamberi peumwe murairo. Iyo yekugovera firmware inotsigira mimwe mirairo mushure mekunyoresa PUF, kusanganisira AES midzi kiyi kuputira uye programming quad SPI, zvisinei, iwe unofanirwa kutenderedza mudziyo kurodha bitstream yekumisikidza.
Unoshandisa Intel Quartus Prime Programmer kuti utange kunyoresa PUF uye kugadzira PUF mubatsiri data .puf file.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 34

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Mufananidzo 7.

Intrinsic ID PUF Kunyoresa
quartus_pgm PUF Kunyoresa

Kunyoresa PUF mubatsiri data

Chengetedza Device Manager (SDM)

wrapper.puf Helper Data
Iyo Programmer inoisa yega yegadziriro firmware mubatsiri mufananidzo paunotsanangura zvose i oparesheni uye .puf nharo.
quartus_pgm -c 1 -mjtag -o “ei;help_data.puf;AGFB014R24A”
Kana uri kushandisa co-signed firmware, unoronga co-signed firmware mubatsiri mufananidzo usati washandisa PUF kunyoresa murairo.
quartus_pgm -c 1 -mjtag -o “p;signed_provision_helper_image.rbf” –force quartus_pgm -c 1 -mjtag -o “e;help_data.puf;AGFB014R24A”
Iyo UDS IID PUF inonyoreswa panguva yekugadzira mudziyo, uye haisi kuwanikwa kuti inyorezve. Pane kudaro, unoshandisa Programmer kuona nzvimbo yeUDS PUF mubatsiri data paIPCS, dhawunirodha .puf file zvakananga, uye ipapo shandisa UDS .puf file nenzira imwechete se.puf file yakatorwa kubva kune Intel Agilex 7 mudziyo.
Shandisa murairo unotevera weProgrammer kugadzira chinyorwa file ine runyorwa rwe URLs inongedza kune mudziyo-chaiwo files paIPCS:
quartus_pgm -c 1 -mjtag -o “e;ipcs_urls.txt;AGFB014R24B” -ipcs_urls
4.9.2.2. Kupeta iyo AES Root Kiyi
Unoburitsa IID PUF yakaputirwa AES mudzi kiyi .wkey file nekutumira chitupa chakasainwa kuSDM.
Unogona kushandisa Intel Quartus Prime Programmer kuti ugadzire, kusaina, uye kutumira chitupa chekuputira AES midzi kiyi, kana unogona kushandisa Intel Quartus Prime Programming. File Jenareta kugadzira chitupa chisina kusainwa. Iwe unosaina chitupa chisina kusaina uchishandisa chako maturusi kana Quartus kusaina chishandiso. Iwe wobva washandisa iyo Programmer kutumira chitupa chakasainwa uye kuputira yako AES midzi kiyi. Chitupa chakasainwa chinogona kushandiswa kuronga zvese zvishandiso zvinogona kusimbisa siginecha cheni.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 35

4. Device Provisioning 683823 | 2023.05.23

Mufananidzo 8.

Kupeta kiyi yeAES Uchishandisa Intel Quartus Prime Programmer
.pem Private
Key

.qky

quartus_pgm

Putira kiyi yeAES

AES.QSKigYnature RootCPhuabilnic Key

Gadzira PUF Yakaputirwa Kiyi

Yakaputirwa AES Kiyi

SDM

.qek Encryption
Key

.wkey PUF-Yakaputirwa
AES Key

1. Unogona kugadzira IID PUF yakamonerwa AES root key (.wkey) neProgrammer uchishandisa nharo dzinotevera:
· The .qky file ine siginecha cheni ine AES midzi kiyi chitupa mvumo
· The private .pem file yekiyi yekupedzisira mune siginicha cheni
· The .qek file akabata kiyi yeAES mudzi
· Iyo 16-byte yekutanga vector (iv).

quartus_pgm -c 1 -mjtag -qky_file=aes0_sign_chain.qky -pem_file=aes0_sign_private.pem -qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”

2. Neimwe nzira, unogona kugadzira isina kusaina IID PUF inoputira AES midzi kiyi chitupa neProgramming. File Jenereta uchishandisa zvinotevera nharo:

quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert

3. Unosaina chitupa chisina kusaina nemidziyo yako yekusaina kana quartus_sign chishandiso uchishandisa murairo unotevera:

quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert sign_aes.ccert

4. Unobva washandisa Programmer kutumira chitupa cheAES chakasainwa uye wodzorera kiyi yakaputirwa (.wkey) file:

quarts_pgm -c 1 -mjtag -cert_file=signed_aes.ccert -o “ei;aes.wkey;AGFB014R24A”

Ongorora: Iyo i operation haina kudikanwa kana iwe wakamboisa iyo yekupa firmware mubatsiri mufananidzo, weexample, kunyoresa iyo PUF.

4.9.2.3. Kuronga Mubatsiri Dhata uye Yakaputirwa Kiyi kuQSPI Flash Memory
Iwe unoshandisa iyo Quartus Programming File Jenareta graphical interface yekuvaka yekutanga QSPI flash mufananidzo ine PUF partition. Iwe unofanirwa kugadzira uye kuronga yakazara flash programming mufananidzo kuti uwedzere chikamu chePUF kune QSPI flash. Kugadzirwa kwePUF

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 36

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Mufananidzo 9.

data partition uye kushandiswa kwePUF mubatsiri data uye akaputirwa kiyi files yekugadzira mufananidzo weflash haitsigirwe kuburikidza neProgramming File Generator command line interface.
Matanho anotevera anoratidza kuvaka flash programming mufananidzo nePUF mubatsiri data uye akaputirwa kiyi:
1. Pa File menyu, tinya Programming File Jenareta. PaKubuda Files tab ita sarudzo dzinotevera:
a. YeMudziyo Mhuri sarudza Agilex 7.
b. PaKugadzirisa modhi sarudza Active Serial x4.
c. Nezve Output directory tarisa kune zvaunobuda file directory. Ex uyuample inoshandisa output_files.
d. PaZita, tsanangura zita rechirongwa file kugadzirwa. Ex uyuample inoshandisa output_file.
e. Pazasi Tsanangudzo sarudza iyo programming files kugadzira. Ex uyuampinogadzira iyo JTAG Indirect configuration File (.jic) yekugadzirisa mudziyo uye Raw Binary File yeProgramming Helper Image (.rbf) yemufananidzo wemubatsiri wemudziyo. Ex uyuampuye inosarudzawo sarudzo yeMemory Mepu File (.map) uye Raw Programming Data File (.rpd). Iyo yakasvibira programming data file zvinodikanwa chete kana ukaronga kushandisa wechitatu-bato programmer mune ramangwana.
Programming File Jenareta - Kubuda Files Tab - Sarudza JTAG Indirect Configuration

Device Family Configuration mode
Output file tab
Output directory
JTAG Indirect (.jic) Memory Mepu File Programming Mubatsiri Raw Programming Data
PaInput Files tab, ita sarudzo dzinotevera: 1. Dzvanya Wedzera Bitstream uye tsvaga kune yako .sof. 2. Sarudza yako .sof file wobva wadzvanya Properties.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 37

4. Device Provisioning 683823 | 2023.05.23
a. Batidza Vhura chishandiso chekusaina. b. For Private key file select your .pem file. c. Batidza Finalize encryption. d. For Encryption kiyi file select your .qek file. e. Dzvanya OK kuti udzokere kuhwindo rekare. 3. Kutsanangura data rako remubatsiri wePUF file, tinya Wedzera Raw Data. Change the Files yemhando yekudonha-pasi menyu kuQuartus Physical Uncloble Function File (*.puf). Bhurawuza kune yako .puf file. Kana uri kushandisa zvese IID PUF neUDS IID PUF, dzokorora danho iri kuti .puf files yePUF yega yega inowedzerwa sekuisa files. 4. Kutsanangura kiyi yako yakaputirwa yeAES file, tinya Wedzera Raw Data. Change the Files yemhando yekudonha-pasi menyu kuQuartus Yakaputirwa Kiyi File (*.wkey). Bhurawuza kune yako .wkey file. Kana wakapeta makiyi eAES uchishandisa ese IID PUF uye UDS IID PUF, dzokorora danho iri kuti .wkey files yePUF yega yega inowedzerwa sekuisa files.
Mufananidzo 10. Taura Input Files for Configuration, Authentication, uye Encryption

