Intel Stratix 10 User manual
Contents
1. Intel® Stratix® 10 Device Security Overview...................................................................4
1.1. Intel Stratix 10 Secure Device Manager (SDM).......................................................... 6
1.2. Enabling Intel Stratix 10 Security Features................................................................7
1.2.1. Side Channel Mitigation.............................................................................. 7
1.3. Owner Security Keys and Programming.................................................................... 8
1.3.1. Owner Root Public Key Hash Programming.................................................... 9
1.3.2. AES Root Key Programming........................................................................ 9
1.4. Planned Security Features.......................................................................................9
1.4.1. Physically Unclonable Function (PUF) Overview.............................................. 9
1.4.2. Anti-Tampering........................................................................................ 10
1.4.3. Black Key Provisioning.............................................................................. 10
2. Design Authentication...................................................................................................11
2.1. The Configuration Bitstream ................................................................................. 11
2.2. Signature Block................................................................................................... 13
2.2.1. Canceling Intel Firmware ID...................................................................... 16
2.2.2. Authentication for HPS Software................................................................ 17
3. Using the Authentication Feature..................................................................................18
3.1. Step 1: Creating the Root Key............................................................................... 19
3.2. Step 2: Creating the Design Signing Key................................................................. 19
3.3. Step 3: Appending the Design Signature Key to the Signature Chain...........................20
3.4. Step 4: Signing the Bitstream................................................................................21
3.5. Step 4a: Signing the Bitstream Using the Programming File Generator........................ 21
3.6. Step 4b: Signing the Bitstream Using the quartus_sign Command.............................. 23
3.7. Step 5: Programming the Owner Root Public Key for Authentication............................24
3.8. Step 5a: Programming the Owner Root Public Key....................................................24
3.9. Step 5b: Calculating the Owner Root Public Key Hash............................................... 26
4. Co-Signing Device Firmware Overview..........................................................................27
4.1. Using the Co-Signing Feature................................................................................ 27
4.1.1. Prerequisites for Co-Signing Device Firmware.............................................. 28
4.1.2. Generating the Owner Firmware Signing Key............................................... 28
4.1.3. Co-Signing the Firmware ..........................................................................29
4.1.4. Powering On In JTAG Mode After Implementing Co-Signed Firmware...............29
5. HPS Debug Using a Certificate...................................................................................... 30
5.1. Enabling HPS JTAG Debugging .............................................................................. 31
6. Signing Command Detailed Description........................................................................ 33
6.1. Generate Private PEM Key..................................................................................... 34
6.2. Generate Public PEM Key.......................................................................................34
6.3. Generate Root Signature Chain.............................................................................. 34
6.4. Append Key to Signature Chain..............................................................................35
6.5. Sign the Bitstream, Firmware, or Debug Certificate.................................................. 36
6.6. Calculate Root Public Key Hash from QKY................................................................ 36
7. Encryption and Decryption Overview............................................................................ 37
7.1. Using the Encryption Feature.................................................................................39
Contents
Intel® Stratix® 10 Device Security User Guide Send Feedback
2
7.1.1. Step 1: Preparing the Owner Image and AES Key File................................... 39
7.1.2. Step 2a: Generating Programming Files Using the Programming File
Generator............................................................................................... 40
7.1.3. Step 2b: Generating Programming Files Using the Command Line Interface .... 41
7.1.4. Step 3a: Specifying Keys and Configuring the Encrypted Image Using the
Intel Quartus Prime Programmer ...............................................................41
7.1.5. Step 3b: Programming the AES Key and Configuring the Encrypted Image
Using the Command Line.......................................................................... 44
7.1.6. Storing the AES Key AES in Physical eFuses.................................................45
7.1.7. Storing the AES Key in BBRAM using the JTAG Mailbox..................................45
8. Encryption Command Detailed Description................................................................... 46
8.1. Make AES Key..................................................................................................... 46
8.2. Encrypt the Bitstream...........................................................................................47
9. Using eFuses ................................................................................................................ 48
9.1. Fuse Programming Input Files............................................................................... 50
9.1.1. Fuse File Format...................................................................................... 51
9.1.2. Programming eFuses ............................................................................... 51
9.1.3. Canceling eFuses..................................................................................... 53
9.1.4. Converting Key, Encryption, and Fuse Files to Jam Staple File Formats............ 53
10. Document Revision History for Intel Stratix 10 Device Security User Guide................ 55
Contents
Send Feedback Intel® Stratix® 10 Device Security User Guide
3
1. Intel® Stratix® 10 Device Security Overview
Intel® Stratix® 10 devices provide flexible and robust security features to help protect
sensitive data, intellectual property, and the device itself under both remote and
physical attacks.
Intel Stratix 10 devices provide two main categories of security features:
authentication and encryption.
Authentication helps to ensure that both the firmware and the configuration bitstream
are from a trusted source. Authentication is fundamental to Intel Stratix 10 security.
