Visible to Intel only — GUID: qiw1616589676749
Ixiasoft
1. Intel Stratix 10 Device Security Overview
2. Authentication and Authorization
3. AES Bitstream Encryption
4. Device Provisioning
5. Advanced Features
6. Troubleshooting
7. Intel® Stratix® 10 Device Security User Guide Archives
8. Document Revision History for Intel® Stratix® 10 Device Security User Guide
3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface
3.3.2. Configuration Bitstream Encryption Using the Programming File Generator Command Line Interface
3.3.3. Partially Encrypted Configuration Bitstream Generation Using the Command Line Interface
3.3.4. Partial Reconfiguration Bitstream Encryption
4.1. Using SDM Provision Firmware
4.2. Authentication Root Key Provisioning
4.3. Using QSPI Factory Default Helper Image on Owned Devices
4.4. Programming Key Cancellation ID Fuses
4.5. Security Setting Fuse Provisioning
4.6. AES Root Key Provisioning
4.7. Converting Owner Root Key, AES Root Key Certificates, and Fuse files to Jam STAPL File Formats
6.1. Using Quartus Commands in a Windows Environment Error
6.2. Generating a Private Key Warning
6.3. Adding a Signing Key to the Quartus Project Error
6.4. Generating Quartus Prime Programming File was Unsuccessful
6.5. Unknown Argument Errors
6.6. Bitstream Encryption Option Disabled Error
6.7. Specifying Correct Path to the Key
6.8. Using Unsupported Output File Type
Visible to Intel only — GUID: qiw1616589676749
Ixiasoft
4.6.2.1. Intrinsic ID PUF Enrollment
To enroll the PUF, you must use the SDM provision firmware. The provision firmware must be the first firmware loaded after a power cycle, and you must issue the PUF enrollment command before any other command. The provision firmware supports other commands after PUF enrollment, including AES root key wrapping and programming quad SPI, however, you must power cycle the device to load a configuration bitstream.
You use the Intel® Quartus® Prime Programmer to trigger PUF enrollment and generate the PUF helper data .puf file.
Figure 6. Intrinsic ID PUF Enrollment
The Programmer automatically loads a provision firmware helper image when you specify both the i operation and a .puf argument.
quartus_pgm -c 1 -m jtag -o “ei;help_data.puf;1SX280LH2”
If you are using co-signed firmware, you program the co-signed firmware helper image prior to using the PUF enrollment command.
quartus_pgm -c 1 -m jtag -o “p;signed_provision_helper_image.rbf” --force quartus_pgm -c 1 -m jtag -o "e;help_data.puf;1SX280LH2"