I-Intel Agilex 7 Device Security User Manual

I-Intel izibophezele ekuvikelekeni komkhiqizo futhi incoma abasebenzisi ukuthi bazijwayeze nezinsiza zokuphepha zomkhiqizo ezinikeziwe. Lezi zinsiza kufanele zisetshenziswe impilo yonke yomkhiqizo we-Intel.

2. Izici Zokuphepha Ezihleliwe

Izici zokuphepha ezilandelayo zihlelelwe ukukhishwa kwesikhathi esizayo kwesoftware ye-Intel Quartus Prime Pro Edition:

Ukuqinisekiswa Kwezokuphepha Kwe-Bitstream Ukucushwa Kabusha: Inikeza isiqinisekiso esengeziwe sokuthi ama-bitstreams Okulungisa Ngokwengxenye (PR) awakwazi ukufinyelela noma aphazamise amanye ama-bitstreams e-PR persona.

I-Device Self-Kill ye-Physical Anti-Tamper: Isula idivayisi noma impendulo yokungasebenzi kahle kwedivayisi nezinhlelo ze-eFuses ukuvimbela idivayisi ukuthi ingalungiseki futhi.

3. Imibhalo Yezokuphepha Etholakalayo

Ithebula elilandelayo libala imibhalo etholakalayo yezici zokuphepha zedivayisi ku-Intel FPGA kanye namadivayisi e-Structured ASIC:

Igama Ledokhumenti	Inhloso
Indlela Yokuphepha ye-Intel FPGAs kanye Nomsebenzisi Ohleliwe we-ASICs Umhlahlandlela	Idokhumenti yezinga eliphezulu enikeza izincazelo ezinemininingwane ye izici zokuphepha nobuchwepheshe ku-Intel Programmable Solutions Imikhiqizo. Isiza abasebenzisi ukukhetha izici zokuphepha ezidingekayo ukuze ukuhlangabezana nezinjongo zabo zokuphepha.
Intel Stratix 10 Umhlahlandlela Wokuphepha Kwedivayisi	Imiyalo yabasebenzisi be-Intel Stratix 10 amadivayisi okufanele bayisebenzise izici zokuphepha ezikhonjwe kusetshenziswa Indlela Yokuphepha Umhlahlandlela Womsebenzisi.
Intel Agilex 7 Umhlahlandlela Wokuphepha Kwedivayisi	Imiyalo yabasebenzisi be-Intel Agilex 7 amadivayisi okufanele bayisebenzise izici zokuphepha ezikhonjwe kusetshenziswa Indlela Yokuphepha Umhlahlandlela Womsebenzisi.
Umhlahlandlela Womsebenzisi Wokuphepha Kwedivayisi ye-Intel eASIC N5X	Imiyalo yabasebenzisi bamadivayisi e-Intel eASIC N5X okufanele bayisebenzise izici zokuphepha ezikhonjwe kusetshenziswa Indlela Yokuphepha Umhlahlandlela Womsebenzisi.
I-Intel Agilex 7 kanye ne-Intel eASIC N5X HPS Cryptographic Services Umhlahlandlela Womsebenzisi	Ulwazi lonjiniyela bezinhlelo ze-HPS ngokusetshenziswa kanye nokusetshenziswa kwemitapo yolwazi yesofthiwe ye-HPS ukuze ufinyelele izinsiza ze-cryptographic kuhlinzekwe yi-SDM.
I-AN-968 Black Key Provisioning Service Umhlahlandlela Wokuqala Okusheshayo	Qedela isethi yezinyathelo zokusetha i-Black Key Provisioning isevisi.

imibuzo ejwayelekile ukubuzwa

Q: Iyini inhloso ye-Security Methodology User Guide?

A: Umhlahlandlela Womsebenzisi Wendlela Yokuphepha unikeza izincazelo ezinemininingwane yezici zokuphepha nobuchwepheshe kumikhiqizo ye-Intel Programmable Solutions. Isiza abasebenzisi ukuthi bakhethe izici zokuphepha ezidingekayo ukuze bahlangabezane nezinjongo zabo zokuphepha.

Q: Ngingayithola kuphi i-Intel Agilex 7 Device Security User Guide?

A: I-Intel Agilex 7 Device Security User Guide ingatholakala ku-Intel Resource and Design Center webindawo.

Q: Iyini isevisi yokuhlinzeka ngokhiye omnyama?

A: Isevisi Yokuhlinzeka Ngokhiye Omnyama iyisevisi ehlinzeka ngesethi ephelele yezinyathelo zokusetha ukuhlinzekwa okubalulekile kokusebenza okuphephile.

View Fullscreen

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi
Ibuyekezelwe i-Intel® Quartus® Prime Design Suite: 23.1

Inguqulo Ye-inthanethi Thumela Impendulo

UG-20335

683823 2023.05.23

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 2

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 3

683823 | 2023.05.23 Thumela Impendulo
1. Intel Agilex® 7

Ukuphepha Kwedivayisi Kuphelileview

I-Intel® iklama amadivayisi we-Intel Agilex® 7 anezingxenyekazi zekhompiyutha ezizinikele, ezilungiseka kakhulu kanye ne-firmware.
Lo mbhalo uqukethe imiyalelo yokukusiza ukuthi usebenzise isofthiwe ye-Intel Quartus® Prime Pro Edition ukuze usebenzise izici zokuphepha kumadivayisi akho e-Intel Agilex 7.
Ukwengeza, Indlela Yokuphepha ye-Intel FPGAs kanye ne-Structured ASICs User Guide iyatholakala ku-Intel Resource & Design Center. Lo mbhalo uqukethe izincazelo ezinemininingwane yezici zokuphepha nobuchwepheshe obutholakala ngemikhiqizo ye-Intel Programmable Solutions ukukusiza ukhethe izici zokuphepha ezidingekayo ukuze uhlangabezane nezinjongo zakho zokuphepha. Xhumana ne-Intel Support ngenombolo yesithenjwa 14014613136 ukuze ufinyelele Indlela Yokuphepha ye-Intel FPGAs kanye Nomhlahlandlela Womsebenzisi We-ASICs Akhiwe.
Umbhalo uhlelwe ngale ndlela elandelayo: · Ukuqinisekiswa Nokugunyazwa: Ihlinzeka ngeziyalezo zokudala
okhiye bokufakazela ubuqiniso namaketango esiginesha, sebenzisa izimvume nokuhoxiswa, izinto zokusayina, nezici zokuqinisekisa uhlelo kumadivayisi we-Intel Agilex 7. · Ukubethela kwe-AES Bitstream: Inikeza imiyalelo yokudala ukhiye wempande we-AES, ukubethela ukucupha ama-bitstreams, nokuhlinzeka ngokhiye wempande we-AES kumadivayisi we-Intel Agilex 7. · Ukunikezwa Kwedivayisi: Kuhlinzeka ngemiyalo yokusebenzisa i-Intel Quartus Prime Programmer kanye ne-Secure Device Manager (SDM) i-firmware yokuhlinzeka ukuze kuhlelwe izici zokuphepha kumadivayisi we-Intel Agilex 7. · Izici Ezithuthukisiwe: Ihlinzeka ngeziyalezo zokunika amandla izici zokuphepha ezithuthukisiwe, okuhlanganisa ukugunyazwa kokususa iphutha okuvikelekile, ukulungisa iphutha Kwesistimu Yokucubungula Okuqinile (HPS), kanye nokubuyekezwa kwesistimu yesilawuli kude.
1.1. Ukuzibophezela Ekuvikelekeni Komkhiqizo
Ukuzibophezela okuhlala isikhathi eside kwe-Intel kwezokuphepha akukaze kube namandla. I-Intel incoma ngokuqinile ukuthi ujwayelane nezinsiza zokuphepha zomkhiqizo wethu futhi uhlele ukuzisebenzisa impilo yonke yomkhiqizo wakho we-Intel.
Ulwazi Oluhlobene · Ukuphepha Komkhiqizo kwa-Intel · Izeluleko Zesikhungo Sokuphepha Komkhiqizo we-Intel

Inkampani ye-Intel Wonke Amalungelo Agodliwe. I-Intel, ilogo ye-Intel, nezinye izimpawu ze-Intel yizimpawu zokuthengisa ze-Intel Corporation noma izinkampani ezingaphansi kwayo. I-Intel iqinisekisa ukusebenza kwe-FPGA yayo kanye nemikhiqizo yesemiconductor ekucacisweni kwamanje ngokuvumelana newaranti evamile ye-Intel, kodwa igodla ilungelo lokwenza izinguquko kunoma imiphi imikhiqizo namasevisi nganoma yisiphi isikhathi ngaphandle kwesaziso. I-Intel ayithathi mthwalo noma isikweletu esivele ngenxa yesicelo noma ukusetshenziswa kwanoma yiluphi ulwazi, umkhiqizo, noma isevisi echazwe lapha ngaphandle kwalapho okuvunyelwene ngakho ngokubhaliwe yi-Intel. Amakhasimende e-Intel ayelulekwa ukuthi athole inguqulo yakamuva yokucaciswa kwedivayisi ngaphambi kokuthembela kunoma yiluphi ulwazi olushicilelwe nangaphambi kokufaka ama-oda emikhiqizo noma amasevisi. *Amanye amagama namabhrendi angafunwa njengempahla yabanye.

I-ISO 9001:2015 Ibhalisiwe

1. I-Intel Agilex® 7 Ukuphepha Kwedivayisi Kuphelileview 683823 | 2023.05.23

1.2. Izici Zokuphepha Ezihleliwe

Izici ezishiwo kulesi sigaba zihlelelwe ukukhishwa kwesikhathi esizayo kwesofthiwe ye-Intel Quartus Prime Pro Edition.

Qaphela:

Imininingwane ekulesi sigaba ingeyokuqala.

1.2.1. Ukuqinisekiswa Kwezokuphepha Zokucushwa Kabusha kwe-Bitstream
Ukuqinisekisa ukuvikeleka kwe-bitstream kokulungisa ingxenye (PR) kusiza ukunikeza isiqinisekiso esengeziwe sokuthi ama-bitstreams e-PR awakwazi ukufinyelela noma aphazamise amanye ama-bitstreams e-PR.

1.2.2. I-Device Self-Kill ye-Physical Anti-Tamper
Ukuzibulala kwedivayisi kwenza ukusula idivayisi noma impendulo yokungasebenzi kwedivayisi futhi ngaphezu kwalokho ihlela ama-eFuses ukuvimbela idivayisi ukuthi ingalungiseki futhi.

1.3. Imibhalo Yezokuphepha Etholakalayo

Ithebula elilandelayo libala imibhalo etholakalayo yezici zokuphepha zedivayisi ku-Intel FPGA kanye namadivayisi ahleliwe e-ASIC:

Ithebula 1.

Imibhalo Etholakalayo Yokuphepha Kwedivayisi

Igama Ledokhumenti
Indlela Yokuphepha ye-Intel FPGAs kanye Nomhlahlandlela Womsebenzisi Ohleliwe we-ASICs

Inhloso
Idokhumenti yezinga eliphezulu equkethe izincazelo ezinemininingwane yezici zokuphepha nobuchwepheshe kumikhiqizo ye-Intel Programmable Solutions. Ihloselwe ukukusiza ukuthi ukhethe izici zokuphepha ezidingekayo ukuze uhlangabezane nezinjongo zakho zokuphepha.

I-ID Yombhalo 721596

Intel Stratix 10 Umhlahlandlela Wokuphepha Kwedivayisi
Intel Agilex 7 Umhlahlandlela Wokuphepha Kwedivayisi

Kubasebenzisi bedivayisi ye-Intel Stratix 10, lo mhlahlandlela uqukethe imiyalelo yokusebenzisa isofthiwe ye-Intel Quartus Prime Pro Edition ukuze kusetshenziswe izici zokuphepha ezikhonjwe kusetshenziswa Umhlahlandlela Womsebenzisi Wendlela Yokuphepha.
Kubasebenzisi bedivayisi ye-Intel Agilex 7, lo mhlahlandlela uqukethe imiyalelo yokusebenzisa isofthiwe ye-Intel Quartus Prime Pro Edition ukuze kusetshenziswe izici zokuphepha ezikhonjwe kusetshenziswa Umhlahlandlela Womsebenzisi Wendlela Yokuphepha.

683642 683823

Umhlahlandlela Womsebenzisi Wokuphepha Kwedivayisi ye-Intel eASIC N5X

Kubasebenzisi bamadivayisi e-Intel eASIC N5X, lo mhlahlandlela uqukethe imiyalelo yokusebenzisa isofthiwe ye-Intel Quartus Prime Pro Edition ukuze kusetshenziswe izici zokuphepha ezikhonjwe kusetshenziswa Umhlahlandlela Womsebenzisi Wendlela Yokuphepha.

626836

I-Intel Agilex 7 kanye ne-Intel eASIC N5X HPS Cryptographic Services Umhlahlandlela Womsebenzisi

Lo mhlahlandlela uqukethe ulwazi lokusiza onjiniyela bezinhlelo ze-HPS ekusebenziseni nasekusetshenzisweni kwemitapo yolwazi yesofthiwe ye-HPS ukuze bafinyelele izinsiza ze-cryptographic ezihlinzekwa yi-SDM.

713026

I-AN-968 Black Key Provisioning Service Umhlahlandlela Wokuqala Okusheshayo

Lo mhlahlandlela uqukethe isethi ephelele yezinyathelo zokusetha isevisi Yokuhlinzeka Ngokhiye Omnyama.

739071

Indawo Intel Resource kanye
Isikhungo Sokuklama
I-Intel.com
I-Intel.com
I-Intel Resource kanye ne-Design Center
I-Intel Resource kanye ne-Design Center
I-Intel Resource kanye ne-Design Center

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 5

683823 | 2023.05.23 Thumela Impendulo

Ukuqinisekisa kanye Nokugunyazwa

Ukuze unike amandla izici zokuqinisekisa zedivayisi ye-Intel Agilex 7, uqala ngokusebenzisa isofthiwe ye-Intel Quartus Prime Pro Edition namathuluzi ahambisanayo ukuze wakhe uchungechunge lwesiginesha. Uchungechunge lwesiginesha luqukethe ukhiye wempande, ukhiye oyedwa noma ngaphezulu wokusayina, kanye nokugunyazwa okusebenzayo. Usebenzisa uchungechunge lwesiginesha kuphrojekthi yakho ye-Intel Quartus Prime Pro Edition kanye nohlelo oluhlanganisiwe files. Sebenzisa imiyalelo Ekuhlinzekeni Kwedivayisi ukuze uhlele ukhiye wakho wempande kumadivayisi we-Intel Agilex 7.
Ulwazi Oluhlobene
Ukunikezwa Kwedivayisi ekhasini 25

2.1. Ukudala Uchungechunge Lwesiginesha
Ungasebenzisa ithuluzi le-quartus_sign noma ukusebenzisa ireferensi ye-agilex_sign.py ukuze wenze imisebenzi yesiginesha. Lo mbhalo uhlinzeka ngesibampusebenzisa i-quartus_sign.
Ukuze usebenzise ukusetshenziswa kwereferensi, ufaka ucingo kumhumushi we-Python ofakwe ne-Intel Quartus Prime software futhi ushiye inketho ethi -family=agilex; zonke ezinye izinketho ziyefana. Okwesiboneloample, umyalo we-quartus_sign otholakala kamuva kulesi sigaba
quartus_sign -family=agilex -operation=make_root root_public.pem root.qky ingaguqulwa ibe ucingo olulinganayo ekusetshenzisweni kwesithenjwa ngendlela elandelayo
pgm_py agilex_sign.py -operation=make_root root_public.pem root.qky

Isofthiwe ye-Intel Quartus Prime Pro Edition ihlanganisa amathuluzi e-quartus_sign, pgm_py, kanye ne-agilex_sign.py. Ungasebenzisa ithuluzi legobolondo le-Nios® II, elisetha ngokuzenzakalelayo okuguquguqukayo kwendawo ukuze ufinyelele amathuluzi.

Landela le miyalo ukuze uveze igobolondo lomyalo we-Nios II. 1. Letha igobolondo lomyalo we-Nios II.

Inketho yeWindows
I-Linux

Incazelo
Kumenyu yokuqala, khomba ku-Intel FPGA Nios II EDS bese uchofoza Nios II Command Shell.
Kugobolondo lomyalo shintsha ku- /nios2eds bese usebenzisa umyalo olandelayo:
./nios2_command_shell.sh

I-exampLes kulesi sigaba thatha iketango lesiginesha kanye ne-bitstream yokumisa files atholakala ohlwini lwemibhalo olusebenzayo lwamanje. Uma ukhetha ukulandela i-examples lapho ukhiye files zigcinwa ku file uhlelo, labo examples sithathe ukhiye files kukhona

I-ISO 9001:2015 Ibhalisiwe

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23
etholakala ohlwini lwemibhalo olusebenzayo lwamanje. Ungakhetha ukuthi yiziphi izinkomba ozozisebenzisa, futhi amathuluzi asekela isihlobo file izindlela. Uma ukhetha ukugcina ukhiye files kwe file ohlelweni, kufanele uphathe ngokucophelela izimvume zokufinyelela kulezo files.
I-Intel incoma ukuthi kusetshenziswe i-Hardware Security Module (HSM) etholakala ngokuthengiswayo ukuze kugcinwe okhiye be-cryptographic nokwenza imisebenzi yokubethela. Ithuluzi le-quartus_sign kanye nokusetshenziswa kwereferensi kuhlanganisa I-Public Key Cryptography Standard #11 (PKCS #11) Application Programming Interface (API) ukuze ihlanganyele ne-HSM ngenkathi kwenziwa imisebenzi yesiginesha. Ukuqaliswa kwesithenjwa se-agilex_sign.py kufaka phakathi i-interface abstract kanye ne-example interface kuya SoftHSM.
Ungasebenzisa lezi example interfaces ukusebenzisa isixhumi esibonakalayo ku-HSM yakho. Bheka imibhalo evela kumthengisi wakho we-HSM ukuze uthole ulwazi olwengeziwe mayelana nokusebenzisa isixhumi esibonakalayo kanye nokusebenzisa i-HSM yakho.
I-SoftHSM iwukusetshenziswa kwesofthiwe yedivayisi ye-cryptographic ejwayelekile ene-PKCS #11 interface eyenziwe yatholakala iphrojekthi ye-OpenDNSSEC®. Ungathola ulwazi olwengeziwe, okuhlanganisa imiyalelo yokuthi ungalanda kanjani, wakhe, futhi ufake i-OpenHSM, kuphrojekthi ye-OpenDNSSEC. I-exampkulesi sigaba sebenzisa inguqulo yeSoftHSM 2.6.1. I-exampLes kulesi sigaba ngokungeziwe sebenzisa ithuluzi le-pkcs11-ithuluzi elivela ku-OpenSC ukwenza imisebenzi eyengeziwe ye-PKCS #11 ngethokheni ye-SoftHSM. Ungathola ulwazi olwengeziwe, okuhlanganisa imiyalelo yokuthi ungalanda, wakhe, futhi ufake kanjani i-pkcs11tool ku-OpenSC.
Ulwazi Oluhlobene
· Iphrojekthi ye-OpenDNSSEC Isisayini sendawo esisekelwe kunqubomgomo sokwenza ngokuzenzakalelayo inqubo yokulandelela okhiye be-DNSSEC.
· Ulwazi lwe-SoftHSM mayelana nokuqaliswa kwesitolo se-cryptographic esifinyeleleka ngesixhumi esibonakalayo se-PKCS #11.
· I-OpenSC Ihlinzeka ngeqoqo lemitapo yolwazi nezinsiza ezikwazi ukusebenza ngamakhadi ahlakaniphile.
2.1.1. Ukudala amapheya abalulekile wokuqinisekisa endaweni File Uhlelo
Usebenzisa ithuluzi le-quartus_sign ukuze udale amapheya okhiye bokuqinisekisa endaweni file isistimu esebenzisa i-make_private_pem kanye nemisebenzi yethuluzi_le-make_public_pem. Uqala ukukhiqiza ukhiye oyimfihlo ngomsebenzi we-make_private_pem. Ucacisa ijika eliyielliptic elizosetshenziswa, ukhiye oyimfihlo fileigama, futhi ngokuzikhethela ukuthi uvikele ukhiye oyimfihlo ngomushwana wokungena. I-Intel incoma ukusetshenziswa kwejika le-secp384r1 nokulandela imikhuba ehamba phambili yomkhakha ukuze udale umushwana wokungena oqinile, ongahleliwe kuwo wonke ukhiye oyimfihlo. files. I-Intel futhi incoma ukukhawulela i- file izimvume zesistimu kukhiye oyimfihlo .pem files ukufundwa ngumnikazi kuphela. Uthola ukhiye osesidlangalaleni kukhiye oyimfihlo usebenzisa make_public_pem operation. Kuyasiza ukuqamba ukhiye .pem files ngokuchazayo. Lo mbhalo usebenzisa ingqungquthela _ .pem kusibonelo esilandelayoampLes.
1. Kugobolondo lomyalo we-Nios II, sebenzisa umyalo olandelayo ukuze udale ukhiye oyimfihlo. Ukhiye oyimfihlo, oboniswe ngezansi, usetshenziswa njengokhiye wempande ku-ex yakamuvaamplokho kudala uchungechunge lwesiginesha. Amadivayisi we-Intel Agilex 7 asekela okhiye bempande abaningi, ukuze nawe

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 7

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

phinda lesi sinyathelo ukuze udale inombolo yakho edingekayo yokhiye bempande. ExampLes kule dokhumenti konke kubhekisele kukhiye wokuqala wempande, noma ungakha amaketango esiginesha ngendlela efanayo nanoma yimuphi ukhiye wempande.