You cannot enable any other Intel Stratix 10 security features without enabling owner
authentication.
Encryption helps to protect confidential information such as intellectual property or
sensitive data from being extracted from the owner configuration bitstream.
Here are the specific security features that Intel Stratix 10 devices provide:
Authentication Category
• Elliptic Curve Digital Signature Algorithm (ECDSA) Based Public-Key
Authentication: Intel Stratix 10 devices always require firmware authentication for
all Intel firmware that loads into silicon. The ECDSA authentication of firmware
implements this requirement. Intel is the only source that provides the primary
firmware for the Secure Device Manager (SDM) and all other firmware that runs
on other configuration processors in the Intel Stratix 10 device.
Intel Stratix 10 devices do not require authentication for configuration bitstreams.
You may enable configuration bitstream authentication by programming the hash
of your root public key into eFuses. This process establishes you as the owner of
the device. After you enable configuration bitstream authentication, you must
create a valid signature chain based on your root key for each configuration
bitstream. Your Intel Stratix 10 device completes configuration after successful
validation of your signature chain.
• Anti-tampering security feature: Anti-tampering addresses physical attacks on
silicon. There are two categories of anti-tampering features: passive and active
anti-tampering.
— The passive anti-tampering feature enforces physical security features using
redundancy and interlocking systems. Passive anti-tampering is always
running on Intel Stratix 10 devices. Passive anti-tampering functions do not
operate in response to a particular function.
— Active anti-tampering responds when the silicon detects physical attacks from
the outside. By default, all active anti-tampering functions are off. When the
active anti-tampering function is on, you can select which detection functions
and responses to enable. Active anti-tampering is planned for a future release.
Refer to Anti-Tampering on page 10 for more information.
UG-S10SECURITY | 2020.01.15
Send Feedback
Intel Corporation. All rights reserved. Agilex, Altera, Arria, Cyclone, Enpirion, Intel, the Intel logo, MAX, Nios,
Quartus and Stratix words and logos are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or
other countries. Intel warrants performance of its FPGA and semiconductor products to current specifications in
accordance with Intel's standard warranty, but reserves the right to make changes to any products and services
at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any
information, product, or service described herein except as expressly agreed to in writing by Intel. Intel
customers are advised to obtain the latest version of device specifications before relying on any published
information and before placing orders for products or services.
*Other names and brands may be claimed as the property of others.
ISO
9001:2015
Registered
Encryption Category
• Advanced Encryption Standard (AES)-256 encryption: This feature helps protect
the confidentiality of intellectual property (IP) or sensitive data in the owner
configuration bitstream. AES-CTR (counter) mode is the base for bitstream
encryption. To reduce AES key exposure AES decryption only operates on data
that has already passed public key authentication.
• Side channel protection: This feature helps to protect the AES Key and confidential
data from extraction through non-intrusive attacks. Intel Stratix 10 devices
include the following functions to minimize any potential side channel leakage:
— The authentication first flow helps to protect against encrypted bitstream
modifications that reveal an encryption key.
— A key update function reduces the amount of bitstream data encrypted with a
single key.
— Long route data line scrambling reduces the exposure of decrypted
configuration data on the chip-wide configuration network.
— A 256-bit wide direct key bus loading minimizes the transmission time of
sensitive key material.
— Key scrambling limits any potential side-channel exposure when you store the
AES root key in eFuses.
• Multiple AES root key choices: Intel Stratix 10 devices currently support two
different locations for root AES keys: eFuse and BBRAM. In addition, physically
unclonable function (PUF) is planned for a future release. Refer to Physically
Unclonable Function (PUF) Overview on page 9 for more information.
These security features are available in Intel Stratix 10 devices that support advanced
security. The following table lists the security features that Intel Stratix 10 devices
support.
Intel Stratix 10 Authentication Advanced Security
GX Yes -AS suffix devices
SX Yes -AS suffix devices
MX Yes -AS suffix devices
TX Yes -AS suffix devices
DX Yes Yes
Related Information
•Intel Stratix 10 Device Security User Guide Archives
•Intel Quartus® Prime Pro Edition User Guide Programmer
Describes operation of the Intel Quartus® Prime Pro Edition Programmer which
allows you to configure Intel FPGA devices and program CPLD and
configuration devices via connection with an Intel FPGA download cable.
•Intel Stratix 10 Device Feature Status
For more information about the status of planned Intel Stratix 10 device
security features.
1. Intel® Stratix® 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
5
1.1. Intel Stratix 10 Secure Device Manager (SDM)
The Secure Device Manager (SDM) is a triple-redundant processor-based module that
manages the configuration and security features of Intel Stratix 10 devices. The SDM
authenticates and decrypts configuration data.
