Intel® Quartus® Prime Pro Edition User Guide: Programmer

Download PDF
ID 683039
Date 4/03/2023
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents
Document Table of Contents x
1. Answers to Top FAQs 2. Intel® Quartus® Prime Programmer User Guide 3. Using the Intel® Quartus® Prime Programmer 4. Using the HPS Flash Programmer A. Intel® Quartus® Prime Pro Edition User Guide: Programmer Document Archive B. Intel® Quartus® Prime Pro Edition User Guides
2. Intel® Quartus® Prime Programmer User Guide x
2.1. Generating Primary Device Programming Files 2.2. Generating Secondary Programming Files 2.3. Enabling Bitstream Security for Intel® Stratix® 10 and Intel® Agilex™ 7 Devices 2.4. Enabling Bitstream Encryption or Compression for Intel® Arria® 10 and Intel® Cyclone® 10 GX Devices 2.5. Generating Programming Files for Partial Reconfiguration 2.6. Generating Programming Files for Intel® FPGA Devices with Hard Processor Systems 2.7. Scripting Support 2.8. Generating Programming Files Revision History
2.2. Generating Secondary Programming Files x
2.2.1. Generating Secondary Programming Files (Programming File Generator) 2.2.2. Generating Secondary Programming Files (Convert Programming File Dialog Box) 2.2.3. Generating Secondary Programming Files (Settings: Programming Files Dialog Box)
2.2.1. Generating Secondary Programming Files (Programming File Generator) x
2.2.1.1. Configuration Modes (Programming File Generator) 2.2.1.2. Secondary Programming Files (Programming File Generator)
2.2.2. Generating Secondary Programming Files (Convert Programming File Dialog Box) x
2.2.2.1. Secondary Programming Files (Convert Programming Files) 2.2.2.2. Configuration Modes (Convert Programming Files) 2.2.2.3. Debugging the Configuration (Convert Programming Files)
2.3. Enabling Bitstream Security for Intel® Stratix® 10 and Intel® Agilex™ 7 Devices x
2.3.1. Enabling Bitstream Authentication (Programming File Generator) 2.3.2. Specifying Additional Physical Security Settings (Programming File Generator) 2.3.3. Enabling Bitstream Encryption (Programming File Generator)
2.5. Generating Programming Files for Partial Reconfiguration x
2.5.1. Generating PR Bitstream Files 2.5.2. Partial Reconfiguration Bitstream Compatibility Checking 2.5.3. Raw Binary Programming File Byte Sequence Transmission Examples 2.5.4. Generating a Merged .pmsf File from Multiple .pmsf Files ( Intel® Arria® 10 and Intel® Cyclone® 10 GX Designs)
2.6. Generating Programming Files for Intel® FPGA Devices with Hard Processor Systems x
2.6.1. Generating Programming Files for HPS Boot First Boot Flows 2.6.2. Generating Programming Files for FPGA Configuration First Boot Flows
2.7. Scripting Support x
2.7.1. quartus_pfg Command Line Tool 2.7.2. quartus_cpf Command Line Tool
2.7.2. quartus_cpf Command Line Tool x
2.7.2.1. Generating a Partial-Mask SRAM Object File using a Mask Settings File and a SRAM Object File
3. Using the Intel® Quartus® Prime Programmer x
3.1. Intel® Quartus® Prime Programmer 3.2. Programming and Configuration Modes 3.3. Basic Device Configuration Steps 3.4. Specifying the Programming Hardware Setup 3.5. Programming with Flash Loaders 3.6. Verifying the Programming File Source with Project Hash 3.7. Using PR Bitstream Security Verification ( Intel® Stratix® 10 Designs) 3.8. Stand-Alone Programmer 3.9. Programmer Settings Reference 3.10. Scripting Support 3.11. Using the Intel® Quartus® Prime Programmer Revision History
3.4. Specifying the Programming Hardware Setup x
3.4.1. JTAG Chain Debugger Tool 3.4.2. Editing the Details of an Unknown Device 3.4.3. Running JTAG Daemon with Linux
3.4.1. JTAG Chain Debugger Tool x
3.4.1.1. JTAG Chain Integrity Tab 3.4.1.2. JTAG Chain Debugging Tab
3.5. Programming with Flash Loaders x
3.5.1. Specifying Flash Partitions 3.5.2. Full Erase of Flash Memory Sectors
3.6. Verifying the Programming File Source with Project Hash x
3.6.1. Obtaining Project Hash for Intel® Arria® 10 Devices
3.8. Stand-Alone Programmer x
3.8.1. Stand-Alone Programmer Memory Consumption
3.9. Programmer Settings Reference x
3.9.1. Device & Pin Options Dialog Box 3.9.2. More Security Options Dialog Box 3.9.3. Output Files Tab Settings (Programming File Generator) 3.9.4. Input Files Tab Settings (Programming File Generator) 3.9.5. Bitstream Co-Signing Security Settings (Programming File Generator) 3.9.6. Configuration Device Tab Settings 3.9.7. Add Partition Dialog Box (Programming File Generator) 3.9.8. Add Filesystem Dialog Box (Programming File Generator) 3.9.9. Convert Programming File Dialog Box 3.9.10. Compression and Encryption Settings (Convert Programming File) 3.9.11. SOF Data Properties Dialog Box (Convert Programming File) 3.9.12. Select Devices (Flash Loader) Dialog Box
3.10. Scripting Support x
3.10.1. The jtagconfig Debugging Tool
4. Using the HPS Flash Programmer x
4.1. HPS Flash Programmer Command-Line Utility 4.2. How the HPS Flash Programmer Works 4.3. Using the Flash Programmer from the Command Line 4.4. Supported Memory Devices 4.5. HPS Flash Programmer User Guide Revision History
4.3. Using the Flash Programmer from the Command Line x
4.3.1. HPS Flash Programmer 4.3.2. HPS Flash Programmer Command Line Examples
1. Answers to Top FAQs
2. Intel® Quartus® Prime Programmer User Guide
3. Using the Intel® Quartus® Prime Programmer
4. Using the HPS Flash Programmer
A. Intel® Quartus® Prime Pro Edition User Guide: Programmer Document Archive
B. Intel® Quartus® Prime Pro Edition User Guides