Inketho Ngomushwana wokungena

Incazelo
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 root0_private.pem Faka umushwana wokungena lapho uyalwa ukwenza kanjalo.

Ngaphandle komushwana wokungena

quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 -no_passphrase root0_private.pem

2. Qalisa umyalo olandelayo ukuze udale ukhiye osesidlangalaleni usebenzisa ukhiye oyimfihlo okhiqizwe esinyathelweni sangaphambilini. Awudingi ukuvikela ubumfihlo bokhiye womphakathi.
quartus_sign -family=agilex -operation=make_public_pem root0_private.pem root0_public.pem
3. Qalisa imiyalo futhi ukuze udale ipheya yokhiye esetshenziswa njengokhiye wokusayina ochungechungeni lwesiginesha.
quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 design0_sign_private.pem

quartus_sign -family=agilex -operation=make_public_pem design0_sign_private.pem design0_sign_public.pem

2.1.2. Ukudala amapheya Abalulekile Wokuqinisekisa ku-SoftHSM
I-SoftHSM exampLes kulesi sahluko ziyavumelana. Amapharamitha athile ancike ekufakweni kwakho kweSoftHSM kanye nokuqaliswa kwethokheni ngaphakathi kweSoftHSM.
Ithuluzi le-quartus_sign lincike kulabhulali ye-PKCS #11 API evela ku-HSM yakho.
I-exampnjengoba kulesi sigaba sithatha ngokuthi umtapo wezincwadi we-SoftHSM ufakwe kwenye yalezi zindawo ezilandelayo: · /usr/local/lib/softhsm2.so ku-Linux · C:SoftHSM2libsofthsm2.dll kunguqulo engu-32-bit ye-Windows · C:SoftHSM2libsofthsm2-x64 .dll kunguqulo engu-64-bit ye-Windows.
Qalisa ithokheni ngaphakathi kweSoftHSM usebenzisa ithuluzi le-softhsm2-util:
softhsm2-util –init-token –lebula agilex-token –pin agilex-token-pin –so-pin agilex-so-pin –free
Imingcele yenketho, ikakhulukazi ilebula yethokheni nephinikhodi yethokheni yi-exampezisetshenziswa kakhulu kulesi sahluko. I-Intel incoma ukuthi ulandele imiyalelo evela kumthengisi wakho we-HSM ukuze udale futhi uphathe amathokheni nokhiye.
Udala amapheya okhiye bokuqinisekisa usebenzisa insiza ye-pkcs11-ithuluzi ukuze uxhumane nethokheni ku-SoftHSM. Esikhundleni sokubhekisela kukhiye oyimfihlo nowomphakathi .pem files kwe file uhlelo exampOkulandelayo, ubhekisela ekubhanqweni kokhiye ngelebula layo futhi ithuluzi likhetha ukhiye ofanele ngokuzenzakalelayo.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 8

Thumela Impendulo

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

Qalisa imiyalo elandelayo ukuze udale ipheya yokhiye esetshenziswa njengokhiye wempande ku-ex yakamuvaampLes kanye nepheya yokhiye esetshenziswa njengokhiye wokusayina wedizayini ochungechungeni lwesiginesha:
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen -mechanism ECDSA-KEY-PAIR-GEN -key-type EC :secp384r1 -ukusetshenziswa-uphawu -ilebula izimpande0 -id 0
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen -mechanism ECDSA-KEY-PAIR-GEN -key-type EC :secp384r1 -usage-sign -label design0_sign -id 1

Qaphela:

Inketho ye-ID kulesi sinyathelo kufanele ihluke kukhiye ngamunye, kodwa isetshenziswe yi-HSM kuphela. Le nketho ye-ID ayihlobene ne-ID yokukhansela engukhiye enikezwe ochungechungeni lwesiginesha.

2.1.3. Ukudala I-Signature Chain Root Entry
Guqula ukhiye osesidlangalaleni oyimpande ube ukufakwa kwempande yesiginesha, egcinwe endaweni file isistimu ngefomethi ye-Intel Quartus Prime key (.qky). file, ngokusebenza kwe-make_root. Phinda lesi sinyathelo ngokhiye ngamunye wempande owukhiqizayo.
Qalisa umyalo olandelayo ukuze udale iketango lesiginesha elinokufakwa kwempande, usebenzisa ukhiye womphakathi wempande osuka ku file uhlelo:
quartus_sign -family=agilex -operation=make_root -key_type=owner root0_public.pem root0.qky
Qalisa umyalo olandelayo ukuze udale iketango lesiginesha elinokufakwa kwempande, usebenzisa ukhiye wempande ovela kuthokheni yeSoftHSM esungulwe esigabeni sangaphambilini:
quartus_sign –family=agilex –operation=make_root –key_type=owner –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm2. ” impande0 impande0.qky

2.1.4. Ukudala Ukufakwa Kwesiginesha Kokhiye Womphakathi
Dala ukhiye omusha osesidlangalaleni wochungechunge lwesiginesha ngokusebenza kokhiye_we-append. Ucacisa uchungechunge lwesiginesha yangaphambili, ukhiye oyimfihlo wokufakwa kokugcina ochungechungeni lwesiginesha yangaphambili, ukhiye osesidlangalaleni wezinga elilandelayo, izimvume kanye ne-ID yokukhansela oyinikeza ukhiye womphakathi wezinga elilandelayo, kanye nochungechunge olusha lwesiginesha. file.
Qaphela ukuthi umtapo wezincwadi we-softHSM awutholakali ngokufakwa kwe-Quartus futhi kunalokho udinga ukufakwa ngokuhlukana. Ukuze uthole ulwazi olwengeziwe mayelana ne-softHSM bheka Isigaba Sokudala Uchungechunge Lwesiginesha ngenhla.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 9

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23
Kuye ngokusebenzisa kwakho okhiye ku file kusistimu noma ku-HSM, usebenzisa okukodwa kwalokhu okulandelayoample iyala ukufaka ukhiye womphakathi we-design0_sign kuchungechunge lwesiginesha yempande edalwe esigabeni sangaphambilini:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=6 –cancel=0 –input_pem=design0_sign_public.pem design0_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” root2 –previous_qky=root0.qky –permission=0 –cancel=6 –input_keyname=design0_sign design0_sign_chain.qky
Ungaphinda umsebenzi wokhiye_we-append izikhathi ezimbili ngaphezulu ukuze uthole ubuningi bokufakwa kokhiye basesidlangalaleni abathathu phakathi kwempande nokufakwa kwebhulokhi kanhlokweni kunoma iyiphi iketango elilodwa lesiginesha.
I-ex elandelayoampfuthi uthatha ukuthi udale omunye ukhiye wasesidlangalaleni wokuqinisekisa onezimvume ezifanayo futhi wabela i-ID 1 yokukhansela ebizwa ngokuthi i-design1_sign_public.pem, futhi uhlanganisa lo khiye ochungechungeni lwesiginesha kusukela ku-ex yangaphambilini.ample:
quartus_sign –family=agilex –operation=append_key –previous_pem=design0_sign_private.pem –previous_qky=design0_sign_chain.qky –permission=6 –cancel=1 –input_pem=design1_sign_public.pem design1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” design2_sign –previous_qky=design0_sign_chain.qky –permission=0 –cancel=6 –input_keyname=design1_sign design1_sign_chain.qky
Amadivayisi we-Intel Agilex 7 afaka isibali sokukhansela sokhiye esingeziwe ukuze kube lula ukusetshenziswa kokhiye ongashintsha ngezikhathi ezithile kuyo yonke impilo yedivayisi ethile. Ungase ukhethe lesi sibali sokukhansela sikakhiye ngokushintsha impikiswano yenketho ethi -khansela ibe yi-pts:pts_value.
2.2. Ukusayina i-Bitstream yokucushwa
Amadivayisi we-Intel Agilex 7 asekela izibali Zenombolo Yokuphepha (SVN), ezikuvumela ukuthi uhoxise ukugunyazwa kwento ngaphandle kokukhansela ukhiye. Unikeza ikhawunta ye-SVN kanye nenani elifanele le-SVN eliphikisayo ngesikhathi sokusayinda noma iyiphi into, njengesigaba se-bitstream, i-firmware .zip file, noma isitifiketi esihlangene. Wabela ikhawunta ye-SVN nenani le-SVN usebenzisa inketho ethi -cancel kanye ne-svn_counter:svn_value njengengxabano. Amanani avumelekile we-svn_counter athi svnA, svnB, svnC, kanye ne-svnD. I-svn_value iyinani eliphelele ngaphakathi kobubanzi [0,63].

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 10

Thumela Impendulo

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23
2.2.1. I-Quartus Key File Isabelo
Ucacisa uchungechunge lwesiginesha kuphrojekthi yakho yesofthiwe ye-Intel Quartus Prime ukuze unike amandla isici sokuqinisekisa salowo mklamo. Kusuka kumenyu Yezabelo, khetha Idivayisi Yedivayisi bese Uphina Ukhiye Wokuvikeleka weQuartus Key File, bese upheqa kuchungechunge lwesiginesha .qky file udale ukuze usayine lo mklamo.
Umfanekiso 1. Nika amandla Ukucushwa kwe-Bitstream Setting

Kungenjalo, ungase wengeze isitatimende sesabelo esilandelayo ku-Intel Quartus Prime Settings yakho file (.qsf):
set_global_assignment -igama QKY_FILE design0_sign_chain.qky
Ukukhiqiza i-.sof file kusukela kumklamo ohlanganiswe ngaphambilini, ohlanganisa lesi silungiselelo, kusukela kumenyu Yokucubungula, khetha Qala Isihlanganisi. Okukhiphayo okusha .sof file ihlanganisa imisebenzi ezokwenziwa ukunika amandla ukuqinisekiswa ngochungechunge lwesiginesha enikeziwe.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 11

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23
2.2.2. I-Firmware ye-SDM yokusayina ngokubambisana
Usebenzisa ithuluzi le-quartus_sign ukuze ukhiphe, usayine, futhi ufake i-firmware ye-SDM esebenzayo .zip file. I-firmware esayinwe ngokuhlanganyela ibe isifakwa wuhlelo file ithuluzi lokukhiqiza uma uguqula i-.sof file ku-bitstream yokucushwa .rbf file. Usebenzisa imiyalo elandelayo ukuze udale iketango elisha lesiginesha futhi usayine i-firmware ye-SDM.
1. Dala ipheya yokhiye wokusayina omusha.
a. Dala ipheya yokhiye wokusayina omusha ku file uhlelo:
quartus_sign –family=agilex –operation=make_private_pem –curve=secp384r1 firmware1_private.pem
quartus_sign –family=agilex –operation=make_public_pem firmware1_private.pem firmware1_public.pem
b. Dala ipheya yokhiye wokusayina omusha ku-HSM:
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen -mechanism ECDSA-KEY-PAIR-GEN -key-type EC :secp384r1 -usage-sign -label firmware1 -id 1
2. Dala uchungechunge lwesiginesha olusha oluqukethe ukhiye omusha osesidlangalaleni:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x1 –cancel=1 –input_pem=firmware1_public.pem firmware1_sign_chain.qky
quartus_sign –family=agilex –operation=append_key –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” root2 –previous_qky=root0.qky –permission=0 –cancel=1 –input_keyname=firmware1 firmware1_sign_chain.qky
3. Kopisha i-firmware .zip file kusuka kumkhombandlela wokufakwa kwesoftware ye-Intel Quartus Prime Pro Edition ( /devices/programmer/firmware/ agilex.zip) kumkhombandlela osebenzayo wamanje.
quartus_sign -family=agilex -get_firmware=.
4. Sayina i-firmware .zip file. Ithuluzi liziqaqa ngokuzenzakalelayo i-.zip file futhi umuntu ngamunye asayine yonke i-firmware .cmf files, bese yakhe kabusha i-.zip file ukusetshenziswa ngamathuluzi ezigabeni ezilandelayo:
quartus_sign –family=agilex –operation=sign –qky=firmware1_sign_chain.qky –cancel=svnA:0 –pem=firmware1_private.pem agilex.zip sign_agilex.zip
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 12

Thumela Impendulo

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

-keyname=firmware1 -cancel=svnA:0 -qky=firmware1_sign_chain.qky agilex.zip sign_agilex.zip

2.2.3. Ukusayina Ukucushwa kwe-Bitstream Ukusebenzisa i-quartus_sign Command
Ukuze usayine ukucushwa kwe-bitstream usebenzisa umyalo we-quartus_sign, uqala ukuguqula i-.sof file kumakanambambili ongasayiniwe file (.rbf) ifomethi. Ungakhetha ngokukhetha i-firmware esayinwe ngokuhlanganyela usebenzisa inketho ethi fw_source phakathi nesinyathelo sokuguqula.
Ungakwazi ukukhiqiza i-bitstream eluhlaza engasayiniwe ngefomethi ethi .rbf usebenzisa umyalo olandelayo:
quartus_pfg c o fw_source=signed_agilex.zip -o sign_later=ON design.sof unsigned_bitstream.rbf
Qalisa omunye wemiyalo elandelayo ukuze usayine i-bitstream usebenzisa ithuluzi le-quartus_sign kuye ngendawo yokhiye bakho:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_bitstream.rbfsign_bitstream.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_bitstream.rbfsign_bitstream.rbf
Ungakwazi ukuguqula i-.rbf esayiniwe files kokunye ukucushwa kwe-bitstream file amafomethi.
Okwesiboneloample, uma usebenzisa i-Jam* Standard Test and Programming Language (STAPL) Player ukuhlela ukusakaza kancane phezu kuka-JTAG, usebenzisa umyalo olandelayo ukuguqula i-.rbf file kufomethi ye-.jam edingwa yi-Jam STAPL Player:
quartus_pfg -c sign_bitstream.rbf sign_bitstream.jam

2.2.4. Ukusekela Kabusha Ukucushwa Kabusha Kweziphathimandla Eziningi

Amadivayisi e-Intel Agilex 7 asekela ukulungiselelwa kabusha kwengxenye ukuqinisekiswa kwegunya eliningi, lapho umnikazi wedivayisi edala futhi asayine i-bitstream emile, futhi umnikazi we-PR ohlukile udala futhi asayine i-PR persona bitstreams. Amadivayisi we-Intel Agilex 7 asebenzisa ukusekela okunegunya eliningi ngokunikeza izikhala zokhiye wokuqala wokuqinisekisa kudivayisi noma umnikazi we-bitstream omile futhi anikeze isikhala sokhiye sokufakazela ubuqiniso sokugcina kumnikazi we-bitstream wokulungisa ingxenye.
Uma isici sokufakazela ubuqiniso sinikwe amandla, khona-ke zonke izithombe zomuntu we-PR kufanele zisayinwe, okuhlanganisa nezithombe ze-PR yomuntu siqu esidleke. Izithombe ze-PR persona zingasayinwa umnikazi wedivayisi noma umnikazi we-PR; kodwa, ama-bitstreams esifunda esimile kufanele asayinwe umnikazi wedivayisi.

Qaphela:

Ukubethela Ukumiswa Kabusha Okuncane okumile kanye nokubethela kwe-bitstream yomuntu lapho ukusekela kwamagunya amaningi kunikwe amandla kuhlelwa ekukhishweni okuzayo.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 13

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

Umfanekiso 2.

Ukuqalisa ukusetha kabusha ingxenye yosekelo lwegunya eliningi kudinga izinyathelo ezimbalwa:
1. Idivayisi noma umnikazi we-bitstream omile ukhiqiza ukhiye oyedwa noma ngaphezulu wokuqinisekisa njengoba kuchazwe kokuthi Ukudala Amapheya Okhiye Wokuqinisekisa ku-SoftHSM ekhasini 8, lapho inketho ethi -key_type inomnikazi wenani.
2. Umnikazi we-bitstream wokusetha kabusha ingxenye ukhiqiza ukhiye wempande wokuqinisekisa kodwa ushintsha inani lenketho ye--key_type libe umnikazi_wesibili.
3. Kokubili i-bitstream emile kanye nabanikazi bedizayini yokuhlela kabusha ingxenye baqinisekisa ukuthi ibhokisi lokuhlola lokusekela Ukugunyazwa Okuningi linikwe amandla kuthebhu Yedivayisi Yemisebenzi Ezokwenziwa kanye nethebhu Yokuvikeleka Kwezinketho Zokuphina.
I-Intel Quartus Prime Nika amandla Izilungiselelo Zenketho Yegunya Eliningi

4. Kokubili i-bitstream emile kanye nabanikazi bedizayini yokuhlela kabusha ngokwengxenye bakha amaketango esiginesha ngokusekelwe kukhiye wabo oyinhloko njengoba kuchazwe kokuthi Ukudala Uchungechunge Lwesiginesha ekhasini lesi-6.
5. Kokubili i-bitstream emile kanye nabanikazi bedizayini yokuhlela kabusha ingxenye baguqula imiklamo yabo ehlanganisiwe ibe ifomethi ye-.rbf files bese usayina i-.rbf files.
6. Idivayisi noma umnikazi we-bitstream omile ukhiqiza futhi asayine isitifiketi esihlangene sokugunyazwa kokhiye womphakathi we-PR.
quartus_pfg –ccert o ccert_type=PR_PUBKEY_PROG_AUTH o owner_qky_file=”root0.qky;root1.qky” unsigned_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=s10-token –user_pin=s10-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_pr_pubkey_prog.ccert signed_pr_pubkey_prog.ccert

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 14

Thumela Impendulo

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

7. Idivayisi noma umnikazi we-bitstream omile uhlinzekela ama-hashe wokhiye wempande wokuqinisekisa kudivayisi, bese ihlela isitifiketi sokugunyazwa kokhiye womphakathi we-PR, futhi ekugcineni ihlinzeke ngokhiye wempande womnikazi we-bitstream wokusetha kabusha kudivayisi. Isigaba Sokuhlinzeka Ngedivayisi sichaza le nqubo yokuhlinzeka.
8. Idivayisi ye-Intel Agilex 7 ilungiselelwe ngesifunda esimile .rbf file.
9. Idivayisi ye-Intel Agilex 7 ilungiselelwe kabusha ngokwengxenye ngedizayini ye-persona .rbf file.
Ulwazi Oluhlobene
· Ukwakha Uchungechunge Lwesiginesha ekhasini lesi-6
· Ukudala amapheya Abalulekile Wokuqinisekisa ku-SoftHSM ekhasini lesi-8
· Ukunikezwa Kwedivayisi ekhasini 25

2.2.5. Iqinisekisa Amaketango Esiginesha e-Bitstream
Ngemuva kokuthi udale amaketango esiginesha kanye nama-bitstreams asayiniwe, ungaqinisekisa ukuthi i-bitstream esayiniwe iyilungiselela kahle idivayisi ehlelwe ngokhiye wempande onikeziwe. Okokuqala usebenzisa umsebenzi we-fuse_info womyalo we-quartus_sign ukuze uphrinte i-hashi yokhiye osesidlangalaleni embhalweni file:
quartus_sign -family=agilex -operation=fuse_info root0.qky hash_fuse.txt

Bese usebenzisa inketho ye-check_integrity yomyalo we-quartus_pfg ukuze uhlole uchungechunge lwesiginesha esigabeni ngasinye se-bitstream esayiniwe ngefomethi ye-.rbf. Inketho ye-check_integrity iphrinta imininingwane elandelayo:
· Isimo sokuhlolwa okuphelele kobuqotho be-bitstream
· Okuqukethwe kokufakiwe ngakunye ochungechungeni lwesiginesha olunamathiselwe esigabeni ngasinye ku-bitstream .rbf file,
· Inani le-fuse elilindelekile le-hashi yokhiye wasesidlangalaleni oyimpande kuchungechunge lwesiginesha ngayinye.
Inani elivela kokuphumayo kwe-fuse_info kufanele lifane nemigqa ye-Fuse kokuphumayo_kobuqotho.
quartus_pfg -hlola_ubuqotho sign_bitstream.rbf