Figure 1. Secure Device Manager
Configuration
Sector
Configuration
Sector
Configurable Network Interface
SDM Pins
Secure Device Manager
Dual Purpose I/O
Intel Stratix 10 FPGA
Intel Stratix 10 Blocks
(All Family Variants)
Configuration
Sector
Configuration
Sector
Configuration Network
Local Sector
Manager (LSM)
Local Sector
Manager (LSM)
Local Sector
Manager (LSM)
Local Sector
Manager (LSM)
Figure 2. Secure Device Manager
Secure configuration includes the following steps:
• If you have enabled authentication, the SDM checks that a trusted source, the
device owner, has authorized the configuration bitstream.
• The SDM always performs an integrity check over the bitstream using SHA-256 or
SHA-384. This integrity check protects against intentional attacks and against
accidental corruption of the bitstream, such as a bad write to flash.
• If the configuration bitstream authenticates and you have enabled AES Encryption,
the SDM decrypts the data. The SDM drives the decrypted data on the
configuration network to Local Sector Managers (LSM) on the configuration
network. Each LSM parses the sector configuration block data and configures the
logic elements in the sector that it manages.
Related Information
Intel Stratix 10 Configuration User Guide: Secure Device Manager
1. Intel® Stratix® 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
6
1.2. Enabling Intel Stratix 10 Security Features
Enabling any of the Intel Stratix 10 device security features first requires you to
program the owner root public key hash into eFuse storage. Programming the hash of
the root public key enables authentication, after which your configuration bitstreams
must be signed. In addition, other security features, such as bitstream encryption, are
available. Intel Stratix 10 devices support both virtual and physical eFuse
programming. Before you program any security eFuse, Intel recommends that you use
the virtual eFuse programming to test that the values being programmed are correct.
Caution: Incorrect programming of security eFuses can permanently prevent the device from
configuring.
The fusing process automatically computes the hash of the owner root public key.
When you program the owner root key hash, the programmer automatically programs
the hash value, not the full key.
You can enable the following additional security options to further enhance the
security level:
• Advanced Encryption Standard (AES) Encryption protects your IP and secures your
data. This option includes multiple sub-options relating to side channel mitigation.
• Configuration firmware joint signature capability specifies that you, in addition to
Intel, must sign the version of configuration firmware that runs on your device. If
you enable the joint signature capability, the device only loads firmware signed by
both Intel and by you, the device owner. An eFuse on the Intel Stratix 10 device
enables this feature. For a full list of available eFuse security options, refer to
Using eFuses.
eFuse programming sets a minimum-security strength. All eFuse enforced security
options are permanent.
In contrast to permanent security features, Intel Stratix 10 devices include some
dynamic security options that you can control without using eFuses. Disabling HPS
debugging is one example of a dynamic security feature. You control dynamic security
options by setting optional fields in the configuration bitstream. The Intel Stratix 10
device enforces dynamic security options beginning with bitstream configuration,
instead of at power-on, providing additional flexibility.
Related Information
Using eFuses on page 48
1.2.1. Side Channel Mitigation
Side channel mitigation technology helps prevent secret leakage from the
Intel Stratix 10 device. Side channel mitigation is not limited to the AES engine. Any
circuit which could transport secret key material has its associated mitigation.
1. Intel® Stratix® 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
7
The following side channel mitigation features are available in Intel Stratix 10 devices:
• Authentication first: The device authenticates the bitstream before decrypting it.
Attackers cannot perform differential attacks on the AES encrypted data without
breaking authentication.
• Key update: Limits the amount of encrypted data per key to 1024 bytes.
• Direct key loading: Uses a 256-bit point-to-point key bus to reduce emissions.
• Data scrambling: Scrambles data on long wires within the configuration network
on a chip (NoC).
1.3. Owner Security Keys and Programming
Intel Stratix 10 devices support two types of security keys:
• Owner root public key hash: Programming this key enables the owner
configuration bitstream authentication. Configuration bitstream authentication is
the fundamental security feature. You must enable configuration bitstream
authentication before you can enable other security features. The Intel Stratix 10
device stores the SHA-256 or SHA-384 hash of this key in physical eFuses or
virtual eFuses. This hash validates the integrity of the root public key, which is the
first step in the process to authenticate the configuration bitstream.
• Owner AES key: This optional key decrypts the encrypted owner image during the
configuration process. You can store the AES key in virtual eFuses, physical
eFuses, or a BBRAM. PUF support for AES key handling is planned for a future
release.
In contrast to eFuse (non-volatile) storage, BBRAM storage is reprogrammable.
The BBRAM key vault holds a single key. Programming a new key deletes the
previously programmed key. The BBRAM key vault includes a built-in function to
perform periodic key flipping to prevent key imprinting. The BBRAM has its own
power supply. VCCBAT powers the BBRAM AES key. The voltage range is 1.2V -
1.8V. For more information about required voltage ranges refer to the Intel Stratix
10 Device Family Pin Connection Guidelines.
You program both the root public key hash and the AES key using JTAG. The
configuration bitstream specifies the owner AES key location. For extra security,
you can program fuses to disable some of the key storage locations. For example,
if your design stores the AES key in eFuses, you can program the BBRAM root key
disable fuse for additional security.
