Intel Agilex® 7 Device Security User Guide

ID 683823
Date 7/07/2023
Document Table of Contents

4.6. Programming Counter Fuses

You update the Security Version Number (SVN) and Pseudo Time Stamp (PTS) counter fuses using signed compact certificates.
Note: The SDM keeps track of the minimum counter value seen during a given configuration and does not accept counter increment certificates when the counter value is smaller than the minimum value. You must update all objects assigned to a counter and reconfigure the device prior to programming a counter increment compact certificate.
Run one of the following commands that corresponds to the counter increment certificate you want to generate.
quartus_pfg --ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert
quartus_pfg --ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert

A counter value of –1 creates a counter increment authorization certificate. Programming a counter increment authorization compact certificate enables you to program further unsigned counter increment certificates to update the respective counter. You use the quartus_sign tool to sign the counter compact certificates in a similar fashion to key cancellation ID compact certificates.

You may program a root key hash cancellation compact certificate via JTAG, FPGA , or HPS mailboxes.

Did you find the information on this page useful?

Characters remaining:

Feedback Message