Wedzera Bitstream Wedzera Raw Data
Properties
Private kiyi file
Pedzisa encryption Encryption kiyi
Pane iyo Configuration Device tab, ita sarudzo dzinotevera: 1. Click Add Device uye sarudza flash device yako kubva pane rondedzero yeflash iripo.
zvishandiso. 2. Sarudza configuration mudziyo iwe uchangobva kuwedzera uye baya Wedzera Partition. 3. MuKugadzirisa Partition dialog box yeInput file uye sarudza yako .sof kubva pa
dropdown list. Iwe unogona kuchengetedza zvisizvo kana kugadzirisa mamwe ma paramita mu Edit Partition dialog box.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 38

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
Mufananidzo 11. Kutsanangura yako .sof Configuration Bitstream Partition

Configuration Device
Edit Partition Wedzera .sof file

Wedzera Partition

4. Paunowedzera .puf uye .wkey sekuisa files, iyo Programming File Jenareta inogadzira otomatiki chikamu chePUF mune yako Configuration Chishandiso. Kuchengeta .puf uye .wkey muchikamu chePUF, sarudza chikamu chePUF uye baya Edit. MuBhokisi reKugadzirisa Chikamu chebhokisi, sarudza .puf yako uye .wkey files kubva pamadonhwe ekudonha. Kana iwe ukabvisa iyo PUF partition, iwe unofanirwa kubvisa uye kuwedzera zvakare iyo yekumisikidza mudziyo weProgramming. File Jenareta kugadzira imwe PUF partition. Unofanira kuona kuti wasarudza yakarurama .puf uye .wkey file yeIID PUF uye UDS IID PUF, zvichiteerana.
Mufananidzo 12. Wedzera .puf uye .wkey files kune chikamu chePUF

Chikamu chePUF

Edit

Edit Partition

Flash Loader

Sarudza Gadzira

5. Nokuda kweFlash Loader parameter sarudza mhuri yeIntel Agilex 7 yemudziyo uye zita remudziyo rinoenderana neIntel Agilex 7 OPN yako.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 39

4. Device Provisioning 683823 | 2023.05.23
6. Dzvanya Gadzira kuti ubudise zvakabuda files yawakatsanangura paOutput Files tebhu.
7. The Programming File Jenareta inoverenga yako .qek file uye inokuzivisa iwe papassword yako. Nyora passphrase yako uchipindura Enter QEK passphrase prompt. Baya Enter kiyi.
8. Click OK apo Programming File Jenareta inoshuma kugadzirwa kwakabudirira.
Iwe unoshandisa Intel Quartus Prime Programmer kunyora iyo QSPI programming mufananidzo kuQSPI flash memory. 1. PaIntel Quartus Prime Tools menyu sarudza Programmer. 2. MuProgrammer, tinya Hardware Setup uye wosarudza Intel yakabatana
FPGA Dhawunirodha Cable. 3. Dzvanya Wedzera File uye tsvaga kune yako .jic file.
Mufananidzo 13. Chirongwa .jic

Programming file

Chirongwa/Gadzirisa

JTAG scan chain
4. Usasarudza bhokisi rakabatana nemufananidzo weMubatsiri. 5. Sarudza Chirongwa/Gadzirisa nokuda kwekubuda kwe.jic file. 6. Batidza bhatani reKutanga kuronga yako quad SPI flash memory. 7. Simba kutenderera bhodhi rako. Iyo dhizaini yakarongwa kune quad SPI flash memory
mudziyo unobva waremerwa mune yakananga FPGA.
Iwe unofanirwa kugadzira uye kuronga iyo yakazara flash programming mufananidzo kuti uwedzere chikamu chePUF kune quad SPI flash.
Kana chikamu chePUF chave chiripo mumwenje, zvinokwanisika kushandisaIntel Quartus Prime Programmer kuti uwane zvakananga iyo PUF mubatsiri data uye yakaputirwa kiyi. files. For example, kana activation isingabudiriri, zvinokwanisika kunyoresazve PUF, kupetazve kiyi yeAES, uye zvino ronga chete iyo PUF. files pasina kunyora pasi iyo flash yese.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 40

Send Feedback

4. Device Provisioning 683823 | 2023.05.23
Iyo Intel Quartus Prime Programmer inotsigira iyo inotevera Operation nharo yePUF files mune yakagara iripo PUF partition:
· p: chirongwa
v: simbisa
· r: dzima
b: cheki isina chinhu
Iwe unofanirwa kutevedzera zvirambidzo zvakafanana zvekunyoresa kwePUF, kunyangwe kana chikamu chePUF chiripo.
1. Shandisa i oparesheni nharo kurodha iyo yekupa firmware mubatsiri mufananidzo wekutanga kushanda. For example, iyo inotevera yekuraira kutevedzana inonyora zvakare iyo PUF, peta zvakare AES midzi kiyi, dzima yekare PUF mubatsiri data uye yakaputirwa kiyi, wozoronga uye simbisa iyo itsva PUF mubatsiri data uye AES midzi kiyi.
quartus_pgm -c 1 -mjtag -o “ei;new.puf;AGFB014R24A” quartus_pgm -c 1 -mjtag -cert_file=signed_aes.ccert -o “e;new.wkey;AGFB014R24A” quartus_pgm -c 1 -mjtag -o “r;old.puf” quartus_pgm -c 1 -mjtag -o “r; old.wkey” quartus_pgm -c 1 -m jtag -o “p;new.puf” quartus_pgm -c 1 -mjtag -o “p;new.wkey” quartus_pgm -c 1 -mjtag -o “v;new.puf” quartus_pgm -c 1 -mjtag -o "v; new.wkey"
4.9.2.4. Kubvunza Intrinsic ID PUF Activation Status
Mushure mekunyoresa iyo Intrinsic ID PUF, peta kiyi yeAES, gadzira iyo flash programming files, uye gadzirisa iyo quad SPI flash, iwe simba kutenderera mudziyo wako kukonzeresa PUF activation uye gadziriso kubva kune yakavharidzirwa bitstream. Iyo SDM inoshuma iyo PUF activation mamiriro pamwe neiyo yekumisikidza mamiriro. Kana PUF activation ikatadza, iyo SDM inoshuma iyo PUF yekukanganisa mamiriro. Shandisa iyo quartus_pgm kuraira kubvunza mamiriro ekugadzirisa.
1. Shandisa murairo unotevera kubvunza mamiriro ekuita:
quartus_pgm -c 1 -mjtag -status -status_type = "CONFIG"
Heino sample output kubva kune yakabudirira activation:
Info (21597): Mhinduro yeCONFIG_STATUS Mudziyo uri kushanda mushandisi 00006000 RESPONSE_CODE=OK, LENGTH=6 00000000 STATE=IDLE 00160300 Shanduro C000007B MSEL=QSPI_NORM=1, nSTACONTVID=1, nSTACONTVID=1, nSTACONTVID=XNUMX,
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Nzvimbo yeChikanganiso 00000000 Tsanangudzo yemhosho Mhinduro yePUF_STATUS 00002000 USER_STATUS 2 RESPONSE=00000500LENGIXNUMX. ID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 41

4. Device Provisioning 683823 | 2023.05.23

Kana uri kungoshandisa IID PUF kana UDS IID PUF, uye usati wagadzira data rekubatsira .puf file kune chero PUF muQSPI flash, iyo PUF haibatike uye chimiro chePUF chinoratidza kuti PUF mubatsiri data harisi kushanda. Anotevera example inoratidza iyo PUF mamiriro kana iyo PUF mubatsiri data isina kurongerwa chero PUF:
Mhinduro yePUF_STATUS 00002000 RESPONSE_CODE=OK, LENGTH=2 00000002 USER_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0

4.9.2.5. Nzvimbo yePUF muFlash Memory
Nzvimbo yePUF file yakasiyana nemagadzirirwo anotsigira RSU uye madhizaini asingatsigire chimiro cheRSU.

