Visible to Intel only — GUID: snc1627954739075
Ixiasoft
3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface
3.3.2. Configuration Bitstream Encryption Using the Programming File Generator Command Line Interface
3.3.3. Partially Encrypted Configuration Bitstream Generation Using the Command Line Interface
3.3.4. Partial Reconfiguration Bitstream Encryption
4.1. Using SDM Provision Firmware
4.2. Using QSPI Factory Default Helper Image on Owned Devices
4.3. Authentication Root Key Provisioning
4.4. Programming Key Cancellation ID Fuses
4.5. Canceling Root Keys
4.6. Programming Counter Fuses
4.7. Secure Data Object Service Root Key Provisioning
4.8. Security Setting Fuse Provisioning
4.9. AES Root Key Provisioning
4.10. Converting Owner Root Key, AES Root Key Certificates, and Fuse files to Jam STAPL File Formats
Visible to Intel only — GUID: snc1627954739075
Ixiasoft
4.6. Programming Counter Fuses
You update the Security Version Number (SVN) and Pseudo Time Stamp (PTS) counter fuses using signed compact certificates.
Note: The SDM keeps track of the minimum counter value seen during a given configuration and does not accept counter increment certificates when the counter value is smaller than the minimum value. You must update all objects assigned to a counter and reconfigure the device prior to programming a counter increment compact certificate.
Run one of the following commands that corresponds to the counter increment certificate you want to generate.
quartus_pfg --ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert
A counter value of –1 creates a counter increment authorization certificate. Programming a counter increment authorization compact certificate enables you to program further unsigned counter increment certificates to update the respective counter. You use the quartus_sign tool to sign the counter compact certificates in a similar fashion to key cancellation ID compact certificates.
You may program a root key hash cancellation compact certificate via JTAG, FPGA , or HPS mailboxes.