Intel® Quartus® Prime Pro Edition User Guide: Programmer

Download PDF
ID 683039
Date 9/26/2022
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents
Document Table of Contents x
1. Intel® Quartus® Prime Programmer User Guide 2. Using the Intel® Quartus® Prime Programmer 3. Using the HPS Flash Programmer A. Intel® Quartus® Prime Pro Edition User Guide: Programmer Document Archive B. Intel® Quartus® Prime Pro Edition User Guides
1. Intel® Quartus® Prime Programmer User Guide x
1.1. Generating Primary Device Programming Files 1.2. Generating Secondary Programming Files 1.3. Enabling Bitstream Security for Intel® Stratix® 10 and Intel® Agilex™ Devices 1.4. Enabling Bitstream Encryption or Compression for Intel® Arria® 10 and Intel® Cyclone® 10 GX Devices 1.5. Generating Programming Files for Partial Reconfiguration 1.6. Generating Programming Files for Intel® FPGA Devices with Hard Processor Systems 1.7. Scripting Support 1.8. Generating Programming Files Revision History
1.2. Generating Secondary Programming Files x
1.2.1. Generating Secondary Programming Files (Programming File Generator) 1.2.2. Generating Secondary Programming Files (Convert Programming File Dialog Box) 1.2.3. Generating Secondary Programming Files (Settings: Programming Files Dialog Box)
1.2.1. Generating Secondary Programming Files (Programming File Generator) x
1.2.1.1. Configuration Modes (Programming File Generator) 1.2.1.2. Secondary Programming Files (Programming File Generator)
1.2.2. Generating Secondary Programming Files (Convert Programming File Dialog Box) x
1.2.2.1. Secondary Programming Files (Convert Programming Files) 1.2.2.2. Configuration Modes (Convert Programming Files) 1.2.2.3. Debugging the Configuration (Convert Programming Files)
1.3. Enabling Bitstream Security for Intel® Stratix® 10 and Intel® Agilex™ Devices x
1.3.1. Enabling Bitstream Authentication (Programming File Generator) 1.3.2. Specifying Additional Physical Security Settings (Programming File Generator) 1.3.3. Enabling Bitstream Encryption (Programming File Generator)
1.5. Generating Programming Files for Partial Reconfiguration x
1.5.1. Generating PR Bitstream Files 1.5.2. Partial Reconfiguration Bitstream Compatibility Checking 1.5.3. Raw Binary Programming File Byte Sequence Transmission Examples 1.5.4. Generating a Merged .pmsf File from Multiple .pmsf Files ( Intel® Arria® 10 and Intel® Cyclone® 10 GX Designs)
1.6. Generating Programming Files for Intel® FPGA Devices with Hard Processor Systems x
1.6.1. Generating Programming Files for HPS Boot First Boot Flows 1.6.2. Generating Programming Files for FPGA Configuration First Boot Flows
1.7. Scripting Support x
1.7.1. quartus_pfg Command Line Tool 1.7.2. quartus_cpf Command Line Tool
1.7.2. quartus_cpf Command Line Tool x
1.7.2.1. Generating a Partial-Mask SRAM Object File using a Mask Settings File and a SRAM Object File
2. Using the Intel® Quartus® Prime Programmer x
2.1. Intel® Quartus® Prime Programmer 2.2. Programming and Configuration Modes 2.3. Basic Device Configuration Steps 2.4. Specifying the Programming Hardware Setup 2.5. Programming with Flash Loaders 2.6. Verifying the Programming File Source with Project Hash 2.7. Using PR Bitstream Security Verification ( Intel® Stratix® 10 Designs) 2.8. Stand-Alone Programmer 2.9. Programmer Settings Reference 2.10. Scripting Support 2.11. Using the Intel® Quartus® Prime Programmer Revision History
2.4. Specifying the Programming Hardware Setup x
2.4.1. JTAG Chain Debugger Tool 2.4.2. Editing the Details of an Unknown Device 2.4.3. Running JTAG Daemon with Linux
2.4.1. JTAG Chain Debugger Tool x
2.4.1.1. JTAG Chain Integrity Tab 2.4.1.2. JTAG Chain Debugging Tab
2.5. Programming with Flash Loaders x
2.5.1. Specifying Flash Partitions 2.5.2. Full Erase of Flash Memory Sectors
2.6. Verifying the Programming File Source with Project Hash x
2.6.1. Obtaining Project Hash for Intel® Arria® 10 Devices
2.8. Stand-Alone Programmer x
2.8.1. Stand-Alone Programmer Memory Consumption
2.9. Programmer Settings Reference x
2.9.1. Device & Pin Options Dialog Box 2.9.2. More Security Options Dialog Box 2.9.3. Output Files Tab Settings (Programming File Generator) 2.9.4. Input Files Tab Settings (Programming File Generator) 2.9.5. Bitstream Co-Signing Security Settings (Programming File Generator) 2.9.6. Configuration Device Tab Settings 2.9.7. Add Partition Dialog Box (Programming File Generator) 2.9.8. Add Filesystem Dialog Box (Programming File Generator) 2.9.9. Convert Programming File Dialog Box 2.9.10. Compression and Encryption Settings (Convert Programming File) 2.9.11. SOF Data Properties Dialog Box (Convert Programming File) 2.9.12. Select Devices (Flash Loader) Dialog Box
2.10. Scripting Support x
2.10.1. The jtagconfig Debugging Tool
3. Using the HPS Flash Programmer x
3.1. HPS Flash Programmer Command-Line Utility 3.2. How the HPS Flash Programmer Works 3.3. Using the Flash Programmer from the Command Line 3.4. Supported Memory Devices 3.5. HPS Flash Programmer User Guide Revision History
3.3. Using the Flash Programmer from the Command Line x
3.3.1. HPS Flash Programmer 3.3.2. HPS Flash Programmer Command Line Examples
1. Intel® Quartus® Prime Programmer User Guide
2. Using the Intel® Quartus® Prime Programmer
3. Using the HPS Flash Programmer
A. Intel® Quartus® Prime Pro Edition User Guide: Programmer Document Archive
B. Intel® Quartus® Prime Pro Edition User Guides

