Visible to Intel only — GUID: ock1616559126163
Ixiasoft
3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface
3.3.2. Configuration Bitstream Encryption Using the Programming File Generator Command Line Interface
3.3.3. Partially Encrypted Configuration Bitstream Generation Using the Command Line Interface
3.3.4. Partial Reconfiguration Bitstream Encryption
4.1. Using SDM Provision Firmware
4.2. Authentication Root Key Provisioning
4.3. Using QSPI Factory Default Helper Image on Owned Devices
4.4. Programming Key Cancellation ID Fuses
4.5. Security Setting Fuse Provisioning
4.6. AES Root Key Provisioning
4.7. Converting Owner Root Key, AES Root Key Certificates, and Fuse files to Jam STAPL File Formats
Visible to Intel only — GUID: ock1616559126163
Ixiasoft
2.2.3. Signing Configuration Bitstream Using the quartus_sign Command
To sign a configuration bitstream using the quartus_sign command, you first convert the .sof file to the unsigned raw binary file (.rbf) format. You may optionally specify co-signed firmware using the fw_source option during the conversion step.
You can generate the unsigned raw bitstream in .rbf format using the following command:
quartus_pfg -c -o fw_source=signed_Stratix10.zip design.sof \
-o sign_later=ON unsigned_bitstream.rbf
Run one of the following commands to sign the bitstream using the quartus_sign tool depending on the location of your keys:
quartus_sign --family=stratix10 --operation=sign \
--qky=design0_sign_chain.qky --pem=design0_sign_private.pem \
unsigned_bitstream.rbf signed_bitstream.rbf
quartus_sign --family=stratix10 --operation=sign --module=softHSM\
--module_args="--token_label=s10-token --user_pin=s10-token-pin \
--hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so" --keyname=design0_sign \
--qky=design0_sign_chain.qky unsigned_bitstream.rbf signed_bitstream.rbf
You may convert signed .rbf files to other configuration bitstream file formats.
For example, if you are using the Jam* Standard Test and Programming Language (STAPL) Player to program a bitstream over JTAG, you use the following command to convert an .rbf file to the .jam format that the Jam STAPL Player requires:
quartus_pfg -c signed_bitstream.rbf signed_bitstream.jam
Did you find the information on this page useful?
Feedback Message
Characters remaining: