仅对英特尔可见 — GUID: tim1616566898974
Ixiasoft
4.5. 安全设置熔断器供应(Security Setting Fuse Provisioning)
使用 Intel® Quartus® Prime Programmer检查器件安全设置熔断器,并将它们写入到一个基于文本的.fuse文件中。
quartus_pgm -c 1 -m jtag -o “ei;programming_file.fuse;1SX280LH2”
.fuse文件包含一列熔断器名称-值对(fuse name-value pairs)。这些值指定一个熔断器是否熔断,还是fuse域的内容。
下面示例显示了.fuse文件的格式。
# Co-signed firmware = "Not blown"
# Device not secure = "Not blown"
# Disable HPS debug = "Not blown"
# Disable Intrinsic ID PUF enrollment = "Not blown"
# Disable JTAG = "Not blown"
# Disable PUF-wrapped encryption key = "Not blown"
# Disable owner encryption key in BBRAM = "Not blown"
# Disable owner encryption key in eFuses = "Not blown"
# Disable virtual eFuses = "Not blown"
# Force SDM clock to internal oscillator = "Not blown"
# Force encryption key update = "Not blown"
# Intel key cancellation = "1"
# Lock security eFuses = "Not blown"
# Owner encryption key program done = "Not blown"
# Owner encryption key program start = "Not blown"
# Owner fuses =
"0x00000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000"
# Owner key cancellation = ""
# Owner public key hash = ""
# Owner public key size = ""
# QSPI start up delay = "10ms"
# RMA Counter = "0"
# SDMIO0 is I2C = "Not blown"
通过修改.fuse文件来设置所需的安全设置熔断器。以#开头的命令行被视为注释行。要对一个安全设置熔断器进行编程,您必须删除前导#,并将值设为Blown。例如,要使能Co-signed Firmware 安全设置熔断器,需要将熔断器文件中的第一个行修改成:
Co-signed firmware = "Blown"
您也可以根据您的要求分配和编程Owner Fuses。
以下域不能通过.fuse文件方法写入;然而,在examine操作输出期间包含这些域用于验证:
- Device not secure
- Intel key cancellation
- Owner encryption key program start
- Owner encryption key program done
- Owner key cancellation
- Owner public key hash
- Owner public key size
- QSPI start up delay
- RMA counter
- SDMIO0 is I2C
使用 Intel® Quartus® Prime Programmer将.fuse文件编程回器件中。如果添加i选项,那么Programmer自动加载供应固件以对安全设置熔断器进行编程。
//For physical (non-volatile) eFuses
quartus_pgm -c 1 -m jtag -o "pi;programming_file.fuse" --non_volatile_key
//For virtual (volatile) eFuses
quartus_pgm -c 1 -m jtag -o "pi;programming_file.fuse"