Nansi i-example yokukhishwa komyalo we-check_integrity:

Ulwazi: Umyalo: quartus_pfg -check_integrity sign_bitstream.rbf Isimo sobuqotho: Kulungile

Ingxenye

Uhlobo: CMF

Isichazi Sesiginesha…

Iketango lesiginesha #0 (okufakiwe: -1, offset: 96)

Ukungena #0

Fuse: 34FD3B5F 7829001F DE2A24C7 3A7EAE29 C7786DB1 D6D5BC3C 52741C79

72978B22 0731B082 6F596899 40F32048 AD766A24

Khiqiza ukhiye…

Ijika: secp384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Khiqiza ukhiye…

Ijika: secp384r1

: 29C39C3064AE594A36DAA85602D6AF0B278CBB0B207C4D97CFB6967961E5F0ECA

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 15

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

456FF53F5DBB3A69E48A042C62AB6B0

: 3E81D40CBBBEAC13601247A9D53F4A831308A24CA0BDFFA40351EE76438C7B5D2

2826F7E94A169023AFAE1D1DF4A31C2

Ukungena #1

Khiqiza ukhiye…

Ijika: secp384r1

: 015290C556F1533E5631322953E2F9E91258472F43EC954E05D6A4B63D611E04B

C120C7E7A744C357346B424D52100A9

: 68696DEAC4773FF3D5A16A4261975424AAB4248196CF5142858E016242FB82BC5

08A80F3FE7F156DEF0AE5FD95BDFE05

Imvume yokungenela #2 yochungechunge lokhiye: SIGN_CODE I-keychain ingakhanselwa nge-ID: 3 Iketango lesiginesha #1 (okufakiwe: -1, offset: 648)

Ukungena #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ukungena #1

Khiqiza ukhiye…

Ijika: secp384r1

: 1E8FBEDC486C2F3161AFEB028D0C4B426258293058CD41358A164C1B1D60E5C1D

74D982BC20A4772ABCD0A1848E9DC96

: 768F1BF95B37A3CC2FFCEEB071DD456D14B84F1B9BFF780FC5A72A0D3BE5EB51D

0DA7C6B53D83CF8A775A8340BD5A5DB

Ukungena #2

Khiqiza ukhiye…

Ijika: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Ukufaka #3 Imvume ye-keychain: SIGN_CODE I-keychain ingakhanselwa nge-ID: 15 Iketango lesiginesha #2 (okufakiwe: -1, offset: 0) Iketango lesiginesha #3 (okufakiwe: -1, offset: 0) Iketango lesiginesha #4 (okufakiwe: -1, i-offset: 0) Iketango lesiginesha #5 (okufakiwe: -1, offset: 0) Iketango lesiginesha #6 (okufakiwe: -1, offset: 0) Iketango lesiginesha #7 (okufakiwe: -1, offset: 0)

Uhlobo Lwesigaba: Incazelo Yesiginesha ye-IO … Iketango lesiginesha #0 (okufakiwe: -1, offset: 96)

Ukungena #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 16

Thumela Impendulo

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ukungena #1

Khiqiza ukhiye…

Ijika: secp384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Ukungena #2

Khiqiza ukhiye…

Ijika: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Ukungena #3 Imvume ye-keychain: SIGN_CORE I-keychain ingakhanselwa nge-ID: 15 Iketango lesiginesha #1 (okufakiwe: -1, offset: 0) Iketango lesiginesha #2 (okufakiwe: -1, offset: 0) Iketango lesiginesha #3 (okufakiwe: -1, i-offset: 0) Iketango lesiginesha #4 (okufakiwe: -1, offset: 0) Iketango lesiginesha #5 (okufakiwe: -1, offset: 0) Iketango lesiginesha #6 (okufakiwe: -1, offset: 0) Isiginesha uchungechunge #7 (okufakiwe: -1, offset: 0)

Ingxenye

Uhlobo: HPS

Isichazi Sesiginesha…

Iketango lesiginesha #0 (okufakiwe: -1, offset: 96)

Ukungena #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ukungena #1

Khiqiza ukhiye…

Ijika: secp384r1

: FAF423E08FB08D09F926AB66705EB1843C7C82A4391D3049A35E0C5F17ACB1A30

09CE3F486200940E81D02E2F385D150

: 397C0DA2F8DD6447C52048CD0FF7D5CCA7F169C711367E9B81E1E6C1E8CD9134E

5AC33EE6D388B1A895AC07B86155E9D

Ukungena #2

Khiqiza ukhiye…

Ijika: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 17

2. Ukuqinisekisa kanye Nokugunyazwa 683823 | 2023.05.23

Ukungena #3 Imvume ye-Keychain: SIGN_HPS I-keychain ingakhanselwa nge-ID: 15 Iketango lesiginesha #1 (okufakiwe: -1, offset: 0) Iketango lesiginesha #2 (okufakiwe: -1, offset: 0) Iketango lesiginesha #3 (okufakiwe: -1, i-offset: 0) Iketango lesiginesha #4 (okufakiwe: -1, offset: 0) Iketango lesiginesha #5 (okufakiwe: -1, offset: 0) Iketango lesiginesha #6 (okufakiwe: -1, offset: 0) Isiginesha uchungechunge #7 (okufakiwe: -1, offset: 0)

Uhlobo Lwesigaba: CORE Isichazi Sesiginesha … Iketango lesiginesha #0 (okufakiwe: -1, offset: 96)

Ukungena #0

Fuse: FA6528BE 9281F2DB B787E805 6BF6EE0E 28983C56 D568B141 8EEE4BF6

DAC2D422 0A3A0F27 81EFC6CD 67E973BF AC286EAE

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Khiqiza ukhiye…

Ijika: secp384r1

: 47A453474A8D886AB058615EB1AB38A75BAC9F0C46E564CB5B5DCC1328244E765

0411C4592FAFFC71DE36A105B054781

: 6087D3B4A5C8646B4DAC6B5C863CD0E705BD0C9D2C141DE4DE7BDDEB85C0410D8

6B7312EEE8241189474262629501FCD

Ukungena #1

Khiqiza ukhiye…

Ijika: secp384r1

: 646B51F668D8CC365D72B89BA8082FDE79B00CDB750DA0C984DC5891CDF57BD21

44758CA747B1A8315024A8247F12E51

: 53513118E25E16151FD55D7ECDE8293AF6C98A74D52E0DA2527948A64FABDFE7C

F4EA8B8E229218D38A869EE15476750

Ukungena #2

Khiqiza ukhiye…

Ijika: secp384r1

: 13986DDECAB697A2EB26B8EBD25095A8CC2B1A0AB0C766D029CDF2AFE21BE3432

76896E771A9C6CA5A2D3C08CF4CB83C

: 0A1384E9DD209238FF110D867B557414955354EE6681D553509A507A78CFC05A1

49F91CABA72F6A3A1C2D1990CDAEA3D

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 18

Thumela Impendulo

683823 | 2023.05.23 Thumela Impendulo

Ukubethela kwe-AES Bitstream

I-Advanced Encryption Standard (AES) i-bitstream encryption isici esinika amandla umnikazi wedivayisi ukuthi avikele ubumfihlo bempahla esunguliwe ekucushweni kwe-bitstream.
Ukusiza ukuvikela ukugcinwa kuyimfihlo kokhiye, ukubethela kwe-bitstream ukulungisa kusebenzisa uchungechunge lokhiye be-AES. Laba okhiye basetshenziselwa ukubethela idatha yomnikazi ku-bitstream yokumisa, lapho ukhiye wokuqala omaphakathi ubethelwe ngokhiye wempande we-AES.

3.1. Ukudala ukhiye we-AES Root

Ungasebenzisa ithuluzi le-quartus_encrypt noma ukusetshenziswa kwereferensi ye-stratix10_encrypt.py ukuze udale ukhiye wempande we-AES ngefomethi yokhiye wokubethela we-Intel Quartus Prime (.qek) file.

Qaphela:

I-stratix10_encrypt.py file isetshenziselwa i-Intel Stratix® 10, kanye namadivayisi we-Intel Agilex 7.

Ungakhetha ngokuzikhethela ukhiye wesisekelo osetshenziswe ukuthola ukhiye we-AES wempande kanye nokhiye wokukhipha ukhiye, inani lokhiye wempande we-AES ngokuqondile, inani lokhiye abaphakathi nendawo, kanye nokusetshenziswa okuphezulu ngokhiye ngamunye omaphakathi.

Kufanele ucacise umndeni wedivayisi, okukhiphayo .qek file indawo, nomshwana wokungena lapho ucelwa.
Qalisa umyalo olandelayo ukuze ukhiqize ukhiye wempande we-AES usebenzisa idatha engahleliwe yokhiye wesisekelo kanye namanani azenzakalelayo ngenombolo yokhiye abaphakathi kanye nokusetshenziswa kokhiye omkhulu.
Ukuze usebenzise ukusetshenziswa kwereferensi, ufaka ucingo kumhumushi we-Python ofakwe ne-Intel Quartus Prime software futhi ushiye inketho ethi -family=agilex; zonke ezinye izinketho ziyefana. Okwesiboneloample, umyalo we-quartus_encrypt otholwe kamuva esigabeni

quartus_encrypt –family=agilex –operation=MAKE_AES_KEY aes_root.qek

ingaguqulwa ibe ucingo olulinganayo ekusetshenzisweni kwesithenjwa ngendlela elandelayo pgm_py stratix10_encrypt.py -operation=MAKE_AES_KEY aes_root.qek

3.2. Izilungiselelo zokubethela ze-Quartus
Ukuze unike amandla ukubethela kwe-bitstream kumklamo, kuzomele ucacise izinketho ezifanele usebenzisa Iphaneli Yedivayisi Yemisebenzi Ezokwenziwa kanye nephaneli Yokuphepha Yezinketho Zephini. Ukhetha okuthi Vumela ibhokisi lokuhlola lokubethela kwe-bitstream, kanye nendawo yokugcina ukhiye Wokubethela oyifunayo kumenyu eyehlayo.

I-ISO 9001:2015 Ibhalisiwe

Umfanekiso 3. Izilungiselelo ze-Intel Quartus Prime Encryption

3. AES Bitstream Ukubethela 683823 | 2023.05.23

Kungenjalo, ungangeza isitatimende sesabelo esilandelayo kuzilungiselelo zakho ze-Intel Quartus Prime file .qsf:
set_global_assignment -igama ENCRYPT_PROGRAMMING_BITSTREAM ku-set_global_assignment -igama PROGRAMMING_BITSTREAM_ENCRYPTION_KEY_SELECT ama-eFuse
Uma ufuna ukunika amandla ukuncishiswa okwengeziwe ngokumelene namavekhtha okuhlasela esiteshi esiseceleni, ungase unike amandla okwehliswayo kwesilinganiso sokubuyekeza Ukubethela futhi Unike amandla ibhokisi lokuhlola lokuphenya.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 20

Thumela Impendulo

3. AES Bitstream Ukubethela 683823 | 2023.05.23

Izinguquko ezihambisanayo ku-.qsf yilezi:
set_global_assignment -igama PROGRAMMING_BITSTREAM_ENCRYPTION_CNOC_SCRAMBLING ku-set_global_assignment -igama PROGRAMMING_BITSTREAM_ENCRYPTION_UPDATE_RATIO 31

3.3. Ibethela i-Bitstream yokucushwa
Ubhala ngemfihlo i-bitstream yokumisa ngaphambi kokusayina i-bitstream. I-Intel Quartus Prime Programming File Ithuluzi lokukhiqiza lingabhala ngemfihlo ngokuzenzakalelayo futhi lisayine i-bitstream yokucushwa lisebenzisa i-graphical interface yomsebenzisi noma umugqa womyalo.
Ungakhetha ngokuzikhethela i-bitstream ebethelwe kancane ukuze uyisebenzise ngamathuluzi we-quartus_encrypt kanye ne-quartus_sign noma okufana nokusetshenziswa kwereferensi.

3.3.1. Ukucushwa kwe-Bitstream Encryption usebenzisa i-Programming File I-Generator Graphical Interface
Ungasebenzisa i-Programming File Ijeneretha yokubhala ngemfihlo futhi usayine isithombe somnikazi.

Umfanekiso 4.

1. Kwi-Intel Quartus Prime File imenyu khetha Ukuhlela File Ijeneretha. 2. Kokuphumayo Files, cacisa okukhiphayo file thayipha ukuze ucushwe
uhlelo.
Okukhiphayo File Ukucaciswa

Isikimu sokumisa Okukhiphayo file ithebhu
Okukhiphayo file uhlobo

3. Kokufakayo Files, chofoza Engeza i-Bitstream bese upheqa ku-.sof yakho. 4. Ukucacisa izinketho zokubethela kanye nokuqinisekisa khetha i-.sof bese uchofoza
Izakhiwo. a. Vula ithuluzi lokusayina amandla. b. Ngokhiye Oyimfihlo file khetha ukhiye wakho wokusayina oyimfihlo .pem file. c. Vula ukubethela kokuqeda.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 21

3. AES Bitstream Ukubethela 683823 | 2023.05.23

Umfanekiso 5.

d. Ngokhiye Wokubethela file, khetha i-AES yakho .qek file. Okokufaka (.sof) File Izakhiwo Zokuqinisekisa Nokubethela

Nika amandla ukufakazela ubuqiniso Cacisa impande eyimfihlo .pem
Nika amandla ukubethela Cacisa ukhiye wokubethela
5. Ukukhiqiza i-bitstream esayiniwe futhi ebethelwe, kokokufaka Files, chofoza okuthi Khiqiza. Amabhokisi ebhokisi lephasiwedi avela ukuze ufake umushwana wakho wokungena kukhiye wakho we-AES .qek file nokusayina ukhiye oyimfihlo .pem file. Uhlelo file ijeneretha idala okuphumayo okubethelwe nokusayiniwe_file.rbf.
3.3.2. Ukucushwa kwe-Bitstream Encryption usebenzisa i-Programming File I-Generator Command Line Interface
Khiqiza i-bitstream ebethelwe futhi esayiniwe yokumisa ngefomethi ye-.rbf ngesixhumi esibonakalayo somugqa womyalo we-quartus_pfg:
quartus_pfg -c encryption_enabled.sof top.rbf -o finalize_encryption=ON -o qek_file=aes_root.qek -o signing=ON -o pem_file=design0_sign_private.pem
Ungakwazi ukuguqula i-bitstream yokumisa ebethelwe futhi esayiniwe ngefomethi ye-.rbf iye kokunye ukucushwa kwe-bitstream file amafomethi.
3.3.3. I-Bitstream Yokucushwa Ebethelwe Ingxenye Yesizukulwane Ngokusebenzisa Isixhumi esibonakalayo Somugqa Womyalo
Ungase ukhiqize uhlelo olubethelwe kancane file ukuze uqedele ukubethela futhi usayine isithombe kamuva. Khiqiza uhlelo olubethelwe kancane file ngefomethi ethi .rbf enomugqa wokubonwa kwequartus_pfgcommand: quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON top.sof top.rbf

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 22

Thumela Impendulo

3. AES Bitstream Ukubethela 683823 | 2023.05.23
Usebenzisa ithuluzi lomugqa womyalo we-quartus_encrypt ukuze uqedele ukubethela kwe-bitstream:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek top.rbf encrypted_top.rbf
Usebenzisa ithuluzi lomugqa womyalo we-quartus_sign ukuze usayine i-bitstream yokucushwa ebethelwe:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem –cancel=svnA:0 encrypted_top.rbfsign_encrypted_top.rbf
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 encrypted_top.rbfsign_encrypted_top.rbf
3.3.4. Ukubethela Kabusha Kwe-Bitstream Ukucushwa Kabusha
Ungakwazi ukunika amandla ukubethela kwe-bitstream kwamanye amadizayini we-Intel Agilex 7 FPGA asebenzisa ukusetha kabusha ingxenye.
Imiklamo yokusetha kabusha ingxenye esebenzisa i-Hierarchical Partial Reconfiguration (HPR), noma Ukulungiswa Kwengxenye Yokubuyekeza Okumile (SUPR) ayikusekeli ukubethela kwe-bitstream. Uma idizayini yakho iqukethe izifunda eziningi ze-PR, kufanele ubethele bonke abantu.
Ukuze unike amandla ukubethela kwe-bitstream yokusetha kabusha ingxenye, landela inqubo efanayo kuzo zonke izibuyekezo zedizayini. 1. Kwi-Intel Quartus Prime File imenyu, khetha Idivayisi Yedivayisi Yemisebenzi ezokwenziwa
futhi Phina Izinketho Zokuphepha. 2. Khetha indawo yokugcina ukhiye wokubethela oyifunayo.
Umfanekiso 6. Ukusetha Kabusha Ingxenye Yokubethela Kwe-Bitstream

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 23

3. AES Bitstream Ukubethela 683823 | 2023.05.23
Kungenjalo, ungase wengeze isitatimende somsebenzi olandelayo kuzilungiselelo ze-Quartus Prime file .qsf:
set_global_assignment -igama –ENABLE_PARTIAL_RECONFIGURATION_BITSTREAM_ENCRYPTION ku-
Ngemva kokuhlanganisa umklamo wakho oyisisekelo nezibuyekezo, isofthiwe ikhiqiza i-a.soffile kanye neyodwa noma ngaphezulu.pmsffiles, emele abantu. 3. Dala izinhlelo ezibethelwe nezisayiniwe files kusuka ku.sof kanye.pmsf files ngendlela efanayo kumadizayini ngaphandle kokulungiswa kabusha kwengxenye okunikwe amandla. 4. Guqula i-persona.pmsf ehlanganisiwe file ku-encrypted.rbf kancane file:
quartus_pfg -c -o finalize_encryption_later=ON -o sign_later=ON encryption_enabled_persona1.pmsf persona1.rbf
5. Qedela ukubethela kwe-bitstream usebenzisa ithuluzi lomugqa womyalo we-quartus_encrypt:
quartus_encrypt –family=agilex –operation=ENCRYPT –key=aes_root.qek persona1.rbf encrypted_persona1.rbf
6. Sayina i-bitstream yokucushwa ebethelwe usebenzisa ithuluzi lomugqa womyalo we-quartus_sign:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_sign_private.pem encrypted_persona1.rbfsign_encrypted_persona1.rbf
quartus_sign –family=agilex –operation=SIGN –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” – design0_sign_chain.qky –cancel=svnA:0 –keyname=design0_sign encrypted_persona1.rbfsign_encrypted_persona1.rbf

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 24

Thumela Impendulo

683823 | 2023.05.23 Thumela Impendulo

Ukunikezwa Kwedivayisi

Ukunikezwa kwesici sokuqala sokuvikeleka kusekelwa kuphela ku-firmware yokuhlinzekwa kwe-SDM. Sebenzisa i-Intel Quartus Prime Programmer ukuze ulayishe i-firmware yokuhlinzeka nge-SDM futhi wenze imisebenzi yokuhlinzeka.
Ungasebenzisa noma yiluphi uhlobo lwe-JTAG landa ikhebula ukuze uxhume i-Quartus Programmer kudivayisi ye-Intel Agilex 7 ukuze wenze imisebenzi yokuhlinzeka.
4.1. Ukusebenzisa i-SDM Provision Firmware
I-Intel Quartus Prime Programmer idala futhi ilayishe ngokuzenzakalelayo isithombe somsizi esizenzakalelayo lapho ukhetha umsebenzi wokuqalisa kanye nomyalo wokuhlela okuthile ngaphandle kwe-bitstream yokumisa.
Ngokuya ngomyalo wokuhlela oshiwo, isithombe somsizi esizenzakalelayo singenye yezinhlobo ezimbili:
· Ukunikeza isithombe somsizi–sihlanganisa ingxenye eyodwa ye-bitstream equkethe i-firmware yokuhlinzeka ye-SDM.
· Isithombe somsizi we-QSPI–sihlanganisa izingxenye ezimbili ze-bitstream, eyodwa equkethe i-firmware eyinhloko ye-SDM kanye nesigaba se-I/O esisodwa.
Ungakha isithombe somsizi esizenzakalelayo sasembonini file ukulayisha kudivayisi yakho ngaphambi kokwenza noma yimuphi umyalo wokuhlela. Ngemva kokuhlela i-hashi yokhiye wempande wokuqinisekisa, kufanele udale futhi usayine isithombe somsizi esizenzakalelayo sefekthri ye-QSPI ngenxa yesigaba se-I/O esifakiwe. Uma futhi uhlela ukulungiselelwa kokuphepha kwe-firmware esayinwe ngokuhlanganyela i-eFuse, kufanele udale ukunikeza kanye nezithombe zomsizi ezizenzakalelayo zasembonini ze-QSPI nge-firmware esayinwe ngokuhlanganyela. Ungasebenzisa isithombe somsizi esizenzakalelayo esisayinwe ngokuhlanganyela kudivayisi engavunyelwe njengoba idivayisi enganikeziwe ishaya indiva amaketango esiginesha angewona awe-Intel nge-firmware ye-SDM. Bheka Ukusebenzisa Isithombe Esizenzakalelayo Sefekthri ye-QSPI Emadivaysi Aphethwe ekhasini 26 ukuze uthole imininingwane eyengeziwe mayelana nokudala, ukusayina, nokusebenzisa isithombe somsizi esizenzakalelayo sasefekthri se-QSPI.
Isithombe somsizi esizenzakalelayo embonini senza isenzo sokuhlinzeka, esifana nokuhlela i-hashi yokhiye wempande wokuqinisekisa, ama-fuse okusetha ukuvikela, ukubhaliswa kwe-PUF, noma ukunikezwa kokhiye omnyama. Usebenzisa i-Intel Quartus Prime Programming File Ithuluzi lomugqa womyalo we-generator ukuze udale isithombe somsizi wokunikeza, ucacise inketho yesithombe_somsizi, igama ledivayisi yakho yosizo, uhlobo oluncane lwesithombe somsizi, kanye nokuzikhethela i-firmware esayinwe ngokuhlanganyela .zip file:
quartus_pfg -helper_image -o helper_device=AGFB014R24A -o subtype=PROVISION -o fw_source=signed_agilex.zip signed_provision_helper_image.rbf
Hlela isithombe somsizi usebenzisa ithuluzi le-Intel Quartus Prime Programmer:
i-quartus_pgm -c 1 -mjtag -o “p;signed_provision_helper_image.rbf” –force

I-ISO 9001:2015 Ibhalisiwe

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Qaphela:

Ungase weqe ukuqalisa ukusebenza emiyalweni, okuhlanganisa nesibampokunikezwe kulesi sahluko, ngemva kokuhlela isithombe somsizi wokuhlinzekwa noma ukusebenzisa umyalo oqukethe umsebenzi wokuqalisa.