Intel Stratix 10 devices support both red key (unencrypted) and black key
(encrypted) provisioning (transport). JTAG transmits keys in an unencrypted
format. Encrypting the AES key reduces the risk of disclosing the key during the
manufacturing process. Refer to Black Key Provisioning on page 10 for more
information about programming an encrypted AES key.
Note: You program or blow eFuses by flowing a large current for a specific amount of time.
This process is irreversible.
Related Information
•Recommended Operating Conditions for VCCBAT in Stratix 10 Device Datasheet
•Intel Stratix 10 Device Family Pin Connection Guidelines
1. Intel® Stratix® 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
8
1.3.1. Owner Root Public Key Hash Programming
You can store the owner root public key hash in virtual eFuses (volatile) or physical
eFuses (non-volatile).
You specify either virtual or physical eFuses when you program your device. Once you
program the physical eFuse key, you cannot change or reprogram the key.
1.3.2. AES Root Key Programming
You specify the storage option for the AES root key on the Security page of the
Assignments ➤ Device ➤ Device and Pin Options. In the current release, you can
select Battery Backup RAM (BBRAM) or eFuses. When you generate the SRAM
Object File .sof the Intel Quartus® Prime Pro Edition Software records the key you
specify to partially encrypt the configuration bitstream.
Figure 3. Specify Storage Location for Encryption Key
Specify Quartus
Prime Key File
Select Key
Storage Location
The Intel Quartus Prime Programmer also includes an Encryption Key Select option
with two choices: Battery Backup RAM or eFuses. This option is available for Intel
Stratix 10 and later devices that include the SDM when you program a Intel Quartus
Prime encryption key .qek.
1.4. Planned Security Features
Some Intel Stratix 10 advanced security features are not currently supported, but are
planned to be supported in a future release. These features include support for a PUF,
anti-tampering, and black key provisioning.
1.4.1. Physically Unclonable Function (PUF) Overview
The Intel Stratix 10 device provides access to the PUF as part of the device
configuration process. The PUF generates device-unique, unclonable keys based on
SRAM initialization patterns. You can use the PUF to assist with AES root key
encryption. Encrypting an AES key is also called key wrapping. You store the wrapped
AES root key in external flash memory. Using the PUF also requires storing PUF helper
data in the external flash memory.
Note: To enable the PUF function, you must negotiate a license agreement with Intrinsic ID.
1. Intel® Stratix® 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
9
Related Information
Intel Stratix 10 Device Feature Status
For more information about the status of planned Intel Stratix 10 device security
features.
1.4.2. Anti-Tampering
Anti-tampering features help detect and respond to certain physical attacks on silicon.
The SDM monitors operating conditions such as input clocks, voltage, and temperature
to detect device tampering. Changes in these conditions may indicate a tampering
event. You can choose an appropriate response to a detected event. Possible
responses include but are not limited to the following actions:
• Device reset
• Device reset with configuration data zeroization
• BBRAM AES key destruction
You enable anti-tampering features during the design process. The configuration
bitstream includes the resulting data.
Related Information
Intel Stratix 10 Device Feature Status
For more information about the status of planned Intel Stratix 10 device security
features.
1.4.3. Black Key Provisioning
AES encryption helps protect confidential information or sensitive data in a
configuration bitstream. When you enable AES encryption you must protect the AES
key during programming, or provisioning, the AES key to the device. Typically, AES
key provisioning occurs at a trusted facility at increased cost.
Black key provisioning creates a direct secure channel between your hardware security
module (HSM) and the Intel Stratix 10 device. This secure channel ensures that your
HSM can provision the AES key and other confidential information without exposure to
an intermediate party. Black key provisioning can reduce or eliminate the need to
program the AES key at a trusted facility.
Related Information
Intel Stratix 10 Device Feature Status
For more information about the status of planned Intel Stratix 10 device security
features.
1. Intel® Stratix® 10 Device Security Overview
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
10
2. Design Authentication
FPGA designs may exhibit unintended behavior if an unauthorized client modifies the
configuration bitstream. Intel Stratix 10 FPGAs include a feature to authenticate the
bitstream, which helps to ensure that the bitstream is from a trusted source.
Authentication uses ECDSA signatures to validate the content of a bitstream.
Authentication helps to prevent the Intel Stratix 10 FPGA from configuring with an
unauthorized configuration bitstream.
When you use authentication, your manufacturing process programs the hash digest
of the ECDSA root public key into FPGA eFuses. The configuration bitstream contains
the full root public key. The SDM computes the hash digest of the root public key and
compares the computed hash digest to the hash digest stored in eFuses. The SDM
only proceeds to authenticate the bitstream if the values match.
