Intel Agilex® 7 Device Security User Guide

ID 683823
Date 7/07/2023
Public
Document Table of Contents

2.1.3. Creating the Signature Chain Root Entry

Convert the root public key into a signature chain root entry, stored on the local file system in the Intel® Quartus® Prime key (.qky) format file, with the make_root operation. Repeat this step for each root key you generate.

Run the following command to create a signature chain with a root entry, using a root public key from the file system:
quartus_sign --family=agilex --operation=make_root  \
--key_type=owner root0_public.pem root0.qky
Run the following command to create a signature chain with a root entry, using the root key from the SoftHSM token established in the prior section:
quartus_sign --family=agilex --operation=make_root --key_type=owner \
--module=softHSM --module_args="--token_label=agilex-token \
--user_pin=agilex-token-pin \
--hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so" root0 root0.qky