Pamagadzirirwo asingatsigire RSU, unofanira kusanganisira .puf uye .wkey files paunogadzira yakagadziridzwa flash mifananidzo. Kune madhizaini anotsigira RSU, iyo SDM hainyore iyo PUF data zvikamu panguva yefekitori kana maapplication image updates.

Tafura 2.

Flash Sub-Partitions Layout isina RSU Tsigiro

Flash Offset (mumabhaiti)

Saizi (mabhayiti)

Zviri mukati

Tsanangudzo

0K 256K

256K 256K

Configuration Management Firmware Configuration Management Firmware

Firmware inoshanda paSDM.

512K

256K

Configuration Management Firmware

768K

256K

Configuration Management Firmware

32K

PUF data kopi 0

Chimiro chedata chekuchengetedza PUF mubatsiri data uye PUF-yakaputirwa AES mudzi kiyi kopi 0

1M+32K

32K

PUF data kopi 1

Chimiro chedata chekuchengetedza PUF mubatsiri data uye PUF-yakaputirwa AES mudzi kiyi kopi 1

Tafura 3.

Flash Sub-Partitions Layout ine RSU Tsigiro

Flash Offset (mumabhaiti)

Saizi (mabhayiti)

Zviri mukati

Tsanangudzo

0K 512K

512K 512K

Sarudzo firmware Sarudzo firmware

Firmware yekuziva uye kurodha iyo yakanyanya kukosha mufananidzo.

1M 1.5M

512K 512K

Sarudzo firmware Sarudzo firmware

8K + 24K

Sarudzo firmware data

Padding

Yakachengeterwa kushandiswa kweSarudzo firmware.

2M + 32K

32K

Yakachengeterwa SDM

Yakachengeterwa SDM.

2M + 64K

Variable

Mufananidzo wefekitari

Mufananidzo wakapfava waunogadzira se backup kana mimwe mifananidzo yese yekushandisa ikatadza kurodha. Mufananidzo uyu unosanganisira CMF inoshanda paSDM.

32K

PUF data kopi 0

Chimiro chedata chekuchengetedza PUF mubatsiri data uye PUF-yakaputirwa AES mudzi kiyi kopi 0
akaenderera…

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 42

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Flash Offset (mumabhaiti)

Saizi (mabhayiti)

Inotevera +32K 32K

Zviri mukati PUF data kopi 1

Inotevera + 256K 4K Inotevera +32K 4K Inotevera +32K 4K

Sub-partition tafura kopi 0 Sub-partition tafura kopi 1 CMF pointer block kopi 0

Next +32K _

CMF pointer block kopi 1

Variable Variable

Mufananidzo wekushandisa 1 Chishandiso mufananidzo 2

4.9.3. Black Key Provisioning

Tsanangudzo
Chimiro chedata chekuchengetedza PUF mubatsiri data uye PUF-yakaputirwa AES mudzi kiyi kopi 1
Chimiro chedata kufambisa manejimendi ekuchengetedza flash.
Rondedzero yeanongedza kumifananidzo yekushandisa mukurongeka kwekutanga. Paunowedzera mufananidzo, mufananidzo iwoyo unova wepamusoro-soro.
Yechipiri kopi yerondedzero yeanongedza kumifananidzo yekushandisa.
Mufananidzo wako wekutanga wekushandisa.
Mufananidzo wako wechipiri wekushandisa.

Cherechedza:

TheIntel Quartus PrimeProgrammer inobatsira mukugadzira hukama hwakachengeteka pakati peIntel Agilex 7device uye dema kiyi yekupa sevhisi. Iyo yakachengeteka yekubatanidza inotangwa kuburikidza ne https uye inoda akati wandei zvitupa zvinoonekwa uchishandisa chinyorwa file.
Paunenge uchishandisa Black Key Provisioning, Intel inokurudzira kuti udzivise kunze kubatanidza pini yeTCK kudhonza kumusoro kana kudonhedza chinopikisa uchiri kuishandisa kuJ.TAG. Nekudaro, unogona kubatanidza pini yeTCK kune VCCIO SDM magetsi uchishandisa gumi k resistor. Nhungamiro iripo muPin Connection Guidelines yekubatanidza TCK kune 10 k yekudhonza-pasi resistor inosanganisirwa yekudzvinyirira ruzha. Shanduko yekutungamira kune 1 k yekudhonza-up resistor haikanganisi mudziyo unoshanda. Kuti uwane rumwe ruzivo nezve kubatanidza pini yeTCK, tarisa kuIntel Agilex 10 Pin Connection Guidelines.
Thebkp_tls_ca_certcertificate inosimbisa yako nhema kiyi yekupa sevhisi muenzaniso kune yako nhema kiyi yekupa programmer muenzaniso. Thebkp_tls_* zvitupa zvinosimbisa yako nhema kiyi yekupa programmer muenzaniso kune yako nhema kiyi yekupa sevhisi sevhisi.
Iwe gadzira chinyorwa file ine ruzivo rwakakosha rweIntel Quartus Prime Programmer kuti ibatanidze kune dema kiyi yekupa sevhisi. Kuti utange dema kiyi yekupa, shandisa iyo Programmer command line interface kutsanangura iyo dema kiyi yekupa sarudzo zvinyorwa file. Iyo dema kiyi yekupa inozoenderera otomatiki. Kuti uwane iyo dema kiyi yekupa sevhisi uye zvinyorwa zvakabatana, ndapota taura neIntel Support.
Unogona kugonesa kiyi nhema kupa uchishandisa thequartus_pgmcommand:
quartus_pgm -c -m -device –bkp_options=bkp_options.txt
Mitemo yemirairo inotsanangura ruzivo runotevera:

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 43

4. Device Provisioning 683823 | 2023.05.23

· -c: nhamba yetambo · -m: inotsanangura nzira yekugadzira senge JTAG · -device: inotsanangura mudziyo indekisi paJTAG chain. Default value i1. · -bkp_options: inotsanangura chinyorwa file ine black key provisioning options.
Ruzivo Rwakabatana Intel Agilex 7 Chishandiso Mhuri Pin Yekubatanidza Mirayiridzo

4.9.3.1. Black Key Provisioning Sarudzo
Iyo dema kiyi yekupa sarudzo chinyorwa file yakapfuura kuPurogiramu kuburikidza nemurairo we quartus_pgm. The file ine ruzivo runodiwa kukonzeresa kupihwa kiyi kiyi.
Inotevera ndeye example of the bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = root.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.proxy_1234 https://192.167.5.5:5000 bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password

Tafura 4.

Black Key Provisioning Sarudzo
Tafura iyi inoratidza sarudzo dzinodiwa kukonzeresa kupihwa kiyi kiyi.