2.3. Enabling Bitstream Security for Intel® Stratix® 10 and Intel® Agilex™ 7 Devices

Intel® Stratix® 10 and Intel® Agilex™ 7 devices provide flexible and robust security features to protect sensitive data, intellectual property, and device hardware from physical and remote attacks. The Intel® Stratix® 10 and Intel® Agilex™ 7 device architectures support bitstream authentication and encryption security features. The Assembler applies bitstream compression automatically to reduce file size whenever you use authentication or encryption.

  • Bitstream Authentication—verifies that the configuration bitstream and firmware are from a trusted source. Enable additional co-signing device firmware authentication to ensure that only signed firmware runs on the HPS or FPGA, and to authorize HPS JTAG debugging. Enable authentication security by specifying a first level signature chain file (.qky) for the Quartus Key File option (Device and Pin Options dialog box), as Enabling Bitstream Authentication (Programming File Generator) describes.5
  • Bitstream Encryption—protects proprietary or sensitive data from view or extraction in the configuration bitstream using an Advanced Encryption Standard (AES) 256-bit or 384-bit security key. Encryption also provides side-channel protection from non-intrusive attack. You can store the owner AES key in eFuses or BBRAM. Enable encryption by turning on the Enable programming bitstream encryption option (Device and Pin Options dialog box), as Enabling Bitstream Encryption (Programming File Generator) describes.
Table 7.   Intel® Stratix® 10 and Intel® Agilex™ 7 Bitstream Authentication Files
Term Description Extension
First Level Signature Chain Key File File you generate that specifies the root key (.pem) and one or more design signing keys (.pem) required to sign the bitstream and allow access to the FPGA when using authentication or encryption. .qky
Root Key File File you generate that anchors the first level signature chain to a known root key. The FPGA calculates the hash of the root entry and checks if it matches the expected hash. The Assembler appends the root key to the programming file and stores the key in eFuses. .qky
Design Signing Key File File you generate and append to the root key that authenticates the bitstream in the SDM to allow configuration of the device with the pending bitstream. Use separate design signing keys for the FPGA and HPS for highest security. .pem
Firmware Co-signing Key File Files provided in <install>\devices\programmer\firmware that includes the owner signature and firmware file that you use to sign the firmware to run on the FPGA or HPS. .zip
Signed HPS Certificate File Specifies a secure HPS debug certificate that permits access to the JTAG interface for HPS debugging. A secure HPS debug certificate is valid until you power down or reconfigure the device. .cert
Note: Intel® Arria® 10 and Intel® Cyclone® 10 GX devices do not support bitstream authentication.

Section Content
Enabling Bitstream Authentication (Programming File Generator)
Specifying Additional Physical Security Settings (Programming File Generator)
Enabling Bitstream Encryption (Programming File Generator)

Related Information
5 For Intel® Stratix® 10 devices, bitstream authentication is available only for devices that include the AS (Advanced Security) ordering code suffix and all Intel® Stratix® 10 DX devices.
Level Two Title