1.3.3. Enabling Bitstream Encryption (Programming File Generator)

To enable bitstream encryption, you must first generate a first level signature chain (.qky) that enables encryption options in the GUI. Next, you generate the encrypted configuration bitstream in the Assembler. Finally, you generate a secondary programming file that specifies the AES Encryption Key file (.qek) for bitstream decryption.

Follow these steps to enable bitstream encryption:

  1. Generate a First Level Signature Chain that includes the root key and one or more design signing keys, as Intel® Stratix® 10 Device Security User Guide and Intel® Agilex™ Device Security User Guide describe.
  2. Click Assignments > Device > Device and Pin Options > Security.
  3. For the Quartus key file setting, specify the first level signature chain .qky that contains the root key and one or more design signing keys.
  4. Turn on Enable programming bitstream encryption, and specify one or more of the following:
    Table 9.  Assembler Encryption Security Settings
    Option Description
    Encryption key storage select Specifies the location that stores the .qek key file. You can select either Battery Backup RAM or eFuses for storage.
    Encryption update ratio Specifies the ratio of configuration bits compared to the number of key updates required for bitstream decryption. You can select either 31:1 (the key must change 1 time every 31 bits) or Disabled (no update required). Encryption supports up to 20 intermediate keys.
    Enable scrambling Scrambles the configuration bitstream.
    More Options Opens the More Security Options dialog box for specifying additional physical security options.
  5. Generate primary device programing files in the Assembler, as Generating Primary Device Programming Files describes.
  6. Generate a .jic or .rbf secondary programming file, as Generating Secondary Programming Files describes:
    1. In the Programming File Generator, select the .sof file on the Input Files tab.
    2. Click the Properties button. The Input File Properties dialog box appears.
      Figure 16. Input File Properties
    3. Set Finalize encryption to On.
    4. Specify the AES 256-bit or 384-bit Encryption key file (.qek) to decrypt the bitstream in the SDM prior to device configuration.
  7. Click OK.
Related Information
Level Two Title