Using PR Bitstream Security Verification (Stratix® 10 Designs)

PR bitstream validation confirms that the persona does not use FPGA resources that are unauthorized by the .smsf.

Thereafter, the Programmer requires both the .pmsf and .smsf to generate the PR bitstream (.rbf) for this PR region, ensuring that the PR persona can only change bits that the persona owns. The Platform Owner can optionally release .smsf files to third-party Clients as part of the PR region collateral. The Platform Owner uses the .smsf to generate the PR bitstream from Client's .pmsf for this PR region.

Figure 1. PR Bitstream Security Validation in Programmer
The Platform Owner should follow these steps to license, enable, and use PR bitstream security verification:
  1. Obtain the license file to enable generation of .smsf files for PR regions during base compilation, and to perform PR bitstream security verification during PR bitstream generation in the Programmer. To obtain the license, login or register for a My-Intel account, and then submit an Intel® Premier Support case requesting the license key.
  2. To add the license file to the Quartus® Prime Pro Edition software, click Tools > License Setup and specify the feature License File.
  3. To enable PR security validation features, add the following line to the project .qsf: 
    set_global_assignment -name PR_SECURITY_VALIDATION on
  4. Compile the base revision.
  5. Following base compilation, view the Assembler reports to view the generated .smsf files required for bitstream generation for each PR region.
  6. The Client provides the .pmsf to the Platform Owner.
  7. The Platform Owner verifies the .pmsf, converts the .pmsf to .rbf, and configures the FPGA device with the .rbf.
  8. The platform owner converts the .pmsf to a PR bitstream. Providing the .smsf file to quartus_cmf instructs the tool to validate the .pmsf against that .smsf, and then to generate a bitstream only if the files are compatible.
    quartus_cpf -c –-smsf=<smsf_file> <pmsf_file> <output_file>