Intel Stratix 10 devices support 256- or 384-bit key length for authentication. Intel
strongly recommends that you use 384-bit authentication of all new designs. If you
select 384-bit authentication, the Intel Stratix 10 device uses SHA-384 with ECDSA
secp384r1. If you select 256-bit authentication, the Intel Stratix 10 device uses uses
SHA-256 with ECDSA prime256v1. You cannot change the root key or the
authentication key length after you program the eFuses. Choose 256-bit
authentication only if you have legacy hardware, such as an HSM, that cannot handle
384 bit keys.
SHA-384 generates a bitstream that is larger than SHA-256. SHA-384 hashes result in
longer configuration times.
2.1. The Configuration Bitstream
The figure below shows an Intel Stratix 10 configuration bitstream that includes an
FPGA and HPS. The firmware implements many functions including the functions listed
here:
• FPGA configuration
• Voltage regulator configuration
• Temperature measurements
• HPS software load
• HPS reset
• Read, erase, and program flash memory
• Device security, including authentication and encryption
The SDM always authenticates the firmware section of the configuration bitstream.
The SDM authenticates the SDM firmware section using an Intel keychain. You may
also choose to sign the SDM firmware by programming the Co-signed Firmware eFuse
UG-S10SECURITY | 2020.01.15
Send Feedback
Intel Corporation. All rights reserved. Agilex, Altera, Arria, Cyclone, Enpirion, Intel, the Intel logo, MAX, Nios,
Quartus and Stratix words and logos are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or
other countries. Intel warrants performance of its FPGA and semiconductor products to current specifications in
accordance with Intel's standard warranty, but reserves the right to make changes to any products and services
at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any
information, product, or service described herein except as expressly agreed to in writing by Intel. Intel
customers are advised to obtain the latest version of device specifications before relying on any published
information and before placing orders for products or services.
*Other names and brands may be claimed as the property of others.
ISO
9001:2015
Registered
on the device. When you enable co-signed firmware you must co-sign the firmware
before generating bitstreams. The SDM validates both the Intel signature and your
signature before loading and running the SDM firmware.
Figure 4. Example of an Intel Stratix 10 Configuration Bitstream Structure
Firmware Section
Firmware section
Quartus Prime
version dependent
Design Section
(IO Configuration)
Design Section
(FPGA Core Configuration)
Design Section
(HPS boot code)
The I/O, HPS, and FPGA sections are dynamic and contain the device configuration
information based on your design. Each dynamic section of the configuration bitstream
stores information in the same format. Each section begins with a 4 kilobyte (KB)
header block, followed by a signature block, hash blocks, and data.
2. Design Authentication
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
12
Figure 5. Configuration Bitstream Layout
Header Block
Hash for Hash Block 0
Hash in the
Header Block
validates
Hash Block 0
Hash and signature
over Header Block
Signature Block
Hash Block 0 (SHA-384 or SHA-256)
Data Block 0
Data Block 1
Data Block 83 or 125
Hash Block 1 (SHA-384 or SHA-256)
Data Block 83 or 125
Hash Block N
Data Block 0
Data Block 1
Hash Block 0
validates
Hash Block 1,
and so on
The header block contains a hash which validates hash block 0. Each hash block
contains up to 125 SHA-256 hashes or 83 SHA-384 hashes. These hashes validate
subsequent data blocks. A modification to any part of a section invalidates the
signature. The modification results in configuration failure before the SDM processes
the modified data.
2.2. Signature Block
The signature block validates the contents of the header block. After successfully
validating the signatures, the SDM processes the data based on the signatures
provided.
Figure 6. Signature Block Format
In this figure the Root Key is the same in all signature chains.
SHA-384 hash over Header Block 1st Signature Chain
2nd Signature Chain
3rd Signature Chain
4th Signature Chain
Root Key
Public Key Entry 1 (Recommended)
Public Key Entry 2 (Optional)
Header Block Entry
Offset to signature chains
Up to 4 Signature Chains
Dynamic Sector Pointers
32-bit CRC
Public Key Entry 3 (Optional)
2. Design Authentication
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
13
For more information about how the quartus_sign command appends the public
keys to the root key to create a signature chain refer to Figure 8 on page 18.
Note: The Intel Quartus Prime Pro Edition Software GUI only supports one signature chain.
You can use the quartus_sign command to create multiple signature chains for a
Raw Binary File .rbf.
Table 1. Signature Block
Block Description
SHA-384 hash of
header block
This hash function checks for accidental changes in the preceding block of the configuration
bitstream, typically the header block.
Signature chains Zero or more signature chains. Each signature chain can include up to 4 keys, including the owner
public root key. You can assign the other 3 keys reduced permissions so that the keys can only sign
a specific section of the configuration bitstream.
The Intel Quartus Prime Software supports 2 keychains for firmware signing and up to 4 keychains
for the configuration bitstream. Multiple keychains provide some flexibility.
Dynamic sector
pointers
Locate the design sections for the remainder of the image when you store the image in flash
memory.
