AN 933: Updating Intel® Stratix® 10 FPGA Firmware

ID 683605
Date 11/18/2020
Public

1.3.1. Updating Firmware Cancellation ID Fuses

To use the Intel® Stratix® 10 FPGA firmware anti-rollback feature, you issue a command to the FPGA to program the appropriate Intel key cancellation fuses prior to power cycling your device. If you are using firmware co-signing, you may program the appropriate Owner key cancellation fuses to cancel the signature chain used to sign a prior version of firmware in the same step. Refer to the Canceling eFuses section of the Intel® Stratix® 10 Device Security User Guide for detailed instructions on programming the key cancellation fuses, as well as the Canceling Intel Firmware ID section to choose the ID fuses to program. For example, to use the anti-rollback feature for all FPGA firmware prior to Intel® Quartus® Prime version 20.2, the correct Intel key cancellation line in the fuse file is:
Intel key cancellation	= "0,1,2,3,4,5,6"

After you program your Intel key cancellation fuses, you must power cycle your device prior to programming an AES root key.