4.2. Kusetshenziswa Isithombe Esizenzakalelayo Sefekthri ye-QSPI Kumadivayisi Aphethwe
I-Intel Quartus Prime Programmer idala ngokuzenzakalelayo futhi ilayishe isithombe somsizi esizenzakalelayo sefekthri ye-QSPI lapho ukhetha umsebenzi wokuqalisa wohlelo lwe-QSPI flash. file. Ngemva kokuhlela i-hashi yokhiye wempande wokuqinisekisa, kufanele udale futhi usayine isithombe somsizi esizenzakalelayo sefekthri ye-QSPI, futhi uhlele isithombe somsizi wefekthri ye-QSPI esayiniwe ngokuhlukile ngaphambi kokuhlela iflash ye-QSPI. 1. Usebenzisa i-Intel Quartus Prime Programming File Ithuluzi lomugqa womyalo we-generator ukuze
dala isithombe somsizi we-QSPI, ucacise inketho yesithombe_somsizi, uhlobo lwedivayisi_yensiza yakho, uhlobo oluncane lwesithombe somsizi we-QSPI, futhi ngokuzikhethela i-firmware ehlanganisiwe .zip file:
quartus_pfg -helper_image -o helper_device=AGFB014R24A -o subtype=QSPI -o fw_source=signed_agilex.zip qspi_helper_image.rbf
2. Usayina isithombe somsizi wefekthri ye-QSPI:
quartus_sign –family=agilex –operation=sign –qky=design0_sign_chain.qky –pem=design0_sign_private.pem qspi_helper_image.rbf sign_qspi_helper_image.rbf
3. Ungasebenzisa noma iyiphi i-QSPI flash programming file ifomethi. I-ex elandelayoampsebenzisa i-bitstream yokumisa eguqulelwe ku-.jic file ifomethi:
quartus_pfg -c sign_bitstream.rbf sign_flash.jic -o device=MT25QU128 -o flash_loader=AGFB014R24A -o mode=ASX4
4. Uhlela isithombe somsizi esayiniwe usebenzisa ithuluzi le-Intel Quartus Prime Programmer:
i-quartus_pgm -c 1 -mjtag -o “p;signed_qspi_helper_image.rbf” –force
5. Uhlela isithombe se-.jic ukuthi sikhanye usebenzisa ithuluzi le-Intel Quartus Prime Programmer:
i-quartus_pgm -c 1 -mjtag -o “p;signed_flash.jic”

4.3. Ukunikeza Ukhiye Wezimpande Zokuqinisekisa
Ukuze uhlele ama-hashe okhiye wempande womnikazi kuma-fuse aphathekayo, okokuqala kufanele ulayishe i-firmware yokuhlinzeka, uhlelo olulandelayo ukhiye wempande womnikazi usheshise, bese ngokushesha wenze ukusetha kabusha kwamandla. Ukusetha kabusha amandla akudingekile uma ukhiye wempande wohlelo uphuthuma kumafuse abonakalayo.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 26

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
Ukuze uhlele ama-hashes okhiye wempande wokuqinisekisa, uhlela isithombe somsizi we-firmware yokuhlinzeka bese uqhuba omunye wemiyalo elandelayo ukuhlela ukhiye wempande .qky files.
// Okomzimba (okungaguquki) eFuses quartus_pgm -c 1 -mjtag -o “p;root0.qky;root1.qky;root2.qky” –non_volatile_key
// Okokubona (okuguquguqukayo) eFuses quartus_pgm -c 1 -mjtag -o “p;root0.qky;root1.qky;root2.qky”
4.3.1. Ukuhlela Kabusha Kabusha Kwegunya Eliningi Lokuhlela Ukhiye
Ngemva kokunikeza idivayisi noma okhiye bezimpande zomnikazi wesifunda esimile, uyaphinda ulayishe isithombe somsizi wokuhlinzekwa kwedivayisi, uhlele isitifiketi sokugunyazwa kokhiye womphakathi we-PR esayiniwe, bese unikeza ukhiye wempande womnikazi we-bitstream we-PR.
// Okomzimba (okungaguquki) eFuses quartus_pgm -c 1 -mjtag -o “p;root_pr.qky” –pr_pubkey –non_volatile_key
// Okokubona (okuguquguqukayo) eFuses quartus_pgm -c 1 -mjtag -o “p;p;root_pr.qky” –pr_pubkey
4.4. AmaFuse Wokukhansela Ukhiye Wokuhlela
Ukuqala ngesoftware ye-Intel Quartus Prime Pro Edition engu-21.1, ukuhlela i-Intel kanye namafusi ka-ID wokukhansela ukhiye womnikazi kudinga ukusetshenziswa kwesitifiketi esihlangene esayiniwe. Ungasayina isitifiketi esihlangene se-ID yokukhansela ngochungechunge lwesiginesha olunezimvume zokusayina zesigaba se-FPGA. Udala isitifiketi esihlangene ngokuhlela file ithuluzi lomugqa womyalo we-generator. Usayina isitifiketi esingasayiniwe usebenzisa ithuluzi le-quartus_sign noma ukusetshenziswa kwereferensi.
Amadivayisi we-Intel Agilex 7 asekela amabhange ahlukene obunikazi bokhiye bokukhansela bokhiye wokhiye ngamunye wempande. Uma isitifiketi esihlangene se-ID sokukhansela ukhiye sihlelwa ku-Intel Agilex 7 FPGA, i-SDM inquma ukuthi yimuphi ukhiye wempande osayine isitifiketi esihlangene bese ishaya ukhiye wokukhansela ifuzi ye-ID ehambisana nalowo khiye wempande.
I-ex elandelayoampdala isitifiketi sokukhansela ukhiye we-Intel sika-Intel key ID 7. Ungase esikhundleni sika-7 ufake i-ID yokukhansela ukhiye we-Intel osebenzayo kusukela ku-0-31.
Qalisa umyalo olandelayo ukuze udale isitifiketi esihlangene se-ID sokukhansela ukhiye we-Intel ongasayiniwe:
quartus_pfg –ccert -o ccert_type=CANCEL_INTEL_KEY -o cancel_key=7 unsigned_cancel_intel7.ccert
Qalisa omunye wemiyalo elandelayo ukuze usayine isitifiketi esihlangene se-ID sokukhansela ukhiye we-Intel ongasayiniwe:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 27

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
–keyname=design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_intel7.ccert signed_cancel_intel7.ccert
Qalisa umyalo olandelayo ukuze udale isitifiketi se-ID sokukhansela ukhiye ongasayiniwe:
quartus_pfg –ccert -o ccert_type=CANCEL_OWNER_KEY -o cancel_key=2 unsigned_cancel_owner2.ccert
Qalisa omunye wemiyalo elandelayo ukuze usayine isitifiketi se-ID sokukhansela ukhiye ongasayiniwe:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_cancel_owner2.ccert signed_cancel_owner2.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_cancel_owner2.certsigned_cancel_owner2.ccert
Ngemuva kokuthi udale isitifiketi esihlanganisiwe se-ID yokukhansela ukhiye osayiniwe, usebenzisa i-Intel Quartus Prime Programmer ukuhlela isitifiketi esihlangene kudivayisi usebenzisa i-J.TAG.
//Okwenyama (okungaguquguquki) eFuses quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_intel7.ccert” –non_volatile_key quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_owner2.cert” –non_volatile_key
//Okwe-virtual (okuguquguqukayo) eFuses quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_intel7.ccert” quartus_pgm -c 1 -mjtag -o “pi;signed_cancel_owner2.cert”
Futhi ungathumela isitifiketi esihlangene ku-SDM usebenzisa isixhumi esibonakalayo sebhokisi leposi le-FPGA noma le-HPS.
4.5. Ikhansela Okhiye Bezimpande
Amadivayisi we-Intel Agilex 7 akuvumela ukuthi ukhansele ama-hashes wokhiye wempande lapho kukhona enye ihashi yokhiye wezimpande ongakhanseliwe. Ukhansela i-hashi yokhiye wempande ngokuqala ngokulungiselela idivayisi ngomklamo ochungechunge lwesiginesha lusekelwe ku-hashi yokhiye wempande ohlukile, bese uhlela ukhiye wempande osayiniwe isitifiketi esihlangene sokukhansela. Kufanele usayine isitifiketi esihlangene sokhiye we-hashi wokukhansela ngochungechunge lwesiginesha olugxile kukhiye wempande ukuze lukhanselwe.
Qalisa umyalo olandelayo ukuze ukhiqize isitifiketi esihlanganisiwe sokhiye wempande ongasayiniwe:
quartus_pfg –ccert -o –ccert_type=CANCEL_KEY_HASH unsigned_root_cancel.ccert

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 28

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Qalisa omunye wemiyalo elandelayo ukuze usayine isitifiketi esihlangene sokhiye wempande ongasayiniwe wokukhansela:
quartus_sign –family=agilex –operation=SIGN –qky=design0_sign_chain.qky –pem=design0_private.pem –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so” –keyname design0_sign –qky=design0_sign_chain.qky –cancel=svnA:0 unsigned_root_cancel.ccert signed_root_cancel.ccert
Ungahlela isitifiketi sokukhansela ukhiye we-hashi ngokusebenzisa i-JTAG, FPGA, noma amabhokisi eposi we-HPS.

4.6. I-Programming Counter Fuse
Ubuyekeza Inombolo Yenguqulo Yokuphepha (i-SVN) ne-Pseudo Time Stamp (PTS) amafusi ekhawunta asebenzisa izitifiketi ezihlangene ezisayiniwe.

Qaphela:

I-SDM ilandela umkhondo wenani eliphansi eliphikisayo elibonwe ngesikhathi sokucushwa okunikeziwe futhi ayamukeli izitifiketi zokubala zokwenyuka lapho inani eliphikisayo lilincane kunenani eliyisisekelo. Kufanele ubuyekeze zonke izinto ezinikezwe ikhawunta futhi ulungise kabusha idivayisi ngaphambi kokuhlela isitifiketi esihlangene sokunyuka kwekhawunta.

Qalisa omunye wemiyalo elandelayo ohambelana nesitifiketi sokwenyusa esibali ofuna ukusikhiqiza.
quartus_pfg –ccert -o ccert_type=PTS_COUNTER -o counter=<-1:495> unsigned_pts.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_A -o counter=<-1:63> unsigned_svnA.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_B -o counter=<-1:63> unsigned_svnB.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_C -o counter=<-1:63> unsigned_svnC.ccert

quartus_pfg –ccert -o ccert_type=SVN_COUNTER_D -o counter=<-1:63> unsigned_svnD.ccert

Inani eliphikisayo loku-1 lidala isitifiketi sokugunyazwa sokwenyuka kwesibali. Ukuhlela isitifiketi sokugunyazwa kokwenyuka kwekhawunta kukuvumela ukuthi uhlele ezinye izitifiketi ezingabhalisiwe zokwengeza ezingabhalisiwe ukuze ubuyekeze isibali esifanele. Usebenzisa ithuluzi le-quartus_sign ukuze usayine izitifiketi ezihlangene zekhawunta ngendlela efanayo nezitifiketi ezihlangene ze-ID yokukhansela.
Ungahlela isitifiketi sokukhansela ukhiye we-hashi ngokusebenzisa i-JTAG, FPGA, noma amabhokisi eposi we-HPS.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 29

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

4.7. Vikela Isevisi Yento Yedatha Ukunikeza Ukhiye Wokuhlinzeka
Usebenzisa i-Intel Quartus Prime Programmer ukuze unikeze ukhiye wempande we-Secure Data Object Service (SDOS). Umhleli ulayisha ngokuzenzakalelayo isithombe somsizi we-firmware ukuze anikeze ukhiye wempande we-SDOS.
i-quartus_pgm c 1 mjtag –service_root_key –non_volatile_key

4.8. Ukunikezwa Kwesilungiselelo Sokuphepha
Sebenzisa i-Intel Quartus Prime Programmer ukuze uhlole amafuse esethingi lokuvikeleka kwedivayisi futhi uwabhale kumbhalo we-.fuse file Ngokulandelayo:
i-quartus_pgm -c 1 -mjtag -o “ei;programming_file.fuse;AGFB014R24B”

Izinketho · i: Umhleli ulayisha isithombe somsizi we-firmware kudivayisi. · e: Umdidiyeli ufunda i-fuse ocingweni futhi ayigcine ku-.fuse file.

I-.fuse file iqukethe uhlu lwamapheya enani le-fuse. Inani licacisa ukuthi i-fuse ivuthelwe yini noma okuqukethwe kwenkundla ye-fuse.

I-ex elandelayoampi-le ibonisa ifomethi ye-.fuse file:

# I-firmware esayinwe ngokuhlanganyela

= "Akushaywanga"

# Ukubulala Imvume Yedivayisi

= "Akushaywanga"

# Idivayisi ayivikelekile

= "Akushaywanga"

# Khubaza ukulungisa iphutha le-HPS

= "Akushaywanga"

# Khubaza ukubhaliswa kwe-PUF ye-ID ye-Intrinsic

= "Akushaywanga"

# Khubaza i-JTAG

= "Akushaywanga"

# Khubaza ukhiye wokubethela ogoqwe nge-PUF

= "Akushaywanga"

# Khubaza ukhiye wokubethela womnikazi ku-BBRAM = "Akushaywanga"

# Khubaza ukhiye wokubethela womnikazi ku-eFuses = “Akushaywanga”

# Khubaza ukhiye womphakathi wempande yomnikazi i-hash 0

= "Akushaywanga"

# Khubaza ukhiye womphakathi wempande yomnikazi i-hash 1

= "Akushaywanga"

# Khubaza ukhiye womphakathi wempande yomnikazi i-hash 2

= "Akushaywanga"

# Khubaza ama-eFuses abonakalayo

= "Akushaywanga"

# Phoqa iwashi le-SDM ku-oscillator yangaphakathi = "Ayishaywanga"

# Phoqelela isibuyekezo sokhiye wokubethela

= "Akushaywanga"

# Ukukhanselwa kokhiye ocacile we-Intel

= "0"

# Khiya ama-eFuses okuphepha

= "Akushaywanga"

# Uhlelo lomnikazi wokubethela lwenziwe

= "Akushaywanga"

# Kuqala uhlelo lokhiye wokubethela womnikazi

= "Akushaywanga"

# Ukukhansela ukhiye osobala 0

= ""

# Ukukhansela ukhiye osobala 1

= ""

# Ukukhansela ukhiye osobala 2

= ""

# Amafuse omnikazi

“0x00000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000

0000000000000000000000”

# Umnikazi wezimpande zokhiye womphakathi hashi 0

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Umnikazi wezimpande zokhiye womphakathi hashi 1

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Umnikazi wezimpande zokhiye womphakathi hashi 2

“0x00000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000”

# Umnikazi usayizi wokhiye womphakathi

= "Akukho"

# Ikhawunta ye-PTS

= "0"

# PTS counter base

= "0"

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 30

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

# QSPI ukuqala ukubambezeleka # RMA Counter # SDMIO0 yi-I2C # SVN counter A # SVN counter B # SVN counter C # SVN counter D

= “10ms” = “0” = “Akushaywanga” = “0” = “0” = “0” = “0”

Shintsha i-.fuse file ukuze usethe amafuse okusetha okuvikelayo owathandayo. Umugqa oqala ngo-# uthathwa njengomugqa wokuphawula. Ukuze uhlele i-fuse yesilungiselelo sokuvikeleka, susa u-# oholayo bese usetha inani ukuze lithi Vuthela. Okwesiboneloample, ukuze unike amandla ifuse yezilungiselelo ze-Firmware esayinwe Ngokuhlangene, lungisa umugqa wokuqala wefuse file kokulandelayo:
I-firmware esayinwe ngokuhlanganyela = “Ishayiwe”

Ungakwazi futhi ukwaba futhi uhlele amaFuse Omnikazi ngokuya ngezidingo zakho.
Ungasebenzisa umyalo olandelayo ukuze wenze ukuhlola okungenalutho, uhlelo, futhi uqinisekise umsuka wokhiye wasesidlangalaleni womnikazi:
i-quartus_pgm -c 1 -mjtag -o “ibpv;root0.qky”

Izinketho · i: Ilayisha isithombe somsizi we-firmware kudivayisi. · b: Yenza isheke elingenalutho ukuze uqinisekise ukuthi amafuse esethingi okuphepha awafani
isishaywe umoya. · p: Uhlela i-fuse. · v: Iqinisekisa ukhiye ohleliwe ocingweni.
Ngemva kokuhlela i-.qky file, ungase uhlole ulwazi lwefuse ngokuhlola ulwazi lwefuse futhi ukuze uqinisekise ukuthi kokubili umnikazi we-hashi yokhiye osesidlangalaleni kanye nomnikazi kasayizi wokhiye osesidlangalaleni banamanani angewona aziro.
Ngenkathi izinkambu ezilandelayo zingabhaleki nge-.fuse file indlela, afakiwe phakathi nokuhlolwa kokusebenza okukhiphayo ukuze kuqinisekiswe: · Idivayisi ayivikelekile · Imvume yedivayisi bulala · Khubaza impande yomnikazi wokhiye womphakathi hashi 0 · Khubaza umnikazi impande yomphakathi ukhiye hashi 1 · Khubaza umnikazi impande public key hashi 2 · Intel key cancellation · Ukuqala kohlelo lokhiye wokubethela womnikazi · Uhlelo lokhiye wokubethela lwenziwe · Ukukhanselwa kokhiye womnikazi · Ihashi likakhiye womnikazi womnikazi · Umnikazi usayizi wokhiye womphakathi · Umnikazi impande yomphakathi ukhiye hashi 0 · Impande yomnikazi ukhiye womphakathi hashi 1 · Impande yomnikazi ukhiye womphakathi hashi 2

