5.5. Using Design Security Features with Remote System Update
To use design security features with RSU images, you follow the instructions in Generating Remote System Update Image Files Using the Programming File Generator of the Intel Stratix 10 Configuration User Guide to generate RSU images with .sof file inputs. For every .sof file specified on the Input Files tab, you click the Properties... button and specify the appropriate settings and keys for the signing and encryption tools. The programming file generator tool automatically signs and encrypts factory and application images while creating the RSU programming files.
You may build RSU images with .rbf format files as inputs. You must encrypt and sign .rbf format files prior to selecting them as input files for RSU images; however, the RSU boot info .rbf file must not be encrypted, only signed. The Programming File Generator does not support modifying properties of .rbf format files.
The following examples demonstrate the necessary modifications to the commands in the Generating Remote System Update Image Files Using the Programming File Generator of the Intel Stratix 10 Configuration User Guide.
Generating the Initial RSU Image Using .rbf Files: Command Modification
From Generating the Initial RSU Image Using .rbf Files, you modify the commands in Step 1. to enable the design security features as desired using instructions from earlier sections of this document.
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON \ -o fw_source=signed_stratix10.zip
Generating an Application Image: Command Modification
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf \ secured_rsu_application.rpd -o mode=ASX4 \ -o start_address=<start_address> -o bitswap=ON
Generating a Factory Update Image: Command Modification
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf \ secured_rsu_factory_update.rpd \ -o mode=ASX4 -o start_address=<start_address> \ -o bitswap=ON -o rsu_upgrade=ON \ -o fw_source=signed_stratix10.zip