Sarudzo Zita

Type

Tsanangudzo

bkp_ip

Zvinodiwa

Inotsanangura sevha IP kero inoshandisa dema kiyi yekupa sevhisi.

bkp_port

Zvinodiwa

Inotsanangura dema kiyi yekupa sevhisi port inodiwa kuti ubatanidze kune server.

bkp_cfg_id

Zvinodiwa

Inozivisa kiyi nhema yekupa dhizaini yekuyerera ID.
Nhema kiyi yekupa sevhisi inogadzira iyo dema kiyi yekupa dhizaini inoyerera inosanganisira AES midzi kiyi, inodiwa eFuse marongero, uye mamwe dema kiyi yekupa mvumo sarudzo. Nhamba yakapihwa panguva yedema kiyi yekupa sevhisi yekumisikidza inoratidza iyo dema kiyi yekupa yekumisikidza inoyerera.
Ongorora: Zvishandiso zvakawanda zvinogona kureva kune imwechete dema kiyi yekupa masevhisi kuyerera.

bkp_tls_ca_cert

Zvinodiwa

Iyo mudzi TLS chitupa chinoshandiswa kuona iyo dema kiyi yekupa masevhisi kuIntel Quartus Prime Programmer (Programmer). Chiremera cheSitifiketi chinovimbwa cheiyo nhema kiyi yekupa sevhisi inopa chitupa ichi.
Kana iwe uchimhanyisa Programmer pakombuta ine Microsoft® Windows® inoshanda sisitimu (Windows), unofanira kuisa chitupa ichi muchitoro chezvitupa zveWindows.

bkp_tls_prog_cert

Zvinodiwa

Chitupa chakagadzirwa semuenzaniso weiyo dema kiyi yekupa Programmer (BKP Programmer). Iyi ndiyo https mutengi chitupa chinoshandiswa kuratidza iyi BKP programmer muenzaniso
akaenderera…

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 44

Send Feedback

4. Device Provisioning 683823 | 2023.05.23

Sarudzo Zita

Type

bkp_tls_prog_key

Zvinodiwa

bkp_tls_prog_key_pass Optional

bkp_proxy_address bkp_proxy_user bkp_proxy_password

Optional Optional Optional

Tsanangudzo
kune dema kiyi yekupa sevhisi. Iwe unofanirwa kuisa uye kubvumidza ichi chitupa mune dema kiyi yekupa sevhisi usati watanga dema kiyi yekupa chikamu. Kana iwe uchimhanyisa Chirongwa paWindows, iyi sarudzo haisipo. Muchiitiko ichi, bkp_tls_prog_key inotosanganisira chitupa ichi.
Kiyi yakavanzika inoenderana neiyo BKP Programmer chitupa. Kiyi inosimbisa kuzivikanwa kweiyo BKP Programmer muenzaniso kune dema kiyi yekupa sevhisi. Kana uchimhanyisa Chirongwa paWindows, iyo .pfx file inosanganisa bkp_tls_prog_cert chitupa uye kiyi yakavanzika. Iyo bkp_tlx_prog_key sarudzo inodarika iyo .pfx file mu bkp_options.txt file.
Pasiwedhi yekiyi bkp_tls_prog_key yakavanzika. Hazvidiwi mumavara matema ekupa magadzirirwo (bkp_options.txt). file.
Inotsanangura iyo proxy server URL kero.
Inotsanangura zita rekushandisa sevhavha.
Inotsanangura password yekusimbisa proxy.

4.10. Kushandura Muridzi Mudzi Kiyi, AES Root Kiyi Zvitupa, uye Fuse files kusvika kuJam STAPL File Formats

Unogona kushandisa quartus_pfg command-line command kutendeutsa .qky, AES root key .cert, and .fuse files kusvika kuJam STAPL Format File (.jam) uye Jam Byte Code Format File (.jbc). Unogona kushandisa izvi files kuronga Intel FPGAs uchishandisa iyo Jam STAPL Player uye iyo Jam STAPL Byte-Code Player, zvichiteerana.

A single .jam kana .jbc ine mabasa akati wandei anosanganisira a firmware helper image configuration and program, blank cheki, uye ongororo yekiyi nefuse programming.

Yambiro:

Paunoshandura AES mudzi kiyi .ccrt file to .jam format, the .jam file ine kiyi yeAES mune plaintext asi yakabfuscated fomu. Naizvozvo, unofanira kudzivirira .jam file paunenge uchichengeta kiyi yeAES. Iwe unogona kuita izvi nekupa kiyi yeAES munzvimbo yakachengeteka.

Heano exampmirairo ye quartus_pfg yekushandura:

Quartus_pfg -c -o mubatsiri_do = Agfb014r24a "midzi, midzi, midzi, midzi." c -o helper_device=AGFB0R1A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB2R014A aes.ccert aes_ccert.jbc quartus_pfg -c -o helper_pfg 24 g -c -o helper_device=AGFB0R1A marongero. fuse settings_fuse.jbc

Kuti uwane rumwe ruzivo nezve kushandisa iyo Jam STAPL Player yekuronga mudziyo tarisa kune AN 425: Kushandisa iyo Command-Line Jam STAPL Solution yeChishandiso Chirongwa.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 45

4. Device Provisioning 683823 | 2023.05.23
Mhanya iyo inotevera mirairo kuronga muridzi mudzi kiyi yeruzhinji uye AES encryption kiyi:
// Kurodha mubatsiri bitstream muFPGA. // Iyo mubatsiri bitstream inosanganisira kupa firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//Kuronga muridzi wemudzi kiyi yeruzhinji mune chaiwo eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//Kuronga muridzi kiyi yeruzhinji mune zvemuviri eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//Kuronga muridzi wePR mudzi kiyi yeruzhinji kuita eFuses chaiyo quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//Kuronga muridzi wePR mudzi kiyi yeruzhinji mune zvemuviri eFuses quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
// Kuronga iyo AES encryption kiyi CCERT muBBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//Kuronga kiyi yeAES encryption CCERT mune eFuses yemuviri quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Ruzivo Rwakabatana AN 425: Kushandisa iyo Command-Line Jam STAPL Solution yeChishandiso Chirongwa

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 46

Send Feedback

683823 | 2023.05.23 Tumira Mhinduro

Advanced Features

5.1. Chengetedza Debug Mvumo
Kugonesa Yakachengeteka Debug Mvumo, muridzi wedebug anofanirwa kugadzira kiyi yekusimbisa maviri uye kushandisa Intel Quartus Prime Pro Programmer kugadzira ruzivo rwemudziyo. file kumudziyo unoshandisa mufananidzo wedebug:
quartus_pgm -c 1 -mjtag -o "ei;device_info.txt;AGFB014R24A" -dev_info
Muridzi wemudziyo anoshandisa quartus_sign turusi kana mareferenzi ekuita kuti awedzere makiyi ekupinda neruzhinji kune siginicha inoitirwa kugadzirisa mashandisiro achishandisa kiyi yeruzhinji kubva kumuridzi wedebug, mvumo inodiwa, zvinyorwa zveruzivo rwemudziyo. file, uye zvimwe zvinorambidzwa:
quartus_sign -family=agilex -operation=append_key -previous_pem=debug_chain_private.pem -previous_qky=debug_chain.qky -permission=0x6 -cancel=1 -dev_info=device_info.txt -restriction=”1,2,17,18pug_XNUMX″-XNUMX, debug_authorization_public_key.pem secure_debug_auth_chain.qky
Muridzi wemudziyo anotumira siginecha izere kumashure kumuridzi wedebug, uyo anoshandisa siginecha cheni nekiyi yavo yakavanzika kusaina mufananidzo wekugadzirisa:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
Iwe unogona kushandisa iyo quartus_pfg yekuraira kuti uongorore siginecha yechikamu chimwe nechimwe cheiyi yakasainwa yakachengeteka debug bitstream sezvinotevera:
quartus_pfg -check_integrity authorized_debug_design.rbf
Kubuda kwemurairo uyu kunodhinda zvirambidzo 1,2,17,18 zvekiyi yeruzhinji yakashandiswa kuburitsa iyo yakasainwa bitstream.
Muridzi wedebug anogona kuzoronga dhizaini yakachengeteka yakatenderwa debug:
quartus_pgm -c 1 -mjtag -o "p;authorized_debug_design.rbf"
Muridzi wemudziyo anogona kukanzura mvumo yedebug yakachengeteka nekukanzura iri pachena kiyi yekukanzura ID yakapihwa mumasiginecha emvumo yedebug.
5.2. HPS Debug Zvitupa
Kugonesa chete mvumo yekuwana iyo HPS debug yekupinda port (DAP) kuburikidza naJTAG interface inoda matanho akati wandei:

ISO 9001:2015 Yakanyoreswa

5. Advanced Features 683823 | 2023.05.23
1. Dzvanya iyo Intel Quartus Prime software Assignments menyu uye sarudza Device Device uye Pin Options Configuration tab.
2. MuChirongwa cheTabhu, gonesa HPS debug access port (DAP) nekusarudza chero HPS Pins kana SDM Pins kubva pane yekudonhedza menyu, uye nekuona kuti Bvumira HPS debug isina zvitupa checkbox haina kusarudzwa.
Mufananidzo 14. Taura Zvimwe HPS kana SDM Pini yeHPS DAP

HPS debug access port (DAP)
Neimwe nzira, unogona kuseta basa riri pazasi muQuartus Prime Settings .qsf file:
set_global_assignment -zita HPS_DAP_SPLIT_MODE "SDM PINS"
3. Gadzira uye takura dhizaini neaya marongero. 4. Gadzira siginicha cheni nemvumo dzakakodzera kusaina kugadzirisa kweHPS
chitupa:
quartus_sign –family=agilex –operation=append_key –previous_pem=root_private.pem –previous_qky=root.qky –permission=0x8 –cancel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_cert
5. Kumbira chitupa chisina kusainwa cheHPS chekugadzirisa kubva pamudziyo panoiswa dhizaini yekubvisa:
quartus_pgm -c 1 -mjtag -o “e;unsigned_hps_debug.cert;AGFB014R24A”
6. Saina chitupa chisina kusainwa cheHPS chekugadzirisa uchishandisa quartus_sign turusi kana referensi kuita uye HPS debug siginicha cheni:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.cert sign_hps_debug.cert

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 48

Send Feedback

5. Advanced Features 683823 | 2023.05.23
7. Tumira chitupa chakasainwa cheHPS chekugadzirisa kumudziyo kuti ugone kupinda paHPS debug access port (DAP):
quartus_pgm -c 1 -mjtag -o "p;signed_hps_debug.cert"
Chitupa cheHPS debug chinongoshanda kubva panguva yachakagadzirwa kusvika kutenderera kwemagetsi kunotevera kwemudziyo kana kusvika imwe mhando kana shanduro yeSDM firmware yaiswa. Iwe unofanirwa kugadzira, kusaina, uye kuronga iyo yakasainwa yeHPS debug chitupa, uye kuita ese ekugadzirisa mashandiro, usati waita simba bhasikoro mudziyo. Unogona kuita kuti chitupa chakasainwa cheHPS chisashande nemagetsi kubhaiza mudziyo.
5.3. Platform Attestation
Unogona kugadzira referensi yekuratidza (.rim) file kushandisa programming file generator tool:
quartus_pfg -c sign_encrypted_top.rbf top_rim.rim
Tevedza matanho aya kuti uve nechokwadi cheuchapupu hwepuratifomu mudhizaini yako: 1. Shandisa Intel Quartus Prime Pro Programmer kugadzirisa mudziyo wako ne
dhizaini yawakagadzira ratidziro yereferensi. 2. Shandisa platform attestation verifier kunyoresa mudziyo nekupa mirairo kune
SDM kuburikidza nebhokisi retsamba reSDM kugadzira chitupa ID ID uye firmware chitupa pakurodhazve. 3. Shandisa Intel Quartus Prime Pro Programmer kugadzirisa zvakare mudziyo wako nemagadzirirwo. 4. Shandisa platform attestation verifier kuti upe mirairo kuSDM kuti uwane ID yechiratidzo, firmware, uye alias zvitupa. 5. Shandisa mutsigiri wekusimbisa kuti ubudise SDM mailbox murairo kuti uwane uchapupu hwehuchapupu uye verifier inotarisa uchapupu hwakadzorerwa.
Iwe unogona kuita yako wega sevhisi sevhisi uchishandisa iyo SDM mailbox mirairo, kana kushandisa Intel papuratifomu yekusimbisa verifier sevhisi. Kuti uwane rumwe ruzivo nezve Intel papuratifomu atestation verifier sevhisi software, kuwanikwa, uye zvinyorwa, bata Intel Tsigiro.
Ruzivo Rwakabatana Intel Agilex 7 Chishandiso Mhuri Pin Yekubatanidza Mirayiridzo
5.4. Physical Anti-Tamper
Iwe unogonesa iyo yemuviri anti-tampmaficha achishandisa matanho anotevera: 1. Kusarudza mhinduro yaunoda kune yaonekwa tamper chiitiko 2. Kugadzirisa zvaunoda tamper yekuona nzira uye parameters 3. Kusanganisira anti-tamper IP mune yako dhizaini logic yekubatsira kubata anti-tamper
zviitiko

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 49

5. Advanced Features 683823 | 2023.05.23
5.4.1. Anti-Tamper Mhinduro
Iwe unogonesa muviri anti-tamper nekusarudza mhinduro kubva kuAnti-tamper mhinduro: kudonhedza runyoro paAssignment Device Device uye Pin Options Chengetedzo Anti-Tamper tab. Nokusingaperi, iyo anti-tamper mhinduro yakadzimwa. Zvikamu zvishanu zve anti-tampmhinduro dziripo. Paunosarudza mhinduro yaunoda, sarudzo dzekugonesa imwe kana dzakawanda nzira dzekuona dzinogoneswa.
Mufananidzo 15. Inowanikwa Anti-Tamper Response Options

Basa rinoenderana muQuartus Prime settings .gsf file ndizvo zvinotevera:
set_global_assignment -zita ANTI_TAMPER_RESPONSE "NOTIFICATION DEVICE PUPUTSA CHIKAYA CHECHINA UYE ZEROIZATION"
Paunogonesa anti-tamper mhinduro, unogona kusarudza maviri aripo SDM yakatsaurirwa I/O mapini ekuburitsa iyo tamper kuona chiitiko uye mamiriro ekupindura uchishandisa Assignment Device Device uye Pin Options Configuration Configuration Pin Options hwindo.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 50

Send Feedback

5. Advanced Features 683823 | 2023.05.23
Mufananidzo 16. Inowanikwa SDM yakatsaurirwa I/O Pini dzeTamper Kuonekwa kweChiitiko

Iwe unogona zvakare kuita anotevera pini mabasa muzvirongwa file: set_global_assignment -zita USE_TAMPER_DETECT SDM_IO15 set_global_assignment -zita ANTI_TAMPER_RESPONSE_FAILED SDM_IO16

5.4.2. Anti-Tamper Kuonekwa

Iwe wega unogona kugonesa frequency, tembiricha, uye voltage yekuona maficha eSDM. Kuonekwa kweFPGA kunoenderana nekusanganisira iyo Anti-Tamper Lite Intel FPGA IP mune yako dhizaini.