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 31

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
· Ikhawunta ye-PTS · Ikhawunta ye-PTS · Ukubambezeleka kokuqala kwe-QSPI · Ikhawunta ye-RMA · I-SDMIO0 yi-I2C · I-SVN counter A · SVN counter B · SVN counter C · SVN counter D
Sebenzisa i-Intel Quartus Prime Programmer ukuhlela i-.fuse file buyela kudivayisi. Uma ungeza inketho ye-i, uMhleli ulayisha ngokuzenzakalelayo i-firmware yokuhlinzeka ukuze ahlele amafuse wokusetha ukuphepha.
//Okwenyama (okungaguquguquki) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fuse” –non_volatile_key
//Okwe-virtual (okuguquguqukayo) eFuses quartus_pgm -c 1 -mjtag -o “pi;programming_file.fuse”
Ungasebenzisa umyalo olandelayo ukuze uqinisekise ukuthi i-hashi yokhiye we-root yedivayisi iyafana yini ne-.qky enikezwe emyalweni:
i-quartus_pgm -c 1 -mjtag -o “v;root0_other.qky”
Uma okhiye bengafani, uMhleli wehluleka ngomlayezo wephutha wokuSebenza ohlulekile.
4.9. I-AES Root Key Provisioning
Kufanele usebenzise isitifiketi esihlanganisiwe sokhiye wempande ye-AES esayiniwe ukuze uhlele ukhiye wempande we-AES kudivayisi ye-Intel Agilex 7.
4.9.1. Isitifiketi Se-AES Root Key Compact
Usebenzisa ithuluzi lomugqa womyalo we-quartus_pfg ukuze uguqule ukhiye wakho wempande we-AES .qek file kufomethi yesitifiketi esihlangene .cert. Ucacisa indawo yokugcina ukhiye ngenkathi udala isitifiketi esihlangene. Ungasebenzisa ithuluzi le-quartus_pfg ukuze udale isitifiketi esingasayiniwe ukuze usisayine kamuva. Kumelwe usebenzise uchungechunge lwesiginesha ngemvume yokusayina yesitifiketi sokhiye wempande we-AES, imvume encane engu-6, enikwe amandla ukuze usayine ngempumelelo isitifiketi esihlangene sokhiye wempande we-AES.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 32

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
1. Dala ipheya yokhiye eyengeziwe esetshenziselwa ukusayinda isitifiketi esihlangene sokhiye we-AES usebenzisa omunye wemiyalo elandelayo exampkancane:
quartus_sign -family=agilex -operation=make_private_pem -curve=secp384r1 aesccert1_private.pem
quartus_sign -family=agilex -operation=make_public_pem aesccert1_private.pem aesccert1_public.pem
pkcs11-tool -module=/usr/local/lib/softhsm/libsofthsm2.so -token-label agilex-token -login -pin agilex-token-pin -keypairgen mechanism ECDSA-KEY-PAIR-GEN -uhlobo lokhiye EC: secp384r1 -ukusetshenziswa-uphawu -ilebula aesccert1 -id 2
2. Dala uchungechunge lwesiginesha ngebhithi yemvume elungile esethwe usebenzisa owodwa wemiyalo elandelayo:
quartus_sign –family=agilex –operation=append_key –previous_pem=root0_private.pem –previous_qky=root0.qky –permission=0x40 –cancel=1 –input_pem=aesccert1_public.pem aesccertqky_sign_chain.
quartus_sign –family=agilex –operation=append_key –module=softHSM -module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsmvious_key” root2 –previous_qky=root0.qky –permission=0x0 –cancel=40 –input_keyname=aesccert1 aesccert1_sign_chain.qky
3. Dala isitifiketi esingasayiniwe se-AES sendawo yokugcina ukhiye wempande ye-AES oyifunayo. Izinketho ezilandelayo zokugcina ukhiye wezimpande ze-AES ziyatholakala:
· EFUSE_WRAPPED_AES_KEY
· IID_PUF_WRAPPED_AES_KEY
· UDS_IID_PUF_WRAPPED_AES_KEY
· BBRAM_WRAPPED_AES_KEY
· BBRAM_IID_PUF_WRAPPED_AES_KEY
· BBRAM_UDS_IID_PUF_WRAPPED_AES_KEY
//Dala ukhiye wempande we-eFuse AES isitifiketi esingasayiniwe quartus_pfg –cert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o qek_file=aes.qek unsigned_efuse1.cert
4. Sayina isitifiketi esihlangene ngomyalo we-quartus_sign noma ukusetshenziswa kwereferensi.
quartus_sign –family=agilex –operation=sign –pem=aesccert1_private.pem –qky=aesccert1_sign_chain.qky unsigned_ 1.isayiniwe isitifiketi_ 1.i-cert
quartus_sign –family=agilex –operation=sign –module=softHSM –module_args=”–token_label=agilex-token –user_pin=agilex-token-pin –hsm_lib=/usr/local/lib/softhsm/libsofthsm2.so”

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 33

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

–igama elingukhiye=aesccert1 –qky=aesccert1_sign_chain.qky unsigned_ 1.isayiniwe isitifiketi_ 1.i-cert
5. Sebenzisa i-Intel Quartus Prime Programmer ukuhlela isitifiketi se-AES sokhiye wempande kudivayisi ye-Intel Agilex 7 nge-JTAG. I-Intel Quartus Prime Programmer ishintsha ngokuzenzakalelayo ukuhlela ama-eFuses abonakalayo lapho isebenzisa uhlobo lwesitifiketi esihlangene esingu-EFUSE_WRAPPED_AES_KEY.
Ungeza inketho ethi -non_volatile_key ukuze ucacise amafuse angokomzimba ahlelayo.
// Okomzimba (okungaguquki) eFuse AES ukhiye wempande quartus_pgm -c 1 -mjtag -o “pi;signed_efuse1.cert” –non_volatile_key

//Okwe-virtual (okuguquguqukayo) eFuse AES ukhiye wempande quartus_pgm -c 1 -mjtag -o “pi;signed_efuse1.cert”

//Ngokhiye wempande ye-BBRAM AES quartus_pgm -c 1 -mjtag -o “pi;signed_bram1.cert”

I-firmware yokuhlinzeka nge-SDM kanye ne-firmware eyinhloko isekela uhlelo lwesitifiketi sokhiye wezimpande ze-AES. Ungasebenzisa futhi isixhumi esibonakalayo sebhokisi leposi le-SDM kusuka kwendwangu ye-FPGA noma i-HPS ukuhlela isitifiketi sokhiye wempande we-AES.

Qaphela:

Umyalo we-quartus_pgm awusekeli okukhethwa kukho okuthi b no-v ngezitifiketi ezihlangene(.cert).

4.9.2. I-Intrinsic ID® PUF AES Root Key Provisioning
Ukusebenzisa I-Intrinsic* ID PUF esongwe i-AES Key ihlanganisa lezi zinyathelo ezilandelayo: 1. Ukubhalisa i-Intrinsic ID PUF ngo-JTAG. 2. Ukugoqa ukhiye wempande we-AES. 3. Ukuhlela idatha yomsizi kanye nokhiye ogoqekile kumemori ye-quad SPI flash. 4. Ukubuza ngesimo sokwenza kusebenze i-ID ye-Intrinsic PUF.
Ukusetshenziswa kobuchwepheshe be-Intrinsic ID kudinga isivumelwano selayisense esihlukile ne-Intrinsic ID. Isofthiwe ye-Intel Quartus Prime Pro Edition ikhawulela ukusebenza kwe-PUF ngaphandle kwelayisensi efanelekile, njengokubhalisa, ukugoqa ukhiye, nokuhlelwa kwedatha ye-PUF ku-QSPI flash.

4.9.2.1. Ukubhaliswa kwe-PUF ye-ID yangaphakathi
Ukuze ubhalise i-PUF, kufanele usebenzise i-firmware yokuhlinzeka nge-SDM. I-firmware yokuhlinzeka kufanele kube i-firmware yokuqala elayishwa ngemva komjikelezo wamandla, futhi kufanele ukhiphe umyalo wokubhalisa we-PUF ngaphambi kwanoma yimuphi omunye umyalo. I-firmware yokuhlinzeka isekela eminye imiyalo ngemva kokubhaliswa kwe-PUF, okuhlanganisa ukugoqwa kokhiye we-AES we-root key kanye ne-programming quad SPI, nokho, kufanele unike amandla umjikelezo wedivayisi ukuze ulayishe i-bitstream yokumisa.
Usebenzisa i-Intel Quartus Prime Programmer ukuze uqalise ukubhaliswa kwe-PUF futhi ukhiqize idatha yomsizi we-PUF .puf file.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 34

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Umfanekiso 7.

Ukubhaliswa kwe-PUF ye-ID yangaphakathi
I-quartus_pgm Ukubhaliswa kwe-PUF

Idatha yomsizi we-PUF yokubhalisa

Vikela Isiphathi Sedivayisi (SDM)

wrapper.puf Helper Data
Umhleli ulayisha ngokuzenzakalelayo isithombe somsizi we-firmware uma ucacisa kokubili ukusebenza kwe-i kanye ne-agumenti ethi .puf.
i-quartus_pgm -c 1 -mjtag -o “ei;help_data.puf;AGFB014R24A”
Uma usebenzisa i-firmware esayinwe ngokuhlanganyela, uhlela isithombe somsizi we-firmware esisayinwe ngokuhlanganyela ngaphambi kokusebenzisa umyalo wokubhalisa we-PUF.
i-quartus_pgm -c 1 -mjtag -o “p;signed_provision_helper_image.rbf” –force quartus_pgm -c 1 -mjtag -o “e;help_data.puf;AGFB014R24A”
I-UDS IID PUF ibhalisiwe phakathi nokukhiqizwa kwedivayisi, futhi ayitholakaleli ukubhaliswa kabusha. Kunalokho, usebenzisa uMhleli ukuze unqume indawo yedatha yomsizi we-UDS PUF ku-IPCS, landa i-.puf file ngokuqondile, bese usebenzisa i-UDS .puf file ngendlela efanayo ne-.puf file ikhishwe kudivayisi ye-Intel Agilex 7.
Sebenzisa umyalo woMhleli olandelayo ukuze ukhiqize umbhalo file equkethe uhlu lwe URLs ekhomba kudivayisi ethize files ku-IPCS:
i-quartus_pgm -c 1 -mjtag -o “e;ipcs_urls.txt;AGFB014R24B” -ipcs_urls
4.9.2.2. Ukugoqa ukhiye we-AES Root
Ukhiqiza i-IID PUF egoqwe ukhiye wempande we-AES .wkey file ngokuthumela isitifiketi esisayiniwe ku-SDM.
Ungasebenzisa i-Intel Quartus Prime Programmer ukuze ukhiqize, usayine, futhi uthumele isitifiketi ukuze usonge ukhiye wakho wempande we-AES, noma ungasebenzisa i-Intel Quartus Prime Programming. File Ijeneretha ukukhiqiza isitifiketi esingasayiniwe. Usayina isitifiketi esingasayiniwe usebenzisa amathuluzi akho noma ithuluzi lokusayina le-Quartus. Bese usebenzisa uMhleli ukuthumela isitifiketi esayiniwe bese usonga ukhiye wakho wempande we-AES. Isitifiketi esisayiniwe singase sisetshenziswe ukuhlela wonke amadivayisi angaqinisekisa uchungechunge lwesiginesha.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 35

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Umfanekiso 8.

Ukugoqa ukhiye we-AES usebenzisa i-Intel Quartus Prime Programmer
.pem Okuyimfihlo
Ukhiye

.qky

iquartus_pgm

Goqa ukhiye we-AES

I-AES.QSKigYnature RootCPhuabilnic Key

Khiqiza Ukhiye Ogoqiwe we-PUF

Kugoqwe ukhiye we-AES

I-SDM

.qek Ukubethela
Ukhiye

.wkey PUF-Egoqiwe
Ukhiye we-AES

1. Ungase ukhiqize ukhiye wempande we-IID PUF ogoqwe we-AES (.wkey) noMhleli usebenzisa izimpikiswano ezilandelayo:
· I-.qky file equkethe iketango lesiginesha elinemvume yesitifiketi sokhiye we-AES
· I-.pem yangasese file ngokhiye wokugcina ochungechungeni lwesiginesha
· I .qek file ubambe ukhiye wempande we-AES
· Ivekhtha yokuqalisa engu-16-byte (iv).

i-quartus_pgm -c 1 -mjtag -qky_file=aes0_sign_chain.qky –pem_file=aes0_sign_private.pem –qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF -o “ei;aes.wkey;AGFB014R24A”

2. Noma, ungase ukhiqize isitifiketi esingasayiniwe se-IID PUF esonga ukhiye wezimpande we-AES ngoHlelo lokuHlela. File Ijeneretha isebenzisa izimpikiswano ezilandelayo:

quartus_pfg –ccert -o ccert_type=IID_PUF_WRAPPED_AES_KEY -o qek_file=aes.qek –iv=1234567890ABCDEF1234567890ABCDEF unsigned_aes.ccert

3. Usayina isitifiketi esingasayiniwe ngamathuluzi akho okusayina noma ithuluzi le-quartus_sign usebenzisa umyalo olandelayo:

quartus_sign –family=agilex –operation=sign –qky=aes0_sign_chain.qky –pem=aes0_sign_private.pem unsigned_aes.ccert sign_aes.ccert

4. Bese usebenzisa uMhleli ukuthumela isitifiketi se-AES esayiniwe bese ubuyisela ukhiye ogoqiwe (.wkey) file:

quarts_pgm -c 1 -mjtag -cert_file=signed_aes.ccert -o “ei;aes.wkey;AGFB014R24A”

Qaphela: Ukusebenza kwe-i akudingekile uma ngaphambilini ulayishe isithombe somsizi we-firmware, ngokwesiboneloample, ukubhalisa i-PUF.

4.9.2.3. Idatha Yomsizi Wohlelo Nokhiye Ogoqiwe we-QSPI Flash Memory
Usebenzisa i-Quartus Programming File Isixhumi esibonakalayo segraphical sokwakha isithombe sokuqala se-QSPI flash esiqukethe ukwahlukanisa kwe-PUF. Kufanele ukhiqize futhi uhlele sonke isithombe sohlelo lwe-flash ukuze ungeze ukwahlukanisa kwe-PUF ku-QSPI flash. Ukwakhiwa kwe-PUF

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 36

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Umfanekiso 9.

ukuhlukaniswa kwedatha nokusebenzisa idatha yomsizi we-PUF nokhiye ogoqiwe files yokukhiqiza isithombe esikhanyayo ayisekelwa ngoHlelo File Isixhumi esibonakalayo somugqa womyalo we-generator.
Izinyathelo ezilandelayo zibonisa ukwakha isithombe sohlelo lwe-flash ngedatha yomsizi we-PUF nokhiye ogoqiwe:
1. Ku File menu, chofoza Programming File Ijeneretha. Ekuphumeni Files ithebhu yenza ukukhetha okulandelayo:
a. Ngomndeni Wedivayisi khetha i-Agilex 7.
b. Ngemodi yokumisa khetha i-Active Serial x4.
c. Ukuze uthole uhla lwemibhalo lokuphumayo phequlula kokuphumayo kwakho file umkhombandlela. Lesi example isebenzisa okukhiphayo_files.
d. Ngegama, cacisa igama lohlelo file azokwenziwa. Lesi example isebenzisa okukhiphayo_file.
e. Ngaphansi Kwencazelo khetha ukuhlela files ukukhiqiza. Lesi exampikhiqiza i-JTAG Ukucushwa okungaqondile File (.jic) yokucushwa kwedivayisi kanye ne-Raw Binary File se-Programming Helper Image (.rbf) yesithombe somsizi wedivayisi. Lesi exampfuthi ikhetha iMemory Memory oyikhethayo File (.imephu) kanye nedatha ye-Raw Programming File (.rpd). Idatha yohlelo olungahluziwe file kuyadingeka kuphela uma uhlela ukusebenzisa umhleli wenkampani yangaphandle esikhathini esizayo.
Ukuhlela File Ijeneretha – Okukhiphayo Files Ithebhu - Khetha u-JTAG Ukucushwa Okungaqondile

Imodi Yokucushwa Komndeni Wedivayisi
Okukhiphayo file ithebhu
Uhla lwemibhalo lokuphumayo
JTAG Imephu Yenkumbulo Engaqondile (.jic). File I-Programming Helper Raw Programming Data
Kokufakayo Files, khetha okulandelayo: 1. Chofoza Engeza i-Bitstream bese upheqa ku-.sof yakho. 2. Khetha i-.sof yakho file bese uqhafaza Izakhiwo.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 37

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
a. Vula Vumela ithuluzi lokusayina. b. Ngokhiye Oyimfihlo file khetha i-.pem yakho file. c. Vula okuthi Qedela ukubethela. d. Ngokhiye Wokubethela file khetha i-.qek yakho file. e. Chofoza okuthi KULUNGILE ukuze ubuyele ewindini langaphambilini. 3. Ukuze ucacise idatha yakho yomsizi we-PUF file, chofoza Engeza Idatha eluhlaza. Shintsha i- Files yohlobo lwemenyu yokudonsela phansi kokuthi Umsebenzi Ongafihleki Womzimba We-Quartus File (*.puf). Phequlula ku-.puf yakho file. Uma usebenzisa kokubili i-IID PUF kanye ne-UDS IID PUF, phinda lesi sinyathelo ukuze .puf files ye-PUF ngayinye yengezwa njengokufakwayo files. 4. Ukucacisa ukhiye wakho we-AES ogoqiwe file, chofoza Engeza Idatha eluhlaza. Shintsha i- Files ohlobo lwemenyu yokudonsela phansi kukhiye Ogoqiwe we-Quartus File (*.wkey). Phequlula ku-.wkey yakho file. Uma usonge okhiye be-AES usebenzisa kokubili i-IID PUF ne-UDS IID PUF, phinda lesi sinyathelo ukuze .wkey files ye-PUF ngayinye yengezwa njengokufakwayo files.
Umfanekiso 10. Cacisa Okokufaka Files yokucushwa, ukufakazela ubuqiniso, kanye nokubethela

Engeza i-Bitstream Engeza Idatha eluhlaza
Izakhiwo
Ukhiye oyimfihlo file
Qedela ukhiye wokubethela
Kuthebhu Yedivayisi Yokuhlela, khetha okulandelayo: 1. Chofoza u-Engeza idivayisi bese ukhetha idivayisi yakho ye-flash ohlwini lwamafuleshi atholakalayo.
amadivaysi. 2. Khetha idivayisi yokumisa osanda kuyingeza bese uchofoza okuthi Engeza ukwahlukanisa. 3. Ebhokisini lengxoxo le-Hlela Ingxenye yokokufaka file bese ukhetha i-.sof yakho ku-
uhlu olwehliswayo. Ungagcina okumisiwe noma uhlele amanye amapharamitha ebhokisini lengxoxo elithi Hlela Ingxenye.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 38

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
Umfanekiso 11. Icacisa i-.sof Configuration Bitstream Partition yakho

Idivayisi yokumisa
Hlela ukwahlukanisa Engeza .sof file

Engeza ukwahlukanisa

4. Uma wengeza i-.puf kanye ne-.wkey njengokufakwayo files, i-Programming File I-generator idala ngokuzenzakalelayo ingxenye ye-PUF kudivayisi yakho yokucushwa. Ukugcina i-.puf kanye ne-.wkey engxenyeni ye-PUF, khetha ingxenye ye-PUF bese uchofoza okuthi Hlela. Ebhokisini lengxoxo ethi Hlela Ingxenye, khetha okuthi .puf kanye ne-.wkey yakho files ohlwini lokudonsela phansi. Uma ususa i-PUF partition, kufanele ususe futhi uphinde wengeze idivayisi yokulungiselela yoHlelo. File Ijeneretha yokudala enye ingxenye ye-PUF. Kufanele uqinisekise ukuthi ukhetha i-.puf ne-.wkey efanele file ye-IID PUF ne-UDS IID PUF, ngokulandelana.
Umfanekiso 12. Engeza i-.puf ne-.wkey files kuya ku-PUF Partition

Ukuhlukaniswa kwe-PUF

Hlela

Hlela ukwahlukanisa

I-Flash Loader

Khetha okuthi Khiqiza

5. Ngepharamitha ye-Flash Loader khetha umndeni wedivayisi ye-Intel Agilex 7 kanye negama ledivayisi elifana ne-Intel Agilex 7 OPN yakho.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 39

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
6. Chofoza okuthi Khiqiza ukuze ukhiqize okukhiphayo files oyicacisile kokuthi Okukhiphayo Fileithebhu.
7. Uhlelo File Ijeneretha ifunda i-.qek yakho file futhi ikukwazisa ngomshwana wakho wokungena. Thayipha umushwana wakho wokungena empendulweni yokwaziswa komushwana wokungena we-Enter QEK. Chofoza inkinobho ethi Enter.
8. Chofoza OK lapho Programming File Ijeneretha ibika ukukhiqizwa ngempumelelo.
Usebenzisa i-Intel Quartus Prime Programmer ukubhala isithombe sokuhlela se-QSPI kumemori ye-flash ye-QSPI. 1. Kumenyu ye-Intel Quartus Prime Tools khetha uMhleli. 2. KuMhleli, chofoza Ukusethwa kwezingxenyekazi zekhompuyutha bese ukhetha i-Intel exhunyiwe
Ikhebula Lokulanda le-FPGA. 3. Chofoza Engeza File bese upheqa ku-.jic yakho file.
Umfanekiso 13. Uhlelo .jic

