Intel® Agilex™ Device Security User Guide

ID 683823
Date 11/09/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

4.1. Using SDM Provision Firmware

The Intel® Quartus® Prime Programmer automatically loads the provision firmware when the initialize operation is selected and the command performs actions that require the provision firmware, such as programming the authentication root key hash, security setting fuses, PUF enrollment, or black key provisioning.

You may alternately create a firmware-only helper image using the Quartus Programming File Generator command line tool. You specify your device type, the provision subtype, and optionally a co-signed firmware zip file.
quartus_pfg --helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION \
-o fw_source=signed_agilex.zip signed_provision_helper_image.rbf
You use the Intel® Quartus® Prime Programmer tool to program the helper image.
quartus_pgm -c 1 -m jtag -o “p;signed_provision_helper_image.rbf” --force

You may omit the initialize operation from examples provided in this chapter if you have already programmed a provision helper image.

If you plan to use firmware co-signing, you may use a co-signed helper image on an unprovisioned device as the unprovisioned device ignores non-Intel signature chains over SDM firmware.