Generic Flash Programmer User Guide: Intel® Quartus® Prime Pro Edition

Download PDF
ID 683495
Date 3/28/2022
Public
Document Table of Contents
Document Table of Contents x
1. Generic Flash Programmer User Guide Intel® Quartus® Prime Pro Edition
1. Generic Flash Programmer User Guide Intel® Quartus® Prime Pro Edition x
1.1. Supported Devices and Configuration Methods 1.2. Quad SPI Flash Byte-Addressing 1.3. Generic Flash Programmer Operation 1.4. Generic Flash Programmer Flow Templates ( Intel® Stratix® 10 devices) 1.5. Generic Flash Programmer Flow Templates ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.6. Generic Flash Programmer Settings Reference 1.7. Generic Flash Programmer User Guide Revision History 1.8. Generic Flash Programmer Document Archive
1.3. Generic Flash Programmer Operation x
1.3.1. Generic Flash Programming (Programming File Generator) 1.3.2. Generic Flash Programming (Convert Programming File Dialog Box)
1.3.1. Generic Flash Programming (Programming File Generator) x
1.3.1.1. Step 1: Generate Primary Device Programming File 1.3.1.2. Step 2: Generate Secondary Programming Files (Programming File Generator) 1.3.1.3. Step 3: Program the Flash Memory Device
1.3.1.2. Step 2: Generate Secondary Programming Files (Programming File Generator) x
1.3.1.2.1. Enabling Bitstream Authentication (Programming File Generator) 1.3.1.2.2. Enabling Bitstream Encryption (Programming File Generator) 1.3.1.2.3. Defining a New Flash Memory Configuration Device
1.3.1.2.1. Enabling Bitstream Authentication (Programming File Generator) x
1.3.1.2.1.1. Specifying Additional Physical Security Settings (Programming File Generator)
1.3.2. Generic Flash Programming (Convert Programming File Dialog Box) x
1.3.2.1. Step 1: Generate Primary Device Programming Files 1.3.2.2. Step 2: Generate Secondary Programming Files (Convert Programming Files) 1.3.2.3. Step 3: Program the Flash Memory Device 1.3.2.4. Full Erase of Flash Memory Sectors
1.3.2.2. Step 2: Generate Secondary Programming Files (Convert Programming Files) x
1.3.2.2.1. Enabling Bitstream Encryption or Compression for Intel® Arria® 10 and Intel® Cyclone® 10 GX Devices 1.3.2.2.2. Defining a New Flash Memory Device 1.3.2.2.3. Modifying Programming Flows
1.4. Generic Flash Programmer Flow Templates ( Intel® Stratix® 10 devices) x
1.4.1. Initialization Flow Template ( Intel® Stratix® 10 Devices) 1.4.2. Program Flow Template ( Intel® Stratix® 10 Devices) 1.4.3. Erase Flow Template ( Intel® Stratix® 10 Devices) 1.4.4. Verify/Blank-Check/Examine Flow Template ( Intel® Stratix® 10 Devices) 1.4.5. Termination Flow Template ( Intel® Stratix® 10 Devices)
1.5. Generic Flash Programmer Flow Templates ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) x
1.5.1. Initialization Flow Templates ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.2. Program Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.3. Erase Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.4. Verify/Blank-Check/Examine Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.5. Termination Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.6. Programming Flow Action Properties
1.6. Generic Flash Programmer Settings Reference x
1.6.1. Device and Pin Options 1.6.2. More Security Options Dialog Box 1.6.3. Input Files Tab Settings (Programming File Generator) 1.6.4. Output Files Tab Settings (Programming File Generator) 1.6.5. Add Partition Dialog Box (Programming File Generator) 1.6.6. Bitstream Co-Signing Security Settings (Programming File Generator) 1.6.7. Convert Programming File Dialog Box 1.6.8. Compression and Encryption Settings (Convert Programming File) 1.6.9. SOF Data Properties Dialog Box (Convert Programming File) 1.6.10. Select Devices (Flash Loader) Dialog Box
1. Generic Flash Programmer User Guide Intel® Quartus® Prime Pro Edition

1.3.1.2.1. Enabling Bitstream Authentication (Programming File Generator)

Bitstream authentication requires that you generate a first level signature chain (.qky) that includes the root key and one or more design signing keys. The root key enables the base security features and authenticates the design signing key through the public signature chain. The root key stores the SHA-256 or SHA-384 hash of the key in eFuses.
You can also optionally enable firmware co-signature capability to require signing the version of configuration firmware that runs on your device. The FPGA device then can only load authenticated firmware.
Note: Refer to the Intel® Stratix® 10 Device Security User Guide for step-by-step first level signature chain key generation instructions.

After you specify the .qky in Assembler settings, the Assembler appends the first level signature chain to the configuration .sof that you generate.

Use the Programming File Generator to generate the signed configuration bitstream for an .sof file. The JTAG Indirect Configuration File (.jic) and Raw Programming Data File (.rpd) formats are available for Active Serial (AS) configuration. The Programmer Object File (.pof) and Raw Binary File (.rbf) are available for Avalon® Streaming configuration.

Follow these steps to enable bitstream authentication:

  1. Generate a first level signature chain (.qky) that includes the root key and one or more design signing keys, as Intel® Stratix® 10 Device Security User Guide describes.
  2. To add the first level signature chain to a configuration bitstream, click Assignments > Device > Device and Pin Options > Security, and then specify the first level signature chain .qky for the Quartus key file option.
  3. To enable more physical device security options, click the More Options button on the Security page. More Security Options Dialog Box describes all options.
    Figure 8. Security Tab (Device and Pin Options)
  4. Generate primary device programing files in the Assembler, as Step 1: Generate Primary Device Programming File describes. The primary device programming file now contains data to enable first level authentication.
  5. To optionally enable co-signing device firmware authentication, generate a .jic or .rbf secondary programming file with the following options, as Step 2: Generate Secondary Programming Files (Programming File Generator) describes:
    1. In Programming File Generator, click the Properties button. The Input File Properties dialog box appears.
      Figure 9. Enabling Co-Signing Device Firmware Authentication ( Intel® Stratix® 10 Devices)
    2. Set Enable signing tool to On.
    3. For Private key file, specify a design signing key Privacy Enhanced Mail Certificates file (.pem) for firmware co-signing. This key can be separate from the FPGA design signing key.
    4. For Co-signed firmware, specify a Quartus Co-Signed Firmware file (.zip).
    5. Click OK.
  6. Use the Programmer to configure the device with the .jic or .rbf.
Related Information
Security options not yet available for Intel® Agilex™ devices.
Level Two Title