Ukuhlela file

Uhlelo/ Lungiselela

JTAG scan chain
4. Susa ukukhetha ibhokisi elihlobene nesithombe Somsizi. 5. Khetha Uhlelo/Lungisa kokuphumayo kwe-.jic file. 6. Vula inkinobho yokuqala ukuze uhlele inkumbulo yakho ye-quad SPI flash. 7. Umjikelezo wamandla ebhodini lakho. Idizayini ihlelwe kumemori ye-quad SPI flash
idivayisi ngokulandelayo ilayisha ku-FPGA eqondiwe.
Kufanele ukhiqize futhi uhlele sonke isithombe sohlelo lwe-flash ukuze ungeze ukwahlukanisa kwe-PUF ku-quad SPI flash.
Uma i-PUF partition isivele ikhona ku-flash, kungenzeka ukusebenzisa i-Intel Quartus Prime Programmer ukuze ufinyelele ngokuqondile idatha yomsizi we-PUF kanye nokhiye ogoqiwe. files. Okwesiboneloampfuthi, uma ukwenza kusebenze kungasebenzi, kungenzeka ukuthi uphinde ubhalise i-PUF, uphinde ugoqe ukhiye we-AES, bese uhlela kuphela i-PUF. files ngaphandle kokuthi ubhale phezu kwayo yonke ifleshi.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 40

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
I-Intel Quartus Prime Programmer isekela impikiswano elandelayo yokusebenza ye-PUF files ekuhlukaniseni okwakukhona ngaphambili kwe-PUF:
· p: uhlelo
· v: qinisekisa
· r: sula
· b: isheke elingenalutho
Kufanele ulandele imikhawulo efanayo yokubhaliswa kwe-PUF, noma ngabe kukhona ukuhlukaniswa kwe-PUF.
1. Sebenzisa i-agumenti yokusebenza kwe-i ukuze ulayishe isithombe somsizi we-firmware wokuhlinzeka ngomsebenzi wokuqala. Okwesiboneloample, ukulandelana komyalo olandelayo kubhalisa kabusha i-PUF, phinda ugoqe ukhiye wempande we-AES, usule idatha yomsizi we-PUF endala nokhiye ogoqiwe, bese uhlela futhi uqinisekise idatha entsha yomsizi we-PUF kanye nokhiye wempande we-AES.
i-quartus_pgm -c 1 -mjtag -o “ei;new.puf;AGFB014R24A” quartus_pgm -c 1 -mjtag -cert_file=signed_aes.ccert -o “e;new.wkey;AGFB014R24A” quartus_pgm -c 1 -mjtag -o “r;old.puf” quartus_pgm -c 1 -mjtag -o “r;old.wkey” quartus_pgm -c 1 -mjtag -o “p;new.puf” quartus_pgm -c 1 -mjtag -o “p;new.wkey” quartus_pgm -c 1 -mjtag -o “v;new.puf” quartus_pgm -c 1 -mjtag -o “v;new.wkey”
4.9.2.4. Ukubuza Isimo Sokuqalisa Se-ID ye-PUF
Ngemva kokubhalisa i-Intrinsic ID PUF, bopha ukhiye we-AES, ukhiqize uhlelo lwe-flash files, futhi ubuyekeze i-quad SPI flash, ujikelezisa idivayisi yakho ukuze uqalise ukusebenzisa i-PUF nokumisa kusukela ku-bitstream ebethelwe. I-SDM ibika isimo sokwenza kusebenze i-PUF kanye nesimo sokucushwa. Uma ukwenza kusebenze i-PUF kwehluleka, i-SDM esikhundleni salokho ibika isimo sephutha le-PUF. Sebenzisa umyalo we-quartus_pgm ukuze ubuze isimo sokucushwa.
1. Sebenzisa umyalo olandelayo ukuze ubuze isimo sokuvula:
i-quartus_pgm -c 1 -mjtag -status -status_type=”CONFIG”
Nakhu u-sample okukhiphayo kusukela ekusebenziseni ngempumelelo:
Ulwazi (21597): Impendulo ye-CONFIG_STATUS Idivayisi isebenza ngemodi yomsebenzisi 00006000 RESPONSE_CODE=KULUNGILE, LENGTH=6 00000000 STATE=IDLE 00160300 Inguqulo C000007B MSEL=QSPI_USG=1, nSTACONTVID=1, nSTACONTVID=1, nSTACONTVID=XNUMX,
CLOCK_SOURCE=INTERNAL_PLL 0000000B CONF_DONE=1, INIT_DONE=1, CVP_DONE=0, SEU_ERROR=1 00000000 Indawo yephutha 00000000 Imininingwane yephutha Impendulo ye-PUF_STATUS 00002000 USER_STATUS 2 IID STATUS=PUF_ACTIVATION_SUCCESS,
RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0 00000500 UDS_IID STATUS=PUF_ACTIVATION_SUCCESS,
I-RELIABILITY_DIAGNOSTIC_SCORE=5, TEST_MODE=0

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 41

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Uma usebenzisa kuphela i-IID PUF noma i-UDS IID PUF, futhi ungahlelanga idatha yomsizi .puf file ku-PUF ku-flash ye-QSPI, leyo PUF ayenzi isebenze futhi isimo se-PUF sibonisa ukuthi idatha yomsizi we-PUF ayivumelekile. I-ex elandelayoampi-le ikhombisa isimo se-PUF lapho idatha yomsizi we-PUF ingahlelelwe noma i-PUF:
Impendulo ye-PUF_STATUS 00002000 RESPONSE_CODE=KULUNGILE, LENGTH=2 00000002 USER_IID STATUS=PUF_DATA_CORRUPTED,
RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0 00000002 UDS_IID STATUS=PUF_DATA_CORRUPTED,
I-RELIABILITY_DIAGNOSTIC_SCORE=0, TEST_MODE=0

4.9.2.5. Indawo ye-PUF ku-Flash Memory
Le yindawo ka PUF file yehlukile kumadizayini asekela i-RSU namadizayini angasisekeli isici se-RSU.

Ngemiklamo engayisekeli i-RSU, kufanele ufake i-.puf kanye ne-.wkey files uma udala izithombe ezikhanyayo ezibuyekeziwe. Kumadizayini asekela i-RSU, i-SDM ayizikhiphi izigaba zedatha ye-PUF phakathi nefekthri noma izibuyekezo zesithombe sohlelo lokusebenza.

Ithebula 2.

I-Flash Sub-Partitions Isakhiwo ngaphandle Kosekelo lwe-RSU

I-Flash Offset (ngamabhayithi)

Usayizi (ngamabhayithi)

Okuqukethwe

Incazelo

0K 256K

256K 256K

I-Firmware Yokulawula Ukucushwa Kwe-Firmware

I-Firmware esebenza ku-SDM.

512K

256K

I-Firmware Yokuphatha Ukucushwa

768K

256K

I-Firmware Yokuphatha Ukucushwa

32K

Idatha ye-PUF0

Isakhiwo sedatha yokugcina idatha yomsizi we-PUF kanye nekhophi yokhiye wempande ye-AES egoqwe nge-PUF engu-0

1M+32K

32K

Idatha ye-PUF1

Isakhiwo sedatha yokugcina idatha yomsizi we-PUF kanye nekhophi yokhiye wempande ye-AES egoqwe nge-PUF engu-1

Ithebula 3.

Isakhiwo se-Flash Sub-Partitions Nosekelo lwe-RSU

I-Flash Offset (ngamabhayithi)

Usayizi (ngamabhayithi)

Okuqukethwe

Incazelo

0K 512K

512K 512K

I-firmware yesinqumo Isinqumo se-firmware

I-Firmware yokukhomba nokulayisha isithombe esibaluleke kakhulu.

1m1.5m

512K 512K

I-firmware yesinqumo Isinqumo se-firmware

8K + 24K

Idatha yesinqumo se-firmware

Ukupheqa

Igcinelwe ukusetshenziswa kwe-firmware yesinqumo.

2M + 32K

32K

Kugcinelwe i-SDM

Kugcinelwe i-SDM.

2M + 64K

Iyaguquguquka

Isithombe sefekthri

Isithombe esilula osenzayo njengesipele uma zonke ezinye izithombe zohlelo lokusebenza zihluleka ukulayisha. Lesi sithombe sihlanganisa i-CMF esebenza ku-SDM.

Olandelayo

32K

Idatha ye-PUF0

Isakhiwo sedatha yokugcina idatha yomsizi we-PUF kanye nekhophi yokhiye wempande ye-AES egoqwe nge-PUF engu-0
waqhubeka...

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 42

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

I-Flash Offset (ngamabhayithi)

Usayizi (ngamabhayithi)

Okulandelayo +32K 32K

Okuqukethwe Ikhophi yedatha ye-PUF 1

Okulandelayo + 256K 4K Okulandelayo +32K 4K Okulandelayo +32K 4K

Ikhophi yethebula lengxenye engaphansi 0 Ikhophi yethebula lengxenye encane 1 ikhophi yebhulokhi yesikhombi se-CMF 0

Okulandelayo +32K _

Ikhophi ye-CMF pointer block 1

Okuguquguqukayo Okuguquguqukayo

Isithombe sohlelo lokusebenza 1 Isithombe sohlelo lokusebenza 2

4.9.3. Black Key Provisioning

Incazelo
Isakhiwo sedatha yokugcina idatha yomsizi we-PUF kanye nekhophi yokhiye wempande ye-AES egoqwe nge-PUF engu-1
Isakhiwo sedatha sokusiza ukuphathwa kwe-flash storage.
Uhlu lwezinkomba ezithombeni zohlelo lokusebenza ngokulandelana kokubalulekile. Uma ungeza isithombe, leso sithombe siba phezulu kakhulu.
Ikhophi yesibili yohlu lwezikhombisi zezithombe zohlelo lokusebenza.
Isithombe sakho sokuqala sohlelo lokusebenza.
Isithombe sakho sohlelo lokusebenza lwesibili.

Qaphela:

I-Intel Quartus PrimeProgrammer isiza ekusunguleni ukuxhumana okuvikelekile okugunyazwe ngokufanayo phakathi kwedivayisi ye-Intel Agilex 7 kanye nensizakalo yokuhlinzeka ngokhiye omnyama. Uxhumano oluvikelekile lusungulwa nge-https futhi ludinga izitifiketi ezimbalwa ezikhonjwe kusetshenziswa umbhalo file.
Uma usebenzisa i-Black Key Provisioning, i-Intel incoma ukuthi ugweme ukuxhuma iphinikhodi ye-TCK ngaphandle ukuze udonse noma udilize into ephikisayo ngenkathi usayisebenzisela u-J.TAG. Nokho, ungase uxhume iphinikhodi ye-TCK kumandla kagesi we-VCCIO SDM usebenzisa i-resistor engu-10 k. Isiqondiso esikhona Semihlahlandlela Yokuxhuma Iphinikhodi yokuxhuma i-TCK kusimelaphi sokudonsela phansi esingu-1 k sifakiwe ukuze kuncishwe umsindo. Ushintsho esiqondisweni sokumelana nokudonsa okungu-10 k akuthinti ukusebenza kwedivayisi. Ukuze uthole ulwazi olwengeziwe mayelana nokuxhuma iphinikhodi ye-TCK, bheka ku-Intel Agilex 7 Pin Connection Guidelines.
I-Thebkp_tls_ca_certcertificate ifakazela ubuqiniso isibonelo sakho sesevisi yokuhlinzeka ngokhiye omnyama kusibonelo sakho somhleli wokunikeza ukhiye omnyama. I-Thebkp_tls_*izitifiketi zifakazela ubuqiniso besibonelo sakho sohlelo lokunikeza ukhiye omnyama kusibonelo sakho sesevisi yokunikeza ukhiye omnyama.
Udala umbhalo file equkethe ulwazi oludingekayo ukuze i-Intel Quartus Prime Programmer ixhume kusevisi yokuhlinzeka ngokhiye omnyama. Ukuze uqalise ukunikezwa kokhiye omnyama, sebenzisa isixhumi esibonakalayo somugqa womyalo Womhleli ukuze ucacise umbhalo wezinketho zokunikeza ukhiye omnyama file. Ukunikezwa kokhiye omnyama bese kuqhubeka ngokuzenzakalelayo. Ukuze uthole ukufinyelela kusevisi yokunikeza ukhiye omnyama kanye nemibhalo ehlobene, sicela uthinte i-Intel Support.
Ungakwazi ukunika amandla ukunikezwa kokhiye omnyama usebenzisa i-thequartus_pgmcommand:
i-quartus_pgm -c -m – idivayisi –bkp_options=bkp_options.txt
Izimpikiswano zomyalo zicacisa ulwazi olulandelayo:

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 43

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

· -c: inombolo yekhebula · -m: icacisa imodi yokuhlela njenge-JTAG · -device: icacisa inkomba yedivayisi ku-JTAG iketango. Inani elizenzakalelayo ngu-1. · –bkp_options: icacisa umbhalo file equkethe izinketho zokunikeza ukhiye omnyama.
Ulwazi Oluhlobene Imihlahlandlela Yokuxhuma Iphinikhodi Yomndeni ye-Intel Agilex 7

4.9.3.1. Izinketho Zokuhlinzeka Ngokhiye Omnyama
Izinketho zokunikeza ukhiye omnyama umbhalo file kudluliselwe kuMhleli ngomyalo we-quartus_pgm. I file iqukethe ulwazi oludingekayo ukuze uqalise ukunikeza ukhiye omnyama.
Okulandelayo yi-example le-bkp_options.txt file:
bkp_cfg_id = 1 bkp_ip = 192.167.1.1 bkp_port = 10034 bkp_tls_ca_cert = root.cert bkp_tls_prog_cert = prog.cert bkp_tls_prog_key = prog_key.pexy_adk = https://1234:192.167.5.5 bkp_proxy_user = proxy_user bkp_proxy_password = proxy_password

Ithebula 4.

Izinketho Zokuhlinzeka Ngokhiye Omnyama
Leli thebula libonisa izinketho ezidingekayo ukuze uqalise ukunikezwa kokhiye omnyama.

Igama Lokukhetha

Uhlobo

Incazelo

bkp_ip

Kudingeka

Icacisa ikheli le-IP leseva elisebenzisa isevisi yokunikeza ukhiye omnyama.

bkp_port

Kudingeka

Icacisa imbobo yesevisi yokunikeza ukhiye omnyama odingekayo ukuze uxhume kuseva.

bkp_cfg_id

Kudingeka

Ihlonza i-ID yokulungiselelwa kokhiye omnyama wokulungiselela ukugeleza.
Isevisi yokunikeza ukhiye omnyama idala ukugeleza kokucushwa kokhiye omnyama ohlanganisa ukhiye wempande we-AES, izilungiselelo ezifiselekayo ze-eFuse, nezinye izinketho zokugunyazwa kokhiye omnyama. Inombolo enikezwe ngesikhathi sokusethwa kwesevisi yokunikeza ukhiye omnyama ikhomba ukugeleza kokulungiselelwa kokhiye omnyama.
Qaphela: Amadivayisi amaningi angase abhekisele ekugelezeni kokulungiselelwa kokhiye omnyama ofanayo.

bkp_tls_ca_cert

Kudingeka

Isitifiketi se-TLS esiyimpande esisetshenziselwa ukuhlonza izinsiza zokuhlinzeka ngokhiye omnyama ku-Intel Quartus Prime Programmer (Uhlelo). Isiphathimandla sesitifiketi esithenjwayo sesenzakalo sesevisi yokuhlinzeka ngokhiye omnyama sikhipha lesi sitifiketi.
Uma usebenzisa uMhleli kukhompyutha enesistimu yokusebenza ye-Microsoft® Windows® (Windows), kufanele ufake lesi sitifiketi esitolo sesitifiketi se-Windows.

bkp_tls_prog_cert

Kudingeka

Isitifiketi esidalelwe isibonelo soMklami wokunikeza ukhiye omnyama (BKP Programmer). Lesi yisitifiketi seklayenti le-https esisetshenziselwa ukukhomba lesi senzakalo somhleli we-BKP
waqhubeka...

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 44

Thumela Impendulo

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23

Igama Lokukhetha

Uhlobo

bkp_tls_prog_key

Kudingeka

bkp_tls_prog_key_pass Ngokuzithandela

bkp_proxy_address bkp_proxy_user bkp_proxy_password

Ongakukhetha Ongakukhetha

Incazelo
kusevisi yokuhlinzeka ngokhiye omnyama. Kufanele ufake futhi ugunyaze lesi sitifiketi kusevisi yokunikeza ukhiye omnyama ngaphambi kokuqala iseshini yokunikeza ukhiye omnyama. Uma usebenzisa i-Programmer ku-Windows, le nketho ayitholakali. Kulokhu, i-bkp_tls_prog_key isivele isihlanganisa lesi sitifiketi.
Ukhiye oyimfihlo ohambisana nesitifiketi soMhleli we-BKP. Ukhiye uqinisekisa ubunikazi besenzakalo soMhleli we-BKP kusevisi yokuhlinzeka ngokhiye omnyama. Uma usebenzisa i-Programmer ku-Windows, i-.pfx file ihlanganisa isitifiketi se-bkp_tls_prog_cert kanye nokhiye oyimfihlo. Inketho ye-bkp_tlx_prog_key idlula i-.pfx file kokuthi bkp_options.txt file.
Iphasiwedi yokhiye oyimfihlo we-bkp_tls_prog_key. Akudingeki kumbhalo wezinketho zokulungiselelwa kokhiye omnyama (bkp_options.txt). file.
Icacisa iseva elibamba URL ikheli.
Icacisa igama lomsebenzisi leseva elibamba.
Icacisa iphasiwedi yokuqinisekisa ummeleli.

4.10. Ukuguqula Ukhiye Wezimpande Zomnikazi, Izitifiketi Zokhiye We-AES Root, kanye ne-Fuse files kuya ku-Jam STPL File Amafomethi

Ungasebenzisa umyalo womugqa womyalo we-quartus_pfg ukuze uguqule okuthi .qky, ukhiye wempande we-AES .cert, kanye .fuse files kuya kuJam STAPL Ifomethi File (.jam) kanye nefomethi yekhodi ye-Jam Byte File (.jbc). Ungasebenzisa lezi files ukuhlela ama-Intel FPGAs kusetshenziswa i-Jam STAPL Player kanye ne-Jam STAPL Byte-Code Player, ngokulandelana.

I-.jam eyodwa noma i-.jbc iqukethe imisebenzi embalwa ehlanganisa ukulungiselelwa kwesithombe somsizi we-firmware nohlelo, ukuhlola okungenalutho, nokuqinisekiswa kokhiye nezinhlelo ze-fuse.

Isexwayiso:

Uma uguqula ukhiye wempande we-AES .cert file kufomethi ye-.jam, i-.jam file iqukethe ukhiye we-AES kumbhalo ongenalutho kodwa ngendlela engaqondakali. Ngakho-ke, kufanele uvikele i-.jam file lapho ugcina ukhiye we-AES. Ungakwenza lokhu ngokunikeza ukhiye we-AES endaweni evikelekile.