Cherechedza:

SDM frequency uye voltagetampnzira dzekuona dzinoenderana nereferensi yemukati uye kuyerwa kwehardware iyo inogona kusiyana pamidziyo yese. Intel inokurudzira kuti uratidze maitiro etamper kuona marongero.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 51

5. Advanced Features 683823 | 2023.05.23
Frequency tampKuonekwa kweer kunoshanda pane yekumisikidza wachi sosi. Kugonesa frequency tamppakuona, unofanira kudoma imwe sarudzo kunze kweInternal Oscillator muKugadzirisa wachi sosi kudonha paAssignment Device Device uye Pin Options General tab. Iwe unofanirwa kuve nechokwadi chekuti Run configuration CPU kubva mukati oscillator cheki bhokisi inogoneswa isati yagonesa iyo frequency t.ampkuwanikwa kwe. Mufananidzo 17. Kuisa SDM kuInternal Oscillator
Kugonesa frequency tamppakuona, sarudza iyo Inogonesa frequency tamper yekuona bhokisi uye sarudza yaunoda Frequency tamper yekuona kubva pane yekudonha menyu. Mufananidzo 18. Kugonesa Frequency Tamper Kuonekwa

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 52

Send Feedback

5. Advanced Features 683823 | 2023.05.23
Neimwe nzira, unogona kugonesa Frequency Tamper Kuonekwa nekuita shanduko dzinotevera kuQuartus Prime Settings .qsf file:
set_global_assignment -zita AUTO_RESTART_CONFIGURATION OFF set_global_assignment -zita DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ set_global_assignment -zita RUN_CONFIG_CPU_FROMCYCY_OSC ON set_global_assignment -global_assignmentAMPER_DETECTION PA set_global_assignment -zita FREQUENCY_TAMPER_DETECTION_RANGE 35
Kugonesa tembiricha tamper kuonekwa, sarudza Inogonesa tembiricha tamper yekutarisa bhokisi uye sarudza yaunoda tembiricha yepamusoro uye yakaderera miganhu muminda inoenderana. Iwo ekumusoro neakadzika mamiganhu anogarwa nekusarudzika neanoenderana tembiricha renji yemudziyo wakasarudzwa mukugadzira.
Kugonesa voltagetamppakuona, unosarudza imwe kana ose eEble VCCL voltagetampkuwonekwa kana Gonesa VCCL_SDM voltagetamper yekuona mabhokisi uye sarudza yaunoda Voltagetamper kuonekwa trigger percenttage mumunda unoenderana.
Mufananidzo 19. Kugonesa Voltaguye Tamper Kuonekwa

Neimwe nzira, unogona kugonesa Voltaguye Tamper Kuonekwa nekudoma mabasa anotevera mu.qsf file:
set_global_assignment -zita ENABLE_TEMPERATURE_TAMPER_DETECTION PANE set_global_assignment -zita TEMPERATURE_TAMPER_UPPER_BOUND 100 set_global_assignment -zita ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION PA set_global_assignment -zita ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION ON
5.4.3. Anti-Tampuye Lite Intel FPGA IP
Iyo Anti-Tamper Lite Intel FPGA IP, inowanikwa muIP katalogi muIntel Quartus Prime Pro Edition software, inofambisa kutaurirana pakati pedhizaini yako neSDM yet.amper zviitiko.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 53

Mufananidzo 20. Anti-Tampuye Lite Intel FPGA IP

5. Advanced Features 683823 | 2023.05.23

Iyo IP inopa zvinotevera zviratidzo zvaunobatanidza kune dhizaini yako sezvinodiwa:

Tafura 5.

Kurwisa-Tamper Lite Intel FPGA IP I/O Zviratidzo

Zita rechiratidzo

Direction

Tsanangudzo

gpo_sdm_at_event gpi_fpga_at_event

Output Inzwa Zvinotaurwa

SDM chiratidzo kune FPGA machira logic kuti SDM yaona tampchiitiko. Iyo FPGA pfungwa ine angangoita 5ms kuita chero yaunoda kuchenesa uye kupindura kuSDM kuburikidza ne gpi_fpga_at_response_done uye gpi_fpga_at_zeroization_done. Iyo SDM inoenderera mberi netamper mhinduro zviito kana gpi_fpga_at_response_done ichinzi kana pasina mhinduro inogamuchirwa munguva yakatarwa.
FPGA kukanganisa kune SDM iyo yako yakagadzirirwa anti-tamper discovery circuitry yaona tampchiitiko uye SDM tampmhinduro yacho inofanira kumutswa.

gpi_fpga_at_response_done

Input

FPGA inovhiringidza kune SDM iyo FPGA logic yaita yaidiwa kuchenesa.

gpi_fpga_at_zeroization_d imwe

Input

FPGA chiratidzo kuSDM kuti FPGA mantiki yapedza chero yaidiwa zeroization yedhizaini data. Ichi chiratidzo sampinotungamirwa kana gpi_fpga_at_response_done ichisimbiswa.

5.4.3.1. Kuburitsa Ruzivo

Iyo IP vhezheni chirongwa (X.Y.Z) nhamba inoshanduka kubva pane imwe software kuenda kune imwe. Shanduko mu:
X inoratidza kudzokororwa kukuru kweIP. Kana iwe ukagadziridza yako Intel Quartus Prime software, unofanira kudzorera IP.
Y inoratidza iyo IP inosanganisira zvinhu zvitsva. Gadzirisa IP yako kuti ubatanidze zvinhu zvitsva izvi.
Z inoratidza kuti IP inosanganisira shanduko diki. Gadzirisa IP yako kuti ubatanidze shanduko idzi.

Tafura 6.

Kurwisa-Tamper Lite Intel FPGA IP Release Ruzivo

IP Version

Item

Tsanangudzo 20.1.0

Intel Quartus Prime Version

21.2

Release Date

2021.06.21

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 54

Send Feedback

5. Advanced Features 683823 | 2023.05.23
5.5. Kushandisa Dhizaini Yekuchengetedza Zvimiro neRemote System Yekuvandudza
Remote System Update (RSU) iIntel Agilex 7 FPGAs chimiro chinobatsira mukugadzirisa zvigadziriso. files nenzira yakasimba. RSU inoenderana nedhizaini yekuchengetedza maficha akadai seyechokwadi, firmware co-kusaina, uye bitstream encryption sezvo RSU isingaenderane nedhizaini yemukati yekumisikidza bitstreams.
Kuvaka Mifananidzo yeRSU ne.sof Files
Kana iwe uri kuchengeta zvakavanzika makiyi pane yako yenzvimbo filesystem, unogona kugadzira mifananidzo yeRSU ine dhizaini yekuchengetedza maficha uchishandisa yakareruka kuyerera ne .sof files sekupinza. Kugadzira mifananidzo yeRSU ne.sof file, unogona kutevera mirairo iri muChikamu Chinobudisa Remote System Update Image Files Kushandisa Programming File Jenareta yeIntel Agilex 7 Configuration User Guide. Yese .sof file inotsanangurwa paInput Files tab, tinya bhatani reZvivakwa… uye tsanangura marongero akakodzera uye makiyi ekusaina uye encryption maturusi. The programming file jenareta chishandiso chinosaina uye encrypts fekitori nemifananidzo yekushandisa paunenge uchigadzira iyo RSU programming files.
Zvimwewo, kana uchichengeta makiyi epachivande muHSM, unofanira kushandisa quartus_sign tool saka shandisa .rbf files. Zvimwe zvechikamu chino zvinotsanangura shanduko mukuyerera kuburitsa mifananidzo yeRSU ne.rbf files sekupinza. Unofanira encrypt uye kusaina .rbf format files vasati vasarudza ivo sekuisa files yemifananidzo yeRSU; zvisinei, iyo RSU boot info file haifanirwe kuvharirwa uye pachinzvimbo ichingosainwa. The Programming File Jenareta haitsigire zvimiro zve.rbf format files.
Anotevera exampzvinoratidzira zvinodikanwa kugadziridzwa kune mirairo muChikamu Inogadzira Remote System Yekuvandudza Mufananidzo Files Kushandisa Programming File Jenareta yeIntel Agilex 7 Configuration User Guide.
Generating the Initial RSU Image Using .rbf Files: Kuchinja kwekuraira
Kubva Kugadzira Initial RSU Mufananidzo Uchishandisa .rbf Files chikamu, shandura mirairo iri muChikamu 1. kugonesa magadzirirwo ekuchengetedza maficha sezvinodiwa uchishandisa mirairo kubva muzvikamu zvekutanga zvegwaro iri.
For exampuye, iwe unotsanangura yakasainwa firmware file kana wanga uchishandisa firmware cosigning, zvino shandisa Quartus encryption tool kuti encrypt imwe neimwe .rbf file, uye pakupedzisira shandisa quartus_sign chishandiso kusaina chimwe nechimwe file.
Muchikamu chechipiri, kana wakagonesa firmware co-signing, unofanira kushandisa imwe sarudzo mukugadzira boot .rbf kubva pamufananidzo wefekitari. file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
Mushure mekugadzira ruzivo rwebhutsu .rbf file, shandisa quartus_sign tool kusaina .rbf file. Haufanire encrypt iyo boot info .rbf file.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 55

