Visible to Intel only — GUID: fha1567001502507
Ixiasoft
1.1. Generating Primary Device Programming Files
1.2. Generating Secondary Programming Files
1.3. Enabling Bitstream Security for Stratix® 10 and Agilex™ 7 Devices
1.4. Enabling Bitstream Encryption or Compression for Arria® 10 and Cyclone® 10 GX Devices
1.5. Generating Programming Files for Partial Reconfiguration
1.6. Generating Programming Files for Intel® FPGA Devices with Hard Processor Systems
1.7. Scripting Support
1.8. Generating Programming Files Revision History
2.1. Quartus® Prime Programmer
2.2. Programming and Configuration Modes
2.3. Basic Device Configuration Steps
2.4. Specifying the Programming Hardware Setup
2.5. Programming with Flash Loaders
2.6. Verifying the Programming File Source with Project Hash
2.7. Using PR Bitstream Security Verification ( Stratix® 10 Designs)
2.8. Stand-Alone Programmer and Tools
2.9. Programmer Settings Reference
2.10. Scripting Support
2.11. Using the Quartus® Prime Programmer Revision History
2.9.1. Device & Pin Options Dialog Box
2.9.2. More Security Options Dialog Box
2.9.3. Output Files Tab Settings (Programming File Generator)
2.9.4. Input Files Tab Settings (Programming File Generator)
2.9.5. Bitstream Co-Signing Security Settings (Programming File Generator)
2.9.6. Configuration Device Tab Settings
2.9.7. Add Partition Dialog Box (Programming File Generator)
2.9.8. Add Filesystem Dialog Box (Programming File Generator)
2.9.9. Convert Programming File Dialog Box
2.9.10. Compression and Encryption Settings (Convert Programming File)
2.9.11. SOF Data Properties Dialog Box (Convert Programming File)
2.9.12. Select Devices (Flash Loader) Dialog Box
Visible to Intel only — GUID: fha1567001502507
Ixiasoft
1.3.2. Specifying Additional Physical Security Settings (Programming File Generator)
Stratix® 10 and Agilex™ 7 devices can store security and other configuration settings in eFuses. You can enable additional physical security settings in eFuses to extend the level of device security protection.
To specify additional physical device security settings, follow these steps:
- Click Assignments > Device > Device and Pin Options > Security.
- On the Security tab, specify the First Level Signature Chain .qky file that contains the root key and one or more design signing keys for the Quartus key file setting.
- Click the More Options button and specify any of the following:
Figure 17. More Security Options Dialog Box
Table 8. More Security Options Dialog Box Settings Option Description Values Disable JTAG Disables JTAG command and configuration of the device. Setting this eliminates JTAG as mode of attack, but also eliminates boundary scan functionality. - Off—inactive
- On—active until wipe of containing design
- On sticky—active until next POR
- On check—checks for corresponding blown fuse
Force SDM clock to internal oscillator Disables an external clock source for the SDM. The SDM must use the internal oscillator. Using an internal oscillator is more secure than allowing an external clock source for configuration. Force encryption key update Specifies that the encryption key must update by the frequency that you specify for the Encryption update ratio option. The default ration value is 31:1. Encryption supports up to 20 intermediate keys. Disable virtual eFuses Disables the eFuse virtual programming capability. Lock security eFuses Causes eFuse failure if the eFuse CRC does not match the calculated value. Disable HPS debug Disables debugging through the JTAG interface to access the HPS. Disable encryption key in eFuses Specifies that the device cannot use an AES key stored in eFuses. Rather, you can provide an extra level of security by storing the AES key in BBRAM. Disable encryption key in BBRAM Specifies that the device cannot use AES key stored in BBRAM. Rather, you can provide an extra level of security when you store the AES key in eFuses. - Click OK.
Related Information