Nayi i-exampimiyalo yokuguqulwa kwe-quartus_pfg:

quartus_pfg -c -o helper_device=AGFB014R24A “root0.qky;root1.qky;root2.qky” RootKey.jam quartus_pfg -c -o helper_device=AGFB014R24A “root0.qqky;root_Key - c -o helper_device=AGFB1R2A aes.ccert aes_ccert.jam quartus_pfg -c -o helper_device=AGFB014R24A aes.ccert aes_ccert.jbc quartus_pfg -c -o amasethingi_i-AfurB014Ag24Frfuse fg -c -o helper_device=AGFB014R24A izilungiselelo. fuse settings_fuse.jbc

Ukuze uthole ulwazi olwengeziwe mayelana nokusebenzisa i-Jam STAPL Player yokuhlelwa kwedivayisi bheka ku-AN 425: Ukusebenzisa i-Command-Line Jam STAPL Solution Yokuhlela Kwedivayisi.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 45

4. Ukunikezwa Kwedivayisi 683823 | 2023.05.23
Qalisa imiyalo elandelayo ukuze uhlele ukhiye womphakathi wempande yomnikazi kanye nokhiye wokubethela we-AES:
//Ukulayisha i-bitstream yomsizi ku-FPGA. // I-bitstream yomsizi ihlanganisa ukuhlinzekwa kwe-firmware quartus_jli -c 1 -a CONFIGURE RootKey.jam
//Ukuze uhlele umnikazi wezimpande zokhiye womphakathi ku-eFuses ebonakalayo quartus_jli -c 1 -a PUBKEY_PROGRAM RootKey.jam
//Ukuze uhlele umnikazi wezimpande zokhiye womphakathi ku-eFuses ebonakalayo quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG RootKey.jam
//Ukuze uhlele umnikazi we-PR ongumsuka wokhiye womphakathi ku-eFuses ebonakalayo quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG pr_rootkey.jam
//Ukuze uhlele umnikazi we-PR ongumsuka wokhiye womphakathi ku-eFuses ephathekayo quartus_jli -c 1 -a PUBKEY_PROGRAM -e DO_UNI_ACT_DO_PR_PUBKEY_FLAG -e DO_UNI_ACT_DO_EFUSES_FLAG pr_rootkey.jam
//Ukuhlela ukhiye wokubethela we-AES we-CCERT ku-BBRAM quartus_jli -c 1 -a CCERT_PROGRAM EncKeyBBRAM.jam
//Ukuhlela ukhiye wokubethela we-AES we-CCERT ku-eFuses ephathekayo quartus_jli -c 1 -a CCERT_PROGRAM -e DO_UNI_ACT_DO_EFUSES_FLAG EncKeyEFuse.jam
Ulwazi Oluhlobene AN 425: Ukusebenzisa Isixazululo se-Command-Line Jam STAPL soHlelo Lwedivayisi

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 46

Thumela Impendulo

683823 | 2023.05.23 Thumela Impendulo

Izici Ezithuthukile

5.1. Vikela Ukugunyazwa Kokususa iphutha
Ukuze unike amandla Ukugunyazwa Kokususa Iphutha Okuvikelekile, umnikazi wokususa iphutha udinga ukwenza ukubhanqwa kokhiye bokuqinisekisa futhi asebenzise i-Intel Quartus Prime Pro Programmer ukuze akhiqize ulwazi lwedivayisi. file kudivayisi esebenzisa isithombe sokususa iphutha:
i-quartus_pgm -c 1 -mjtag -o “ei;device_info.txt;AGFB014R24A” -dev_info
Umnikazi wedivayisi usebenzisa ithuluzi le-quartus_sign noma ukusetshenziswa kwereferensi ukuze engezelele ukufakwa kukakhiye osesidlangalaleni onemibandela ochungechungeni lwesiginesha okuhloselwe ukusebenza kokususa iphutha kusetshenziswa ukhiye osesidlangalaleni ovela kumnikazi wokulungisa iphutha, ukugunyazwa okudingekayo, umbhalo wolwazi lwedivayisi. file, kanye neminye imikhawulo esebenzayo:
quartus_sign –family=agilex –operation=append_key –previous_pem=debug_chain_private.pem –previous_qky=debug_chain.qky –permission=0x6 –cancel=1 –dev_info=device_info.txt –restriction=”1,2,17,18t,XNUMX, debug_authorization_public_key.pem secure_debug_auth_chain.qky
Umnikazi wedivayisi uthumela uchungechunge lwesiginesha olugcwele emuva kumnikazi wokulungisa iphutha, osebenzisa uchungechunge lwesiginesha nokhiye wabo oyimfihlo ukuze asayine isithombe sokususa iphutha:
quartus_sign –family=agilex –operation=sign –qky=secure_debug_auth_chain.qky –pem=debug_authorization_private_key.pem unsigned_debug_design.rbf authorized_debug_design.rbf
Ungasebenzisa umyalo we-quartus_pfg ukuhlola uchungechunge lwesiginesha lwesigaba ngasinye salokhu okusayiniwe okuvikelekile kokususa iphutha kwe-bitstream kanje:
quartus_pfg -check_integrity authorized_debug_design.rbf
Okukhishwayo kwalo myalo kuphrinta amanani akhawulelwe 1,2,17,18 okhiye osesidlangalaleni onemibandela osetshenziswe ukukhiqiza i-bitstream esayiniwe.
Umnikazi wokulungisa iphutha angakwazi ke ukuhlela idizayini yokususa iphutha egunyazwe ngokuvikelekile:
i-quartus_pgm -c 1 -mjtag -o “p;authorized_debug_design.rbf”
Umnikazi wedivayisi angase ahoxise ukugunyazwa okuvikelekile kokususa iphutha ngokukhansela i-ID ecacile yokukhansela ukhiye enikezwe ochungechungeni lwesiginesha yokugunyaza ukususa iphutha.
5.2. Izitifiketi zokususa iphutha ze-HPS
Inika amandla ukufinyelela okugunyaziwe kuphela ku-HPS debug access port (DAP) nge-JTAG interface idinga izinyathelo ezimbalwa:

I-ISO 9001:2015 Ibhalisiwe

5. Izici Ezithuthukile 683823 | 2023.05.23
1. Chofoza imenyu ye-Intel Quartus Prime software Assignments bese ukhetha Idivayisi Yedivayisi kanye nethebhu yokucushwa yezinketho zokuphina.
2. Kuthebhu yokucushwa, nika amandla imbobo yokufinyelela yokulungisa iphutha ye-HPS (DAP) ngokukhetha amaphinikhodi e-HPS noma amaphinikhodi e-SDM kumenyu eyehlayo, nokuqinisekisa ukuthi ibhokisi lokuhlola elithi Vumela i-HPS ngaphandle kwezitifiketi alikhethiwe.
Umfanekiso 14. Cacisa Iphinikhodi ye-HPS noma ye-SDM ye-HPS DAP

Imbobo yokufinyelela yokususa iphutha ye-HPS (DAP)
Kungenjalo, ungasetha umsebenzi ozokwenziwa ngezansi kokuthi I-Quartus Prime Settings .qsf file:
set_global_assignment -igama HPS_DAP_SPLIT_MODE “SDM PINS”
3. Hlanganisa futhi ulayishe umklamo ngalezi zilungiselelo. 4. Dala uchungechunge lwesiginesha ngezimvume ezifanele zokusayina ukulungisa iphutha le-HPS
isitifiketi:
quartus_sign –family=agilex –operation=append_key –previous_pem=root_private.pem –previous_qky=root.qky –permission=0x8 –cancel=1 –input_pem=hps_debug_cert_public_key.pem hps_debug_cert
5. Cela isitifiketi esingasayiniwe sokususa iphutha se-HPS kudivayisi lapho idizayini yokususa iphutha ilayishwe khona:
i-quartus_pgm -c 1 -mjtag -o “e;unsigned_hps_debug.cert;AGFB014R24A”
6. Sayina isitifiketi sokususa iphutha se-HPS esingasayiniwe usebenzisa ithuluzi le-quartus_sign noma ukusetshenziswa kwereferensi kanye nochungechunge lwesiginesha yokususa iphutha ye-HPS:
quartus_sign –family=agilex –operation=sign –qky=hps_debug_cert_sign_chain.qky –pem=hps_debug_cert_private_key.pem unsigned_hps_debug.certsigned_hps_debug.cert

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 48

Thumela Impendulo

5. Izici Ezithuthukile 683823 | 2023.05.23
7. Thumela isitifiketi sokususa iphutha se-HPS esayiniwe emuva kudivayisi ukuze unike amandla ukufinyelela embobeni yokufinyelela yokususa iphutha ye-HPS (DAP):
i-quartus_pgm -c 1 -mjtag -o “p;signed_hps_debug.cert”
Isitifiketi sokususa iphutha se-HPS sisebenza kuphela kusukela ngesikhathi esakhiqizwa ngaso kuze kube umjikelezo wamandla olandelayo wedivayisi noma kuze kube yilapho kulayishwa uhlobo oluhlukile noma inguqulo ye-firmware ye-SDM. Kufanele ukhiqize, usayine, futhi uhlele isitifiketi sokususa iphutha se-HPS esayiniwe, futhi wenze yonke imisebenzi yokususa iphutha, ngaphambi kokusebenzisa amandla ngebhayisikili idivayisi. Ungase usenze singasebenzi isitifiketi sokususa iphutha se-HPS esayiniwe ngokuhambisa idivayisi ngamandla.
5.3. Ubufakazi Benkundla
Ungakwazi ukukhiqiza i-manifest yesithenjwa yobuqotho (.rim) file usebenzisa uhlelo file ithuluzi generator:
quartus_pfg -c sign_encrypted_top.rbf top_rim.rim
Landela lezi zinyathelo ukuze uqinisekise ubufakazi beplathifomu ekwakhiweni kwakho: 1. Sebenzisa i-Intel Quartus Prime Pro Programmer ukuze ulungiselele idivayisi yakho nge
idizayini odalele yona i-manifest yesithenjwa yobuqotho. 2. Sebenzisa isiqinisekisi sobufakazi senkundla ukuze ubhalise idivayisi ngokukhipha imiyalo ku-
I-SDM ngebhokisi leposi le-SDM ukuze udale isitifiketi se-ID yedivayisi nesitifiketi se-firmware ekulayisheni kabusha. 3. Sebenzisa i-Intel Quartus Prime Pro Programmer ukuze ulungise kabusha idivayisi yakho ngomklamo. 4. Sebenzisa isiqinisekisi sobufakazi senkundla ukuze ukhiphe imiyalo ku-SDM ukuze uthole i-ID yedivayisi yobufakazi, i-firmware, nezitifiketi ze-alias. 5. Sebenzisa isiqinisekisi sobufakazi ukuze ukhiphe umyalo webhokisi leposi le-SDM ukuze uthole ubufakazi bokufakazela futhi oqinisekisayo ahlole ubufakazi obubuyisiwe.
Ungase usebenzise eyakho isevisi yokuqinisekisa usebenzisa imiyalo yebhokisi leposi le-SDM, noma usebenzise isevisi yokuqinisekisa yenkundla ye-Intel. Ukuze uthole ulwazi olwengeziwe mayelana nesofthiwe yesevisi yokuqinisekisa yesiqiniseko seplathifomu ye-Intel, ukutholakala, kanye nemibhalo, xhumana ne-Intel Support.
Ulwazi Oluhlobene Imihlahlandlela Yokuxhuma Iphinikhodi Yomndeni ye-Intel Agilex 7
5.4. I-Physical Anti-Tamper
Unika amandla i-anti-t ebonakalayoampizici usebenzisa lezi zinyathelo ezilandelayo: 1. Ukukhetha impendulo oyifunayo ku-t etholiweampumcimbi 2. Ukulungisa okufunayo tampizindlela zokuthola amapharamitha 3. Kubandakanya i-anti-tamper IP kumqondo wedizayini yakho ukusiza ukuphatha i-anti-tamper
imicimbi

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 49

5. Izici Ezithuthukile 683823 | 2023.05.23
5.4.1. I-Anti-Tamper Izimpendulo
Unika amandla i-anti-t ebonakalayoamper ngokukhetha impendulo ku-Anti-tampimpendulo yakho: uhlu olwehliswayo Kudivayisi Yedivayisi Yemisebenzi Ezokwenziwa kanye Nezinketho Zokuphina Ukuvikela I-Anti-Tampithebhu. Ngokuzenzakalelayo, i-anti-tampimpendulo ye-er ivaliwe. Izigaba ezinhlanu ze-anti-tampimpendulo ziyatholakala. Uma ukhetha impendulo oyifunayo, izinketho zokuvumela indlela yokuthola eyodwa noma eziningi zinikwe amandla.
Umfanekiso 15. I-Anti-T etholakalayoamper Izinketho Zokuphendula

Umsebenzi ozokwenziwa ohambelanayo kuzilungiselelo ze-Quartus Prime .gsf file yilokhu okulandelayo:
set_global_assignment -igama elithi ANTI_TAMPER_RESPONSE “IDIVAYISI YESAZISO SULA UKUKHIWA KWEDIVAYISI KANYE NO-ZEROIZATION”
Uma uvula i-anti-tamper impendulo, ungase ukhethe izikhonkwane ezimbili ze-SDM ezinikezelwe ze-I/O ukuze ukhiphe i-tampukutholwa komcimbi nesimo sokuphendula kusetshenziswa Idivayisi Yedivayisi Yomsebenzi Wokunikwa kanye newindi lezinketho zokuphina Izinketho Zokumisa Izinketho zokucushwa.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 50

Thumela Impendulo

5. Izici Ezithuthukile 683823 | 2023.05.23
Umfanekiso 16. Amaphinikhodi e-SDM atholakalayo e-I/O ka-Tamper Ukutholwa komcimbi

Ungakwazi futhi ukwenza iphinikhodi elandelayo kuzilungiselelo file: set_global_assignment -igama USE_TAMPER_DETECT SDM_IO15 set_global_assignment -igama ANTI_TAMPER_RESPONSE_FAILED SDM_IO16

5.4.2. I-Anti-Tamper Ukutholwa

Ungavumela ngokwakho imvamisa, izinga lokushisa, kanye nevolumutagizici zokutholwa kwe-SDM. Ukutholwa kwe-FPGA kuncike ekufakeni i-Anti-Tamper Lite Intel FPGA IP kumklamo wakho.

Qaphela:

Imvamisa ye-SDM kanye nevolumutagetampIzindlela zokutholwa zincike kumareferensi angaphakathi nehadiwe yokulinganisa engahluka kuwo wonke amadivayisi. I-Intel incoma ukuthi ubonise ukuziphatha kwe-tampizilungiselelo zokutholwa.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 51

5. Izici Ezithuthukile 683823 | 2023.05.23
Imvamisa tampukutholwa kwe-er kusebenza kumthombo wewashi lokumisa. Ukuze unike amandla imvamisa tampUkutholwa kwakho, kufanele ucacise inketho ngaphandle kwe-Oscillator Yangaphakathi kokuthi Ukucushwa komthombo womthombo wewashi kuthebhu Yedivayisi Yemisebenzi Ezokwenziwa kanye Nezinketho Zokuphina Okujwayelekile ithebhu. Kufanele uqinisekise ukuthi i-Run configuration CPU ebhokisini lokuhlola le-oscillator yangaphakathi ivuliwe ngaphambi kokunika amandla i-t frequency.ampukutholwa kwe-er. Umfanekiso 17. Ukusetha i-SDM ku-Oscillator Yangaphakathi
Ukuze unike amandla imvamisa tampukutholwa, khetha okuthi Vumela imvamisa tampukuthola ibhokisi lokuhlola bese ukhetha i-Frequency oyifunayo tampukutholwa kwebanga kusuka kumenyu eyehlayo. Umfanekiso 18. Ukunika amandla Imvamisa Tamper Ukutholwa

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 52

Thumela Impendulo

5. Izici Ezithuthukile 683823 | 2023.05.23
Kungenjalo, ungavumela iFrequency Tamper Ukutholwa ngokwenza izinguquko ezilandelayo ku-Quartus Prime Settings .qsf file:
set_global_assignment -igama AUTO_RESTART_CONFIGURATION OFF set_global_assignment -igama DEVICE_INITIALIZATION_CLOCK OSC_CLK_1_100MHZ set_global_assignment -igama RUN_CONFIG_CPU_FROMCYCY_OSC ON set_nameFENLE_assignmentAMPER_DETECTION KU-set_global_assignment -igama elithi FREQUENCY_TAMPER_DETECTION_RANGE 35
Ukuze unike amandla izinga lokushisa tampukutholwa, khetha okuthi Vumela izinga lokushisa tamper ukuthola ibhokisi lokuhlola bese ukhetha izinga lokushisa olifunayo imingcele ephezulu nephansi ezinkambini ezihambisanayo. Imingcele engaphezulu nephansi igcwaliswa ngokuzenzakalela ngebanga lokushisa elihlobene ledivayisi ekhethiwe ekwakhiweni.
Ukuze unike amandla i-voltagetampukutholwa kwakho, ukhetha okukodwa noma kokubili kwe-Vumela i-VCCL voltagetampukutholwa noma Nika amandla i-VCCL_SDM voltagetamper ukuthola amabhokisi okuhlola bese ukhetha i-Vol oyifunayotagetampukutholwa kwephesenti le-triggertage emkhakheni ohambelana nawo.
Umfanekiso 19. Ukunika amandla Umqtage Tamper Ukutholwa

Kungenjalo, ungavumela i-Voltage Tamper Ukutholwa ngokucacisa imisebenzi elandelayo ku-.qsf file:
set_global_assignment -igama ENABLE_TEMPERATURE_TAMPER_DETECTION KU-set_global_assignment -igama TEMPERATURE_TAMPER_UPPER_BOUND 100 set_global_assignment -igama ENABLE_VCCL_VOLTAGE_TAMPER_DETECTION KU-set_global_assignment -igama ENABLE_VCCL_SDM_VOLTAGE_TAMPER_DETECTION VULIWE
5.4.3. I-Anti-TampI-Lite Intel FPGA IP
I-Anti-TampI-er Lite Intel FPGA IP, etholakala kukhathalogi ye-IP kusofthiwe ye-Intel Quartus Prime Pro Edition, yenza kube lula ukuxhumana phakathi komklamo wakho kanye ne-SDM ye-tamper imicimbi.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 53

Umfanekiso 20. Anti-TampI-Lite Intel FPGA IP

5. Izici Ezithuthukile 683823 | 2023.05.23

I-IP inikeza amasiginali alandelayo owaxhuma kumklamo wakho njengoba kudingeka:

Ithebula 5.

I-Anti-Tamper Lite Intel FPGA IP I/O Amasignali

Igama Lesignali

Isiqondiso

Incazelo

gpo_sdm_at_event gpi_fpga_at_event

Wokufaka wokufaka

Isignali ye-SDM eya kulogic yendwangu ye-FPGA i-SDM etholwe kuyoamper umcimbi. Umqondo we-FPGA unokulinganiselwa ku-5ms ukwenza noma yikuphi ukuhlanza okufunayo nokuphendula i-SDM nge-gpi_fpga_at_response_done kanye ne-gpi_fpga_at_zeroization_done. I-SDM iqhubeka ne-tamper izenzo zokuphendula lapho i-gpi_fpga_at_response_done igonyelwa noma ngemva kokuthi kungekho mpendulo eyamukelwe ngesikhathi esinikeziwe.
I-FPGA iphazamisa ku-SDM eklanyelwe i-anti-t yakhoampUkutholwa kwe-er kutholwe ku-ampumcimbi kanye ne-SDM tampimpendulo kumele icushwe.

gpi_fpga_at_response_done

Okokufaka

I-FPGA iphazamisa ku-SDM leyo logic ye-FPGA yenze ukuhlanza obekufisa.

gpi_fpga_at_zeroization_d eyodwa

Okokufaka

Isibonakaliso se-FPGA ku-SDM sokuthi ingqondo ye-FPGA isiqede noma yikuphi ukumisa okufiswayo kwedatha yokuklama. Lesi siginali yi-sampiholwa uma i-gpi_fpga_at_response_done igonyelwa.

5.4.3.1. Khipha Ulwazi

Inombolo ye-IP versioning scheme (XYZ) iyashintsha isuka kwenye inguqulo yesofthiwe iye kwenye. Ushintsho ku:
· X ikhombisa ukubuyekezwa okukhulu kwe-IP. Uma ubuyekeza isofthiwe yakho ye-Intel Quartus Prime, kufanele uvuselele i-IP.
· U-Y ukhombisa i-IP ihlanganisa izici ezintsha. Khiqiza kabusha i-IP yakho ukuze ufake lezi zici ezintsha.
· Z ikhombisa i-IP ihlanganisa izinguquko ezincane. Khiqiza kabusha i-IP yakho ukuze ufake lezi zinguquko.

Ithebula 6.

I-Anti-Tamper Lite Intel FPGA IP Ulwazi Lokukhishwa

Inguqulo ye-IP

Into

Incazelo 20.1.0

Inguqulo ye-Intel Quartus Prime

21.2

Usuku lokukhulula

2021.06.21

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 54

Thumela Impendulo

5. Izici Ezithuthukile 683823 | 2023.05.23
5.5. Ukusebenzisa Izici Zokuvikela Zokuklama Ngesibuyekezo Sesistimu Ekude
I-Remote System Update (RSU) iyisici se-Intel Agilex 7 FPGAs esiza ekubuyekezeni ukucushwa. files ngendlela eqinile. I-RSU ihambisana nezici zokuphepha zedizayini ezifana nokuqinisekisa, ukusayinda ngokubambisana kwe-firmware, nokubethela kwe-bitstream njengoba i-RSU ingancikile ekuklanyweni kokuqukethwe kokucushwa kwe-bitstreams.
Ukwakha Izithombe ze-RSU nge-.sof Files
Uma ugcina okhiye abayimfihlo endaweni yangakini fileohlelweni, ungase ukhiqize izithombe ze-RSU ezinezici zokuphepha zedizayini usebenzisa ukugeleza okwenziwe lula nge-.sof files njengamagalelo. Ukukhiqiza izithombe ze-RSU nge-.sof file, ungase ulandele imiyalelo esesigabeni esikhiqiza isithombe sokubuyekeza isistimu yesilawuli kude Files Ukusebenzisa i-Programming File I-Generator ye-Intel Agilex 7 Configuration User Guide. Kuwo wonke .sof file kucaciswe Kokufaka Files, chofoza inkinobho Yezakhiwo… bese ucacise izilungiselelo ezifanele nezikhiye zamathuluzi okusayina nawokubethela. Uhlelo file Ithuluzi lokukhiqiza lisayina ngokuzenzakalelayo futhi libethele izithombe zefekthri nezohlelo lokusebenza ngenkathi lidala uhlelo lwe-RSU files.
Noma, uma ugcina okhiye abayimfihlo ku-HSM, kufanele usebenzise ithuluzi le-quartus_sign bese usebenzisa i-.rbf files. Okunye kwalesi sigaba imininingwane yezinguquko ekugelezeni kokukhiqiza izithombe ze-RSU nge-.rbf files njengamagalelo. Kumelwe ubethele futhi usayine ifomethi ye-.rbf files ngaphambi kokuwakhetha njengokufaka files yezithombe ze-RSU; Nokho, ulwazi lwe-RSU yokuqalisa file akumele ibethelwe futhi esikhundleni salokho isayinwe kuphela. I-Programming File Ijeneretha ayikusekeli ukuguqula izakhiwo zefomethi ye-.rbf files.
I-ex elandelayoampLes ibonise izinguquko ezidingekayo kumiyalo EseSigabeni Esikhiqiza Isithombe Sokubuyekeza Isistimu Ekude Files Ukusebenzisa i-Programming File I-Generator ye-Intel Agilex 7 Configuration User Guide.
Ikhiqiza Isithombe sokuqala se-RSU Ngokusebenzisa i-.rbf Files: Ukuguqulwa komyalo
Kusukela Ekukhiqizeni Isithombe sokuqala se-RSU Ukusebenzisa i-.rbf Files, lungisa imiyalo ku-Isinyathelo 1. ukuze unike amandla izici zokuphepha zedizayini njengoba kudingekile usebenzisa iziqondiso ezivela ezingxenyeni zangaphambili zalo mbhalo.
Okwesiboneloample, uzocacisa i-firmware esayiniwe file uma ubusebenzisa ukusayina kwe-firmware, bese usebenzisa ithuluzi lokubethela le-Quartus ukuze ubethele i-.rbf ngayinye. file, futhi ekugcineni usebenzise ithuluzi le-quartus_sign ukuze usayine ngayinye file.
Esinyathelweni sesi-2, uma unike amandla ukusayinda ngokubambisana kwe-firmware, kufanele usebenzise inketho eyengeziwe ekudaleni ibhuthi .rbf kusukela kusithombe sasekuqaleni. file:
quartus_pfg -c factory.sof boot.rbf -o rsu_boot=ON -o fw_source=signed_agilex.zip
Ngemva kokudala ulwazi lokuqalisa .rbf file, sebenzisa ithuluzi le-quartus_sign ukuze usayine i-.rbf file. Akumele ubethele ulwazi lokuqalisa .rbf file.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 55

5. Izici Ezithuthukile 683823 | 2023.05.23
Ikhiqiza isithombe sohlelo lokusebenza: Ukuguqulwa komyalo
Ukuze ukhiqize isithombe sohlelo lokusebenza esinezici zokuphepha zedizayini, ushintsha umyalo Ekukhiqizeni Isithombe Sohlelo lokusebenza ukuze usebenzise i-.rbf enezici zokuphepha zedizayini ezinikwe amandla, okuhlanganisa i-firmware esayinwe ngokuhlanganyela uma kudingeka, esikhundleni sohlelo lokusebenza lwangempela .sof file:
quartus_pfg -c cosigned_fw_signed_encrypted_application.rbf secured_rsu_application.rpd -o mode=ASX4 -o bitswap=ON
Ikhiqiza Isithombe Sokuvuselela Ifekthri: Ukuguqulwa Komyalo
Ngemva kokudala ulwazi lokuqalisa .rbf file, usebenzisa ithuluzi le-quartus_sign ukuze usayine i-.rbf file. Akumele ubethele ulwazi lokuqalisa .rbf file.
Ukuze ukhiqize isithombe sokubuyekeza imboni ye-RSU, uguqula umyalo ovela kokuthi Ukukhiqiza Isithombe Sokuvuselela Ifekthri ukuze usebenzise i-.rbf file ngezici zokuphepha zedizayini ezinikwe amandla futhi wengeze inketho yokubonisa ukusetshenziswa kwe-firmware esayinwe ngokuhlanganyela:
quartus_pfg -c cosigned_fw_signed_encrypted_factory.rbf secured_rsu_factory_update.rpd -o mode=ASX4 -o bitswap=ON -o rsu_upgrade=ON -o fw_source=signed_agilex.zip
Ulwazi Oluhlobene I-Intel Agilex 7 Umhlahlandlela Womsebenzisi Wokucushwa
5.6. Izinsizakalo ze-SDM Cryptographic
I-SDM kumadivayisi we-Intel Agilex 7 inikeza ngamasevisi e-cryptographic leyo logic yendwangu ye-FPGA noma i-HPS engase iyicele ngesixhumi esibonakalayo sebhokisi leposi le-SDM. Ukuze uthole ulwazi olwengeziwe mayelana nemiyalo yebhokisi lemeyili namafomethi edatha yawo wonke amasevisi e-cryptographic e-SDM, bheka Isithasiselo B ku-Security Methodology ye-Intel FPGAs kanye Nomhlahlandlela Womsebenzisi We-Structured ASICs.
Ukuze ufinyelele isixhumi esibonakalayo sebhokisi leposi le-SDM kumqondo wendwangu ye-FPGA yezinsizakalo ze-cryptographic ze-SDM, kufanele uqinisekise Iklayenti le-Intel FPGA IP ekwakhiweni kwakho.
Ikhodi eyireferensi yokufinyelela kusixhumi esibonakalayo sebhokisi leposi le-SDM kusuka ku-HPS ifakiwe kukhodi ye-ATF ne-Linux ehlinzekwa yi-Intel.
Ulwazi Oluhlobene Ibhokisi lemeyili Iklayenti Intel FPGA IP Umhlahlandlela Womsebenzisi
5.6.1. Umthengisi Ogunyaziwe Wokuqalisa
I-Intel ihlinzeka ngokusetshenziswa kwereferensi yesofthiwe ye-HPS esebenzisa isici sokuqalisa esigunyaziwe somthengisi ukuze kugunyazwe isofthiwe yokuqalisa ye-HPS kusukela ekuqaleni kwesigaba sokuqala.tage-boot loader idlulele ku-Linux kernel.
Ulwazi Oluhlobene I-Intel Agilex 7 SoC Secure Boot Demo Design

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 56

Thumela Impendulo

5. Izici Ezithuthukile 683823 | 2023.05.23
5.6.2. Vikela Isevisi Yento Yedatha
Uthumela imiyalo ngebhokisi leposi le-SDM ukuze wenze ukubethela kwento ye-SDOS kanye nokususa ukubethela. Ungasebenzisa isici se-SDOS ngemva kokunikeza ukhiye wempande we-SDOS.
Ulwazi Oluhlobene Isevisi Yedatha Yento Evikelekile Yokuhlinzeka Ngokhiye ekhasini 30
5.6.3. I-SDM Cryptographic Primitive Services
Uthumela imiyalo ngebhokisi leposi le-SDM ukuze uqalise imisebenzi ye-SDM cryptographic cryptographic primitive service. Ezinye izinsiza ze-cryptographic primitive zidinga ukuthi idatha eningi idluliselwe futhi isuke ku-SDM kunalokho okungamukelwa isixhumi esibonakalayo sebhokisi lemeyili. Kulezi zimo, umyalo wefomethi uyashintsha ukuze unikeze izikhombisi kudatha esenkumbulweni. Ukwengeza, kufanele uguqule ukumiswa kweKlayenti le-Intel FPGA IP Yebhokisi Lemeyili ukuze usebenzise izinsizakalo ze-SDM cryptographic primitive kusukela kungqondongqondo yendwangu ye-FPGA. Kufanele futhi usethe ipharamitha ye-Vumela i-Crypto Service ibe ngu-1 futhi uxhume isixhumi esibonakalayo esisanda kudalulwa se-AXI kumemori eklanyweni yakho.
Umfanekiso 21. Ukunika amandla Izinsizakalo Ze-Cryptographic ze-SDM Ebhokisini Lemeyili Iklayenti Intel FPGA IP

5.7. Izilungiselelo Zokuphepha ze-Bitstream (FM/S10)
Izinketho zokuphepha ze-FPGA Bitstream ziyiqoqo lezinqubomgomo ezikhawulela isici esishiwo noma indlela yokusebenza phakathi nesikhathi esichaziwe.
Izinketho Zokuphepha ze-Bitstream zihlanganisa amafulegi owasetha kusofthiwe ye-Intel Quartus Prime Pro Edition. Lawa mafulegi akopishwa ngokuzenzakalelayo kuma-bitstreams wokucushwa.
Ungaphoqelela unomphela izinketho zokuphepha ocingweni ngokusebenzisa izilungiselelo ezihambisanayo zokuphepha ze-eFuse.
Ukuze usebenzise noma yiziphi izilungiselelo zokuphepha ku-bitstream yokucushwa noma i-eFuses yedivayisi, kufanele unike amandla isici sokuqinisekisa.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 57

5. Izici Ezithuthukile 683823 | 2023.05.23
5.7.1. Ukukhetha kanye Nokunika amandla Izinketho Zokuvikela
Ukukhetha futhi unike amandla izinketho zokuphepha, yenza lokhu okulandelayo: Kumenyu yezabelo, khetha Idivaysi Yedivayisi bese Uphina Izinketho Zokuvikeleka Izinketho Eziningi... Umfanekiso 22. Ukukhetha Nokuvumela Izinketho Zokuvikela.

Bese ukhetha amanani ohlwini lokudonsela phansi lezinketho zokuphepha ofuna ukuzinika amandla njengoba kukhonjisiwe ku-ex elandelayo.ample:
Umfanekiso 23. Ukukhetha Amanani Ezinketho Zokuvikela

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 58

Thumela Impendulo

5. Izici Ezithuthukile 683823 | 2023.05.23
Okulandelayo izinguquko ezihambisanayo ku-Quartus Prime Settings .qsf file:
set_global_assignment -igama SECU_OPTION_DISABLE_JTAG “ON CHECK” set_global_assignment -name SECU_OPTION_FORCE_ENCRYPTION_KEY_UPDATE “ON STICKY” set_global_assignment -igama SECU_OPTION_FORCE_SDM_CLOCK_TO_INT_OSC ON set_global_assignment -igama SECU_OPTION_FUSBLEN_DISALTU set_global_assignment -igama SECU_OPTION_LOCK_SECURITY_EFUSES ON set_global_assignment -igama SECU_OPTION_DISABLE_HPS_DEBUG KU-set_global_assignment -igama SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES_igama_igama SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES KU-set_global_assignment -igama SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_EFUSES KU-set_global_assignment -igama SECU_OPTION_DISABLE_ENCRYPTION_igama lembulunga yonke FYES_INCRYPTION_KEYES_IN SECU_OPTION_DISABLE_ENCRYPTION_KEY_IN_BBRAM KU-set_global_assignment -igama SECU_OPTION_DISABLE_PUF_WRAPPED_ENCRYPTION_KEY IVULIWE

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 59

683823 | 2023.05.23 Thumela Impendulo

Ukuxazulula inkinga

Lesi sahluko sichaza amaphutha avamile nemilayezo yesixwayiso ongahlangabezana nayo ngenkathi uzama ukusebenzisa izici zokuphepha zedivayisi nezilinganiso zokuzixazulula.
6.1. Ukusebenzisa I-Quartus Commands Ephutheni Lendawo Ye-Windows
Iphutha quartus_pgm: umyalo awutholakali Isixazululo Lo myalo usebenza endaweni ye-Linux; Kosokhaya be-Windows, sebenzisa umyalo olandelayo: quartus_pgm.exe -h Ngokufanayo, sebenzisa i-syntax efanayo kweminye imiyalo ye-Quartus Prime efana ne-quartus_pfg, i-quartus_sign, i-quartus_encrypt phakathi kweminye imiyalo.

I-ISO 9001:2015 Ibhalisiwe

6. Ukuxazulula inkinga 683823 | 2023.05.23

6.2. Ikhiqiza Isexwayiso Sokhiye Oyimfihlo

Isexwayiso:

Iphasiwedi eshiwo ithathwa njengengavikelekile. I-Intel incoma ukuthi okungenani kusetshenziswe izinhlamvu eziyi-13 zephasiwedi. Uyanconywa ukuthi uguqule iphasiwedi ngokusebenzisa i-OpenSSL esebenzisekayo.

openssl ec -in -phuma - awu256

Incazelo
Lesi sexwayiso sihlobene namandla ephasiwedi nezibonisi lapho uzama ukukhiqiza ukhiye oyimfihlo ngokukhipha imiyalo elandelayo:

quartus_sign -family=agilex -operation=make_private_pem -curve=secp3841 root.pem

Ukulungiswa Sebenzisa i-openssl esebenzisekayo ukuze ucacise iphasiwedi ende futhi enamandla.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 61

6. Ukuxazulula inkinga 683823 | 2023.05.23
6.3. Ukwengeza Ukhiye Wokusayina Ephutha Lephrojekthi Ye-Quartus
Iphutha...File iqukethe ulwazi lwe-root key...
Incazelo
Ngemva kokwengeza ukhiye wokusayina .qky file kuphrojekthi ye-Quartus, udinga ukuhlanganisa kabusha i-.sof file. Uma ungeza lokhu okuvuselelwe .sof file kudivayisi ekhethiwe ngokusebenzisa i-Quartus Programmer, umyalezo wephutha olandelayo ubonisa ukuthi file iqukethe ulwazi lwe-root key:
Yehlulekile ukungezafile-path-name> kuMhleli. I file iqukethe ulwazi lokhiye wezimpande (.qky). Nokho, uMhleli wezinhlelo akasekeli isici sokusayina se-bitstream. Ungasebenzisa i-Programming File I-generator ukuguqula i- file kubhambathiso olusayiniwe lweRaw file (.rbf) ukuze icushwe.
Isixazululo
Sebenzisa i-Quartus Programming file generator ukuguqula i- file ku-Raw Binary esayiniwe File .rbf yokucushwa.
Ulwazi Oluhlobene Ukusayinda Ukumisa I-Bitstream Ukusebenzisa i-quartus_sign Command ekhasini 13

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 62

Thumela Impendulo

6. Ukuxazulula inkinga 683823 | 2023.05.23
6.4. Ikhiqiza i-Quartus Prime Programming File Ayiphumelelanga
Iphutha
Iphutha (20353): U-X wokhiye wasesidlangalaleni osuka ku-QKY awufani nokhiye oyimfihlo ovela ku-PEM file.
Iphutha (20352): Yehlulekile ukusayina i-bitstream nge-python script agilex_sign.py.
Iphutha: I-Quartus Prime Programming File Ijeneretha ayiphumelelanga.
Incazelo Uma uzama ukusayina i-bitstream yokumisa usebenzisa ukhiye oyimfihlo ongalungile .pem file noma i.pem file lokho okungafani ne-.qky engezwe kuphrojekthi, amaphutha avamile angenhla aboniswa. Ukulungiswa Qinisekisa ukuthi usebenzisa ukhiye oyimfihlo olungile .pem ukuze usayine i-bitstream.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 63

6. Ukuxazulula inkinga 683823 | 2023.05.23
6.5. Amaphutha Engxabano Angaziwa
Iphutha
Iphutha (23028): Impikiswano engaziwa “ûc”. Bheka -usizo ngezimpikiswano zomthetho.
Iphutha (213008): Iyunithi yezinhlamvu yenketho yokuhlela ethi “ûp” ayikho emthethweni. Bheka ku--help ukuze uthole amafomethi okukhethwa kukho kokuhlela okusemthethweni.
Uma ukopisha futhi unamathisele izinketho zomugqa womyalo ku-.pdf file ku-Windows NIOS II Shell, ungase uhlangane namaphutha engxabano angaziwa njengoba kukhonjisiwe ngenhla. Isixazululo Ezimweni ezinjalo, ungakwazi ukufaka imiyalo ngokwakho esikhundleni sokunamathisela ebhodini lokunamathisela.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 64

Thumela Impendulo

6. Ukuxazulula inkinga 683823 | 2023.05.23
6.6. Iphutha Lokubethela Kwe-Bitstream Iphutha
Iphutha
Ayikwazi ukuqedela ukubethela kwe file design .sof ngoba ihlanganiswe nenketho yokubethela ye-bitstream ivaliwe.
Uma uzama ukubethela i-bitstream nge-GUI noma ngomugqa womyalo ngemva kokuhlanganisa iphrojekthi nenketho yokubethela ye-bitstream ivaliwe, u-Quartus wenqaba umyalo njengoba kuboniswe ngenhla.
Isixazululo Qinisekisa ukuthi uhlanganisa iphrojekthi ngenketho yokubethela kwe-bitstream enikwe amandla nge-GUI noma ngomugqa womyalo. Ukuze unike amandla le nketho ku-GUI, kufanele uqoke ibhokisi lokuhlola lale nketho.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 65

6. Ukuxazulula inkinga 683823 | 2023.05.23
6.7. Icacisa Indlela Elungile Eya Kukhiye
Iphutha
Iphutha (19516): Kutholwe Ukuhlela File Iphutha lezilungiselelo ze-generator: Ayikwazi ukuthola 'key_file'. Qiniseka ukuthi file itholakala endaweni elindelwe noma ubuyekeze izilungiselelo.sec
Iphutha (19516): Kutholwe Ukuhlela File Iphutha lezilungiselelo ze-generator: Ayikwazi ukuthola 'key_file'. Qiniseka ukuthi file itholakala endaweni elindelwe noma ubuyekeze isilungiselelo.
Incazelo
Uma usebenzisa okhiye abagcinwe ku- file ohlelweni, udinga ukuqinisekisa ukuthi bacacisa indlela elungile yokhiye abasetshenziselwa ukubethela kwe-bitstream nokusayina. Uma i-Programming File Ijeneretha ayikwazi ukubona indlela efanele, imilayezo yephutha engenhla iyavela.
Isixazululo
Bheka ku-Quartus Prime Settings .qsf file ukuthola izindlela ezifanele zokhiye. Qiniseka ukuthi usebenzisa izindlela ezihlobene esikhundleni sezindlela eziphelele.

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 66

Thumela Impendulo

6. Ukuxazulula inkinga 683823 | 2023.05.23
6.8. Ukusebenzisa Okukhiphayo Okungasekelwe File Uhlobo
Iphutha
quartus_pfg -c design.sof output_file.ebf -o finalize_operation=ON -o qek_file=ae.qek -o signing=ON -o pem_file=sign_private.pem
Iphutha (19511): Okukhiphayo okungasekelwe file uhlobo (ebf). Sebenzisa inketho ethi “-l” noma “-list” ukuze ubonise okusekelwe file thayipha ulwazi.
Ngenkathi usebenzisa i-Quartus Programming File Ijeneretha ukuze ukhiqize i-bitstream yokucushwa ebethelwe futhi esayiniwe, ungase ubone iphutha elingenhla uma okukhiphayo okungasekelwe file uhlobo lucacisiwe. Ukulungiswa Sebenzisa i- -l noma inketho ye- -list ukuze ubone uhlu lwabasekelwe file izinhlobo.

Thumela Impendulo

Intel Agilex® 7 Umhlahlandlela Wokuphepha Kwedivayisi 67

683823 | 2023.05.23 Thumela Impendulo
7. Intel Agilex 7 Device Security User Guide Inqolobane
Ukuze uthole izinguqulo zakamuva nezidlule zalo mhlahlandlela womsebenzisi, bheka ku-Intel Agilex 7 Device Security User Guide. Uma i-IP noma inguqulo yesofthiwe ingekho ohlwini, inkomba yomsebenzisi ye-IP yangaphambilini noma inguqulo yesofthiwe iyasebenza.

I-ISO 9001:2015 Ibhalisiwe

683823 | 2023.05.23 Thumela Impendulo

8. Umlando Wokubuyekeza we-Intel Agilex 7 Device Security User Guide

Inguqulo Yombhalo 2023.05.23
2022.11.22 2022.04.04 2022.01.20
2021.11.09

Amadokhumenti / Izinsiza

Intel Agilex 7 Device Security [pdf] Imaniwali yosebenzisayo
I-Agilex 7 Device Security, Agilex 7, Ukuphepha Kwedivayisi, Ukuphepha

Izithenjwa

Imaniwali yosebenzisayo

Intel Agilex 7 Device Security

Ulwazi Lomkhiqizo

Imiyalo yokusetshenziswa komkhiqizo

imibuzo ejwayelekile ukubuzwa

Ukuphepha Kwedivayisi Kuphelileview

Ukuqinisekisa kanye Nokugunyazwa

Ukubethela kwe-AES Bitstream

Ukunikezwa Kwedivayisi

Izici Ezithuthukile

Ukuxazulula inkinga

Amadokhumenti / Izinsiza

Izithenjwa

Shiya amazwana

Khansela impendulo