Generic Flash Programmer User Guide: Intel® Quartus® Prime Pro Edition

Download PDF
ID 683495
Date 3/28/2022
Public
Document Table of Contents
Document Table of Contents x
1. Generic Flash Programmer User Guide Intel® Quartus® Prime Pro Edition
1. Generic Flash Programmer User Guide Intel® Quartus® Prime Pro Edition x
1.1. Supported Devices and Configuration Methods 1.2. Quad SPI Flash Byte-Addressing 1.3. Generic Flash Programmer Operation 1.4. Generic Flash Programmer Flow Templates ( Intel® Stratix® 10 devices) 1.5. Generic Flash Programmer Flow Templates ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.6. Generic Flash Programmer Settings Reference 1.7. Generic Flash Programmer User Guide Revision History 1.8. Generic Flash Programmer Document Archive
1.3. Generic Flash Programmer Operation x
1.3.1. Generic Flash Programming (Programming File Generator) 1.3.2. Generic Flash Programming (Convert Programming File Dialog Box)
1.3.1. Generic Flash Programming (Programming File Generator) x
1.3.1.1. Step 1: Generate Primary Device Programming File 1.3.1.2. Step 2: Generate Secondary Programming Files (Programming File Generator) 1.3.1.3. Step 3: Program the Flash Memory Device
1.3.1.2. Step 2: Generate Secondary Programming Files (Programming File Generator) x
1.3.1.2.1. Enabling Bitstream Authentication (Programming File Generator) 1.3.1.2.2. Enabling Bitstream Encryption (Programming File Generator) 1.3.1.2.3. Defining a New Flash Memory Configuration Device
1.3.1.2.1. Enabling Bitstream Authentication (Programming File Generator) x
1.3.1.2.1.1. Specifying Additional Physical Security Settings (Programming File Generator)
1.3.2. Generic Flash Programming (Convert Programming File Dialog Box) x
1.3.2.1. Step 1: Generate Primary Device Programming Files 1.3.2.2. Step 2: Generate Secondary Programming Files (Convert Programming Files) 1.3.2.3. Step 3: Program the Flash Memory Device 1.3.2.4. Full Erase of Flash Memory Sectors
1.3.2.2. Step 2: Generate Secondary Programming Files (Convert Programming Files) x
1.3.2.2.1. Enabling Bitstream Encryption or Compression for Intel® Arria® 10 and Intel® Cyclone® 10 GX Devices 1.3.2.2.2. Defining a New Flash Memory Device 1.3.2.2.3. Modifying Programming Flows
1.4. Generic Flash Programmer Flow Templates ( Intel® Stratix® 10 devices) x
1.4.1. Initialization Flow Template ( Intel® Stratix® 10 Devices) 1.4.2. Program Flow Template ( Intel® Stratix® 10 Devices) 1.4.3. Erase Flow Template ( Intel® Stratix® 10 Devices) 1.4.4. Verify/Blank-Check/Examine Flow Template ( Intel® Stratix® 10 Devices) 1.4.5. Termination Flow Template ( Intel® Stratix® 10 Devices)
1.5. Generic Flash Programmer Flow Templates ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) x
1.5.1. Initialization Flow Templates ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.2. Program Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.3. Erase Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.4. Verify/Blank-Check/Examine Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.5. Termination Flow Template ( Intel® Arria® 10 and Intel® Cyclone® 10 GX) 1.5.6. Programming Flow Action Properties
1.6. Generic Flash Programmer Settings Reference x
1.6.1. Device and Pin Options 1.6.2. More Security Options Dialog Box 1.6.3. Input Files Tab Settings (Programming File Generator) 1.6.4. Output Files Tab Settings (Programming File Generator) 1.6.5. Add Partition Dialog Box (Programming File Generator) 1.6.6. Bitstream Co-Signing Security Settings (Programming File Generator) 1.6.7. Convert Programming File Dialog Box 1.6.8. Compression and Encryption Settings (Convert Programming File) 1.6.9. SOF Data Properties Dialog Box (Convert Programming File) 1.6.10. Select Devices (Flash Loader) Dialog Box
1. Generic Flash Programmer User Guide Intel® Quartus® Prime Pro Edition

1.3.1.2.2. Enabling Bitstream Encryption (Programming File Generator)

To enable bitstream encryption, you must first generate a first level signature chain (.qky) that enables encryption options in the GUI. Next, you generate the encrypted configuration bitstream in the Assembler. Finally, you generate a secondary programming file that specifies the AES Encryption Key file (.qek) for bitstream decryption.

Follow these steps to enable bitstream encryption:

  1. Generate a First Level Signature Chain that includes the root key and one or more design signing keys, as Intel® Stratix® 10 Device Security User Guide describes.
  2. Click Assignments > Device > Device and Pin Options > Security.
  3. For the Quartus key file setting, specify the first level signature chain .qky that contains the root key and one or more design signing keys.
  4. Turn on Enable programming bitstream encryption, and specify one or more of the following:
    Table 4.  Assembler Encryption Security Settings
    Option Description
    Encryption key storage select Specifies the location that stores the .qek key file. You can select either Battery Backup RAM or eFuses for storage.
    Encryption update ratio Specifies the ratio of configuration bits compared to the number of key updates required for bitstream decryption. You can select either 31:1 (the key must change 1 time every 31 bits) or Disabled (no update required). Encryption supports up to 20 intermediate keys.
    Enable scrambling Scrambles the configuration bitstream.
    More Options Opens the More Security Options dialog box for specifying additional physical security options.
  5. Generate primary device programing files in the Assembler, as Step 1: Generate Primary Device Programming File describes.
  6. Generate a .jic or .rbf secondary programming file, as Step 2: Generate Secondary Programming Files (Programming File Generator) describes:
    1. In the Programming File Generator, select the .sof file on the Input Files tab.
    2. Click the Properties button. The Input File Properties dialog box appears.
      Figure 11. Input File Properties
    3. Set Finalize encryption to On.
    4. Specify the AES 256-bit or 384-bit Encryption key file (.qek) to decrypt the bitstream in the SDM prior to device configuration.
  7. Click OK.
Level Two Title