32-bit CRC Protects the block from accidental modification. The CRC does not provide security. Software tools
can check the CRC to identify accidental modifications.
Signature Chain Details
Intel Stratix 10 FPGAs support up to four signature chains. If a signature chain is
invalid, it is ignored. The FPGA starts validating the next signature chain. To pass
authentication, at least one signature keychain must pass.
Table 2. Signature Chain Content
Content Description
Root Key
Entry
The Root Entry anchors the chain to a root key known to the device. The SDM calculates the hash of the
root entry and checks if the it matches the expected hash. You store the root key hash in eFuses.
Public Key
Entry
Signature chains enable flexible key management. Intel recommends one public key entry in each signature
chain. The previous public key signs the new public key. The public key entry provides following capabilities:
• Key permission bit field to limit the sections of the configuration bitstream a public key entry can sign.
The bits grant permissions for a public signing key:
— Bit 0: Firmware
— Bit 1: FPGA I/O, core and PR sections
— Bit 2: HPS I/O and first stage bootloader (FSBL) sections
— Bit 3: HPS debug certificate
•For the quartus_sign command, specify these permissions as the equivalent hexadecimal value, 0x1,
0x2, 0x4, or 0x8. If more than one bit field is on, the key can sign more than one type of section. For
example, if both bits 1 and 2 are on the permission value is 0x6 and the key can sign the FPGA I/O,
core, PR, HPS I/O, and FSBL sections of the design.
• Cancellation ID: Specifies the number that cancels a key that is no longer valid. Intel Stratix 10 devices
support 32 cancellation IDs. Cancellation IDs 0-31 cancel owner keys. Once you cancel a key, any
previous designs signed by the canceled key are unusable. You can use this feature to prevent older
designs from running on a device or as part of recovery from a compromised key. Refer to
Understanding Permissions and Cancellation IDs on page 15 for more information about how to
manage cancellation IDs.
Second- or third-level keys typically sign data. Intel Stratix 10 devices support signature chains containing
up to 4 keys, including up to 3 public key entries.
Header
Block Entry
The final entry in a signature chain signs the actual data. The Header Block Entry authenticates the first
block of the section, and thus authenticates the whole section.
2. Design Authentication
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
14
Understanding Permissions and Cancellation IDs
You use permissions to specify the types of sections that a key can sign. You can use
the same or different keys for different sections. When you create a key you assign it
permissions and a cancellation ID which is an integer in the range -1-31. Cancellation
ID -1 is for an uncancellable key. Uncancellable keys are useful as second- or third-
level keys. You can use this key to for two purposes:
• To sign other keys with the same or fewer permissions
• To sign sections directly
If you use the same cancellation ID for more than one key, canceling any key with
that cancellation ID cancels all keys using that cancellation ID. For example, if you
assign the same cancellation ID to both the FPGA and HPS keys, canceling the HPS
key also invalidates the FPGA key. You can revalidate subsequent uncanceled keys
with a signature from another key.
You cannot cancel the root key. Consequently, the root key does not have a
cancellation ID. However, you can cancel a signature chain that includes two or more
signature levels. Intel strongly recommends that you create a signature chain with at
least two levels to retain the ability to update your signature keychain.
A good signature chain includes the following components:
• Root key which is not cancellable on Intel Stratix 10 devices.
• First-level public key with a cancellation ID and restricted permissions.
• Optional second- and third-level public keys. Normally, these keys are not
cancellable and have same permissions as the first-level key which signed them. If
you can cancel one key in a key chain you can conserve cancellation IDs by using
keys that are not cancellable for the optional second- and third-level keys.
Here are some reasons that you may need to cancel a signature key:
• A private key is accidentally released.
• You find a vulnerability in your design.
• You find a bug in the design after having created the signed configuration
bitstream.
• You want to update the current design as part of a normal release cycle.
The Programmer performs a logical AND to determine which sections of a design a key
can sign. Consequently, to create separate permissions for Core, I/O and PR logic and
the HPS and FSBL, you must create two first-level keychains as shown in the following
figure.
2. Design Authentication
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
15
Figure 7. Create Separate Signature Chains for Different Permissions
Create 1st Level
Signature Chain Signature Chain
Root Keychain
Permission = 2 (Core, I/O, PR)
Cancellation ID = 0
1st Level Core, I/O, PR
Create 1st Level
Signature Chain Signature Chain
Root Keychain
Permission = 4 (HPS, FSBL)
Cancellation ID = 1
1st Level HPS, FSBL
Level Public Key
1st
1st
Level Public Key
2.2.1. Canceling Intel Firmware ID
If you are using device security features, Intel recommends that you update your
configuration firmware to the latest available release. Additionally, Intel recommends
canceling the cancellation of IDs for older versions of firmware to help ensure the
device can only loads the most current firmware. This section describes when and how
Intel firmware IDs are canceled.
As of Intel Quartus Prime Pro Edition Version 19.3, Intel has used the following
firmware IDs.
