ID 683823
Date 10/31/2022
Public

## 2.1. Creating a Signature Chain

You may use the quartus_sign tool or the agilex_sign.py reference implementation to perform signature chain operations. This document provides examples using quartus_sign.
To use the reference implementation, you substitute a call to the Python interpreter included with Intel® Quartus® Prime software and omit the --family=agilex option; all other options are equivalent. For example, the quartus_sign command found later in this section
quartus_sign --family=agilex --operation=make_root root_public.pem root.qky
can be converted into the equivalent call to the reference implementation as follows
pgm_py agilex_sign.py --operation=make_root root_public.pem root.qky

Intel® Quartus® Prime Pro Edition software includes the quartus_sign, pgm_py, and agilex_sign.py tools. You may use the Nios® II command shell tool, which automatically sets appropriate environment variables, to access the tools.

Follow these instructions to bring up a Nios® II command shell.

Bring up a Nios® II command shell.
Option Description
Windows On the Start menu, point to Programs > Intel FPGA > Nios II EDS > <version> and click Nios II <version> Command Shell.
Linux In a command shell change to the <install_dir>/nios2eds and run the following command:
./nios2_command_shell.sh

The examples in this section assume signature chain and configuration bitstream files are located in the current working directory. If you choose to follow the examples where key files are kept on the file system, those examples assume the key files are located in the current working directory. You may choose which directories to use, and the tools support relative file paths. If you choose to keep key files on the file system, you must carefully manage access permissions to those files.

Intel recommends the use of a commercially available Hardware Security Module (HSM) to store cryptographic keys and perform cryptographic operations. The quartus_sign tool and reference implementation include a Public Key Cryptography Standard #11 (PKCS #11) Application Programming Interface (API) to interact with an HSM while performing signature chain operations. The agilex_sign.py reference implementation includes an interface abstract as well as an example interface to SoftHSM.

Characters remaining:

Feedback Message