Visible to Intel only — GUID: eks1616551990607
Ixiasoft
Visible to Intel only — GUID: eks1616551990607
Ixiasoft
2.1.4. Creating a Signature Chain Public Key Entry
You use the append_key operation to create a new public key entry for a signature chain. You specify the prior signature chain, the private key for the last entry in the prior signature chain, the next level public key, the permissions and cancellation ID you assign to the next level public key, and the new signature chain file.
quartus_sign --family=agilex--operation=append_key \
--previous_pem=root0_private.pem --previous_qky=root0.qky \
--permission=6 --cancel=0 design0_sign_public.pem \
design0_sign_chain.qky
quartus_sign --family=agilex --operation=append_key --module=softHSM \
--module_args="--token_label=agilex-token --user_pin=agilex-token-pin \
--hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so" \
--previous_pem=root0 --previous_qky=root0.qky \
--permission=6 --cancel=0 design0_sign design0_sign_chain.qky
You may repeat the append_key operation up to two more times for a maximum of three public key entries between the root entry and header block entry in any one signature chain.
quartus_sign --family=agilex --operation=append_key \
--previous_pem=design0_sign_private.pem \
--previous_qky=design0_sign_chain.qky \
--permission=6 \
--cancel=1 design1_sign_public.pem design1_sign_chain.qky
quartus_sign --family=agilex --operation=append_key --module=softHSM \
--module_args="--token_label=agilex-token --user_pin=agilex-token-pin \
--hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so" \
--previous_pem=design0_sign \
--previous_qky=design0_sign_chain.qky \
--permission=6 \
--cancel=1 design1_sign design1_sign_chain.qky
Intel® Agilex™ devices support an additional key cancellation counter to facilitate the use of a key that may change periodically throughout the life of a given device. You may select this key cancellation counter by changing the argument of the --cancel option to pts:pts_value.