Table 3. Intel Firmware IDs
Firmware ID Firm Release
0-3 Early versions of firmware
4 Intel Quartus Prime Pro Edition 19.1 and 19.2
5 Intel Quartus Prime Pro Edition 19.3
When you program the owner root public key hash into a device the firmware also
cancels ID eFuses to prevent older firmware from running. For example, if you use the
19.3 firmware to program the public key hash, this firmware automatically cancels IDs
0 to 4. The only situation where firmware automatically programs cancellation eFuses
is during owner public key hash programming. In all other circumstances you must
use the Intel Quartus Prime Programmer or mailbox commands to program eFuses.
After you have upgraded to a new version of the firmware you should prevent older
versions of firmware from running by following these steps:
2. Design Authentication
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
16
1. Upgrade all bitstreams stored in flash to use the new firmware version. You do not
need to recompile your designs. You can recreate them by using the new version
of Programmer or quartus_pfg to convert the .sof into a programming file
such as .rbf or Programmer Object File .pof. You can then program the
upgraded firmware into flash memory.
2. If using RSU, follow the instructions in the Updates with the Factory Update Image
topic in the Intel Stratix 10 Configuration User Guide to upgrade the decision
firmware and factory images in the system to the latest version. The RSU upgrade
procedure protects itself against disruptions such as power failure which could
interrupt the upgrade.
3. Send commands to the device to tell it to cancel the old Intel cancellation eFuses.
You can use the Intel Quartus Prime Pro Edition Programmer to accomplish this
task.
The firmware does not automatically program cancellation eFuses in any case except
programming the root public key hash. Consequently, you can upgrade the images in
flash memory before programming the cancellation eFuses.
Intel recommends adopting the following practices:
• Use the newest available firmware in your configuration bitstreams.
• Program cancellation eFuses to prevent older firmware from running on the
device.
Related Information
•PCNs, PDNs, and Advisories
For a listing of Advisories for Intel FPGAs and Programmable Devices.
•Updates with the Factory Update Image
For the steps to update flash memory with a new factory image and the
associated decision firmware and decision firmware data.
2.2.2. Authentication for HPS Software
If you are using an SoC device, the HPS Boot Code is part of the bitstream that is
authenticated by the SDM during configuration.
After you successfully load the HPS Boot Code on the Intel Stratix 10 device, you may
need to ensure that the following boot stages of the HPS Software are also
authenticated.
The Rocketboards web page includes an example that uses U-boot to authenticate
the subsequent boot stages of the HPS software.
Related Information
Intel Stratix 10 SoC Secure Boot Demo Design
2. Design Authentication
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
17
3. Using the Authentication Feature
To authenticate an Intel Stratix 10 FPGA configuration bitstream, you prepare an
authentication signature chain which includes root and public keys.
Starting with version 18.1 of the Intel Quartus Prime software, you can use the
quartus_sign command to create a signature chain.
The following figure provides an overview of the steps to create an authentication
signature chain. It shows the steps for the following operations:
1. make_root (light yellow)
2. fuse_info (darker yellow)
3. append_key (light blue)
4. sign (light gray)
The make_private_pem and make_public_pem (top right of figure) prepare the
public and private keys that are inputs to the four operations listed above.
Figure 8. Steps to Create a Signature Chain
Operation: fuse_info Operation: sign
Operation: make_private_pem
Operation: make_public_pem
Operation: append_keyOperation: make_root Signed
Bitstream
Write Hash
to Fuses
Create Root
Signature Chain
Create 1st Level
Signature Chain
1st Level
Signature Chain
2nd Level
Signature Chain
Create 2nd Level
Signature Chain
Bitstream
Add Signature
to Bitstream
2nd Level
Public Key
1st Level
Public Key
Root
Keychain
2nd Level
Private Key
Root
Public Key
Root
Private Key
1st Level
Private Key
UG-S10SECURITY | 2020.01.15
Send Feedback
Intel Corporation. All rights reserved. Agilex, Altera, Arria, Cyclone, Enpirion, Intel, the Intel logo, MAX, Nios,
Quartus and Stratix words and logos are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or
other countries. Intel warrants performance of its FPGA and semiconductor products to current specifications in
accordance with Intel's standard warranty, but reserves the right to make changes to any products and services
at any time without notice. Intel assumes no responsibility or liability arising out of the application or use of any
information, product, or service described herein except as expressly agreed to in writing by Intel. Intel
customers are advised to obtain the latest version of device specifications before relying on any published
information and before placing orders for products or services.
*Other names and brands may be claimed as the property of others.
ISO
9001:2015
Registered
3.1. Step 1: Creating the Root Key
The root key includes public and private components. These keys are in the Privacy
Enhanced Mail Certificate (PEM) format and have the .pem extension.
Complete the following steps to generate the root private and public keys:
1. Bring up a Nios® II command shell.
Option Description
Windows On the Start menu, point to Programs ➤ Intel FPGA ➤ Nios II EDS ➤
<version> and click Nios II <version> Command Shell.