5. Advanced Features 683823 | 2023.05.23
Kugadzira Mufananidzo Wechishandiso: Command Modification
Kuti ugadzire mufananidzo wepurogiramu ine madhizaini ekuchengetedza maficha, unogadzirisa murairo muKugadzira Chikumbiro Mufananidzo kushandisa .rbf ine magadzirirwo ekuchengetedza maficha akagoneswa, kusanganisira co-signed firmware kana zvichidikanwa, pane yekutanga application .sof. file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Kugadzira Fekitori Yekuvandudza Mufananidzo: Command Modification
Mushure mekugadzira ruzivo rwebhutsu .rbf file, unoshandisa quartus_sign tool kusaina .rbf file. Haufanire encrypt iyo boot info .rbf file.
Kuti ugadzire mufananidzo weRSU wefekitori, unogadzirisa murairo kubva Kugadzira Factory Update Image kushandisa .rbf file ine dhizaini yekuchengetedza maficha anogoneswa uye wedzera iyo sarudzo yekuratidza co-yakasaina firmware kushandiswa:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
Ruzivo Rwakabatana Intel Agilex 7 Configuration User Guide
5.6. SDM Cryptographic Services
Iyo SDM iri paIntel Agilex 7 zvishandiso inopa cryptographic masevhisi ayo FPGA jira logic kana iyo HPS inogona kukumbira kuburikidza neyakafanira SDM mailbox interface. Kuti uwane rumwe ruzivo nezve mirairo yebhokisi retsamba uye mafomati edatha kune ese SDM cryptographic masevhisi, tarisa kuAppendix B muSecurity Methodology yeIntel FPGAs uye Yakarongeka ASICs Mushandisi Gwaro.
Kuti uwane iyo SDM mailbox interface kune FPGA jira logic yeSDM cryptographic masevhisi, iwe unofanirwa kusimbisa iyo Mailbox Mutengi Intel FPGA IP mukugadzira kwako.
Reference kodhi yekuwana iyo SDM mailbox interface kubva kuHPS inosanganisirwa muATF neLinux kodhi yakapihwa neIntel.
Inoenderana Ruzivo Bhokisi reMutengi Intel FPGA IP Mushandisi Yekushandisa
5.6.1. Mutengesi Akabvumirwa Boot
Intel inopa mareferenzi ekushandisa kweHPS software inoshandisa iyo mutengesi akatenderwa bhutsu chimiro kuratidza HPS boot software kubva kune yekutanga s.tage boot loader kuburikidza neLinux kernel.
Ruzivo Rwakabatana Intel Agilex 7 SoC Yakachengeteka Boot Demo Dhizaini

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 56

Send Feedback

5. Advanced Features 683823 | 2023.05.23
5.6.2. Chengetedza Dhata Chinhu Sevhisi
Iwe unotumira mirairo kuburikidza neSDM mailbox kuti uite SDOS chinhu encryption uye decryption. Unogona kushandisa SDOS ficha mushure mekupa iyo SDOS midzi kiyi.
Ruzivo Rwakabatana Chengetedza Dhata Chinhu Sevhisi Root Kiyi Kupa pane peji 30
5.6.3. SDM Cryptographic Primitive Services
Unotumira mirairo kuburikidza neSDM mailbox kuti utange SDM cryptographic primitive service operations. Mamwe masevhisi ekutanga ecryptographic anoda kuti data rakawanda riendeswe kune uye kubva kuSDM kupfuura iyo mailbox interface inogona kugamuchira. Muzviitiko izvi, murairo wefomati inoshanduka kupa anongedza kune data mundangariro. Pamusoro pezvo, iwe unofanirwa kushandura iyo instantiation yeBhokisi reMailbox Mutengi Intel FPGA IP kushandisa SDM cryptographic primitive masevhisi kubva kuFPGA jira logic. Iwe unofanirwawo kuseta iyo Inogonesa Crypto Service paramende kune 1 uye batanidza ichangobva kufumurwa AXI yekutanga interface kune ndangariro mudhizaini yako.
Mufananidzo 21. Kugonesa SDM Cryptographic Services mubhokisi reMailbox Client Intel FPGA IP

5.7. Bitstream Chengetedzo Settings (FM/S10)
FPGA Bitstream Chengetedzo sarudzo muunganidzwa wemitemo inoganhurira iyo yakatsanangurwa chimiro kana maitiro ekushanda mukati menguva yakatsanangurwa.
Bitstream Chengetedzo sarudzo dzine mireza yaunoisa muIntel Quartus Prime Pro Edition software. Aya mireza anokopwa otomatiki mune yekumisikidza bitstreams.
Iwe unogona kumanikidza zvachose sarudzo dzekuchengetedza pamudziyo kuburikidza nekushandisa inoenderana chengetedzo kuseta eFuse.
Kuti ushandise chero zvigadziriso zvekuchengetedza mune yekumisikidza bitstream kana mudziyo eFuses, unofanirwa kugonesa chimiro chechokwadi.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 57

5. Advanced Features 683823 | 2023.05.23
5.7.1. Kusarudza uye Kugonesa Chengetedzo Sarudzo
Kusarudza uye kugonesa sarudzo dzekuchengetedza, ita zvinotevera: Kubva paMitemo menyu, sarudza Chidimbu Chidimbu uye Pin Sarudzo Chengetedzo Zvimwe Zvimwe… Mufananidzo 22. Kusarudza uye Kugonesa Chengetedzo Sarudzo.

Uye wobva wasarudza kukosha kubva kune ekudonhedza-pasi rondedzero yesarudzo dzekuchengetedza dzaunoda kugonesa sezvakaratidzwa mune inotevera ex.ample:
Mufananidzo 23. Kusarudza Maitiro Ekuchengetedza Sarudzo

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 58

Send Feedback

5. Advanced Features 683823 | 2023.05.23
Dzinotevera ndidzo shanduko dzinoenderana muQuartus Prime Settings .qsf file:
set_global_assignment -zita SECU_OPTION_DISABLE_JTAG "Pane cheki" Set_Global_Asassignment -Name secu_ption_puly -Te_Gopt Inoshandisa pane set_global_Asassignment -Name secu_ptoble_hpubc_gungwa _Efuses pane set_global_assignment -name SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES ON set_global_assignment -zita SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM ON set_global_assignment -zita SECU_OPTION_DISABLE_PUF_WRAPPED_KENCRYPTION

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 59

683823 | 2023.05.23 Tumira Mhinduro

Kugadzirisa matambudziko

Ichi chitsauko chinotsanangura zvikanganiso zvakajairika uye meseji yambiro yaungasangana nayo paunenge uchiedza kushandisa maficha ekuchengetedza mudziyo uye matanho ekuzvigadzirisa.
6.1. Kushandisa Quartus Commands muWindows Environment Error
Kanganiso quartus_pgm: murairo hauna kuwanikwa Tsananguro Iyi kukanganisa kunoratidza paunenge uchiedza kushandisa Quartus mirairo muNIOS II Shell munzvimbo yeWindows uchishandisa WSL. Resolution Uyu murairo unoshanda muLinux nharaunda; Kune maWindows host, shandisa murairo unotevera: quartus_pgm.exe -h Saizvozvo, shandisa syntax yakafanana kune mamwe Quartus Prime mirairo senge quartus_pfg, quartus_sign, quartus_encrypt pakati pemimwe mirairo.