Linux In a command shell change to the <install_dir>/nios2eds and run the
following command:
./nios2_command_shell.sh
2. In the Nios II command shell, change to the directory that includes your .sof file.
3. Run the following command to create the private key which you use to generate
the root public key.
Note: You can create the private key with or without passphrase protection. The
passphrase encrypts the private key. Intel recommends following industry
best practices to use a strong, random passphrase on all private key files.
Intel also recommends changing the permissions on the private .pem file to
read-only for the owner.
Option Description
With passphrase quartus_sign --family=stratix10 --operation=make_private_pem --
curve=<prime256v1 or secp384r1> <root_private.pem>
Enter the passphrase when prompted to do so.
Without passphrase quartus_sign --family=stratix10 --operation=make_private_pem --
curve=<prime256v1 or secp384r1> --no_passphrase <root_private.pem>
4. Run the following command to create the root public key. The
root_private.pem you generated in the previous step is an input to this
command. You do not need to protect the root public key.
quartus_sign --family=stratix10 --operation=make_public_pem
<root_private.pem> <root_public.pem>
5. Convert the root public key to the Intel Quartus Prime key file format (.qky). You
use the Intel Quartus Prime Programmer or the quartus_pgm command to
program the root public key into a Intel Stratix 10 device. The .qky file is a few
hundred bytes in size.
quartus_sign --family=stratix10 --operation=make_root <root public.pem>
<root_public.qky>
3.2. Step 2: Creating the Design Signing Key
You may need one or more design signing keys. You can create separate signing keys
for the HPS and FPGA in Intel Stratix 10 SX devices. Creating multiple keys gives you
the flexibility to cancel keys if you detect an error, uncover a vulnerability, or need to
update the design.
3. Using the Authentication Feature
UG-S10SECURITY | 2020.01.15
Send Feedback Intel® Stratix® 10 Device Security User Guide
19
1. Run the following command to create the first design signature private key. You
use the design signature private key to create the design signature public key.
Note: Intel recommends following industry best practices to use a strong, random
passphrase on all private key files. The curve argument in this command
must be the same has the one you specified for the root key.
Option Description
With passphrase quartus_sign --family=stratix10 --operation=make_private_pem --
curve=<prime256v1 or secp384r1> <design0_sign_private.pem>
Enter the passphrase when prompted to do so.
Without passphrase quartus_sign --family=stratix10 --operation=make_private_pem --
curve=<prime256v1 or secp384r1> --no_passphrase
<design0_sign_private.pem>
2. Run the following command to create the design signature public key.
quartus_sign --family=stratix10 --operation=make_public_pem
<design0_sign_private.pem> <design0_sign_public.pem>
Enter your passphrase when prompted to do so.
3.3. Step 3: Appending the Design Signature Key to the Signature
Chain
This step appends design signing keys to the signature chain. The append command
implements the following operations:
•Appends the 1st Level Public Key (design0_sign_public.pem) to the Root
Public Key (root_public.qky) and generates the 1st Level Signature Chain
(design0_sign_public.qky) that includes the root public key and design0
public key.
•Signs the new 1st Level Signature Chain (design0_sign_chain.qky) using the
Root Private Key (root_private.pem).
1. Run the following command to append the first design signature key to the root
key, creating a two-level signature chain:
Setting the permission argument to 6 creates a signature that can sign the
FPGA I/O, core, PR, and HPS sections. Setting the permission argument to 2 or
4 creates a signature that can sign only FPGA or HPS sections, respectively.
Setting the cancellation argument to 0 means that eFuse0 can cancel this
signature. eFuses 0-31 are available for owner cancellation.
quartus_sign --family=stratix10 --operation=append_key \
--previous_pem=<root_private.pem> --previous_qky=<root_public.qky> \
--permission=6 --cancel=0 <design0_sign_public.pem> \
<design0_sign_chain.qky>
2. Use append_key again to create a three-level signature chain:
a. Repeat the commands in Step 1 on page 20, to generate both
design1_sign_private.pem and design1_sign_public.pem.
b. Append design1_sign_public.pem to the signature chain.
3. Using the Authentication Feature
UG-S10SECURITY | 2020.01.15
Intel® Stratix® 10 Device Security User Guide Send Feedback
20
Other manuals for Stratix 10
3
Table of contents
Other Intel Control Unit manuals
Intel
Intel AXXRMFBU2 User manual
Intel
Intel SBCEFCSW User manual
Intel
Intel AXXTPME3 Installation manual
Intel
Intel Remote Management Module 3 User manual
Intel
Intel ESM-APLC User manual
Intel
Intel 1000SX User manual
Intel
Intel FM5224 Operation manual
Intel
Intel RMT3PB080 Setup guide
Intel
Intel RealSense ID Solution F450 User manual
Intel
Intel AXXTPME5 Installation manual