ISO 9001:2015 Yakanyoreswa

6. Troubleshooting 683823 | 2023.05.23

6.2. Kugadzira Yakavanzika Kiyi Yambiro

Yambiro:

Iyo password yataurwa inoonekwa seyakachengeteka. Intel inokurudzira kuti angangoita gumi nematatu mavara epassword ashandiswe. Iwe unokurudzirwa kuti uchinje password uchishandisa iyo OpenSSL inoitiswa.

openssl ec -in -kunze -aes256

Tsanangudzo
Iyi yambiro ine chekuita nepassword simba uye inoratidza paunenge uchiedza kugadzira kiyi yakavanzika nekupa iyo inotevera mirairo:

quartus_sign -family=agilex -operation=make_private_pem -curve=secp3841 root.pem

Resolution Shandisa openssl inokwanisika kutsanangura kureba uye nokudaro yakasimba password.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 61

6. Troubleshooting 683823 | 2023.05.23
6.3. Kuwedzera Kiyi yekusaina kune Quartus Project Error
Error...File ine root key information...
Tsanangudzo
Mushure mekuwedzera kiyi yekusaina .qky file kupurojekiti yeQuartus, unoda kuunganidza zvakare .sof file. Paunowedzera izvi regenerated .sof file kune yakasarudzwa mudziyo uchishandisa Quartus Programmer, inotevera mhosho meseji inoratidza kuti iyo file ine root key information:
Tatadza kuwedzerafile-path-zita> kuna Programmer. The file ine ruzivo rwemudzi (.qky). Nekudaro, Programmer haitsigire bitstream kusaina chimiro. Unogona kushandisa Programming File Jenareta kushandura iyo file kune yakasainwa Raw Binary file (.rbf) kuitira kugadzirisa.
Resolution
Shandisa Quartus Programming file jenareta kushandura iyo file mune yakasainwa Raw Binary File .rbf for configuration.
Ruzivo Rwunoenderana Kusaina Kugadzirisa Bitstream Uchishandisa iyo quartus_sign Command iri papeji 13

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 62

Send Feedback

6. Troubleshooting 683823 | 2023.05.23
6.4. Kugadzira Quartus Prime Programming File hazvina kubudirira
Error
Kukanganisa (20353): X yekiyi yeruzhinji kubva kuQKY haienderane nekiyi yakavanzika kubva kuPEM file.
Kukanganisa (20352): Yatadza kusaina iyo bitstream kuburikidza nepython script agilex_sign.py.
Kukanganisa: Quartus Prime Programming File Jenareta harina kubudirira.
Tsanangudzo Kana ukaedza kusaina gadziriso bitstream uchishandisa isiriyo yakavanzika kiyi .pem file kana .pem file izvo hazvienderane ne .qky yakawedzerwa kuchirongwa, zvikanganiso zvakajairika zviri pamusoro zvinoratidzwa. Resolution Ita shuwa kuti washandisa kiyi chaiyo yepachivande .pem kusaina bitstream.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 63

6. Troubleshooting 683823 | 2023.05.23
6.5. Kukanganisa Kusingazivikanwe Kwenharo
Error
Kukanganisa (23028): Nharo isingazivikanwe "ûc". Tarisa ku-rubatsiro kune nharo dzepamutemo.
Kukanganisa (213008): Kuronga sarudzo tambo "ûp" haisi pamutemo. Tarisa kune -rubatsiro kune zviri pamutemo zvirongwa sarudzo mafomati.
Tsanangudzo Kana ukakopa nekunamira sarudzo dzemutsara wemirairo kubva pa.pdf file muWindows NIOS II Shell, unogona kusangana neIsingazivikanwe nharo zvikanganiso sezvaratidzwa pamusoro. Resolution Muzviitiko zvakadaro, unogona kuisa mirairo iwe pachako pane kunamira kubva paclipboard.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 64

Send Feedback

6. Troubleshooting 683823 | 2023.05.23
6.6. Bitstream Encryption Sarudzo Yakaremara Kanganiso
Error
Haikwanisi kupedzisa encryption ye file design .sof nekuti yakanyorwa pamwe neiyo bitstream encryption sarudzo yakadzimwa.
Tsanangudzo Kana iwe ukaedza encrypt iyo bitstream kuburikidza neGUI kana yekuraira-mutsara mushure mekunge wanyora purojekiti neiyo bitstream encryption sarudzo yakadzimwa, Quartus inoramba murairo sezvaratidzwa pamusoro.
Resolution Ita shuwa kuti unounganidza purojekiti neiyo bitstream encryption sarudzo inogoneswa kungave kuburikidza neGUI kana yekuraira-mutsara. Kugonesa iyi sarudzo muGUI, unofanirwa kutarisa bhokisi resarudzo iyi.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 65

6. Troubleshooting 683823 | 2023.05.23
6.7. Kutsanangura Nzira Yakarurama kune Kiyi
Error
Kukanganisa (19516): Yakawanikwa Chirongwa File Chikanganiso chezvigadziriso zvejenareta: Haikwanise kuwana 'kiyi_file'. Iva nechokwadi chokuti file iri panzvimbo inotarisirwa kana kuvandudza marongero.sec
Kukanganisa (19516): Yakawanikwa Chirongwa File Chikanganiso chezvigadziriso zvejenareta: Haikwanise kuwana 'kiyi_file'. Iva nechokwadi chokuti file iri panzvimbo inotarisirwa kana kugadzirisa marongero.
Tsanangudzo
Kana uri kushandisa makiyi akachengetwa pa file system, iwe unofanirwa kuve nechokwadi kuti vanotsanangura nzira chaiyo yemakiyi anoshandiswa bitstream encryption uye kusaina. Kana iyo Programming File Jenareta haigone kuona nzira chaiyo, iwo ari pamusoro apa mhosho mameseji anoratidza.
Resolution
Tarisa kune Quartus Prime Settings .qsf file kutsvaga nzira dzakakodzera dzemakiyi. Ita shuwa kuti unoshandisa nzira dzehukama pane nzira dzakakwana.

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 66

Send Feedback

6. Troubleshooting 683823 | 2023.05.23
6.8. Kushandisa Kubuda Kusina Kutsigirwa File Type
Error
quartus_pfg -c design.sof output_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o signing=ON -o pem_file=sign_private.pem
Kukanganisa (19511): Kubuda kusina kutsigirwa file mhando (ebf). Shandisa "-l" kana "-list" sarudzo kuratidza inotsigirwa file type information.
Tsanangudzo Paunenge uchishandisa iyo Quartus Programming File Jenareta kugadzira iyo yakavharidzirwa uye yakasainwa configuration bitstream, unogona kuona kukanganisa kwepamusoro kana kusina kutsigirwa. file mhando inotsanangurwa. Resolution Shandisa iyo -l kana iyo -list sarudzo kuti uone rondedzero inotsigirwa file mhando.

Send Feedback

Intel Agilex® 7 Chidimbu Chengetedzo Mushandisi Gwaro 67

683823 | 2023.05.23 Tumira Mhinduro
7. Intel Agilex 7 Device Security User Guide Archives
Kune yazvino uye yapfuura shanduro yegwaro remushandisi, tarisa kuIntel Agilex 7 Chishandiso Chekuchengetedza Mushandisi Guide. Kana IP kana software vhezheni isina kunyorwa, gwaro remushandisi rekare IP kana software shanduro inoshanda.

ISO 9001:2015 Yakanyoreswa

683823 | 2023.05.23 Tumira Mhinduro

8. Kudzokorora Nhoroondo yeIntel Agilex 7 Device Security User Guide

Rondedzero Shanduro 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09

Zvinyorwa / Zvishandiso

Intel Agilex 7 Chidimbu Chengetedzo [pdf] User Manual
Agilex 7 Device Security, Agilex 7, Device Security, Chengetedzo

References

User Manual

Intel Agilex 7 Chidimbu Chengetedzo

Product Information

Mirayiridzo Yekushandiswa Kwechigadzirwa

Mibvunzo Inowanzo bvunzwa

Chengetedzo Yemudziyo Pamusoroview

Authentication uye Mvumo

AES Bitstream Encryption

Device Provisioning

Advanced Features

Kugadzirisa matambudziko

Zvinyorwa / Zvishandiso

References

Siya mhinduro

Kanzura mhinduro