Visible to Intel only — GUID: ayt1547239907688
Ixiasoft
Visible to Intel only — GUID: ayt1547239907688
Ixiasoft
1.11.1. PR Bitstream Security Validation ( Intel® Stratix® 10 Designs)
PR bitstream security validation enables multi-tenant FPGA usage. For example, a platform owner partitions a single device to host multiple third-party clients. The platform owner may not trust the clients, and the clients may not trust each other, but the clients trust the platform owner. PR bitstream security validation provides the platform owner and clients protection from any party corrupting the proprietary server, the client configurations, or from initiating a peek or poke attack by a subsequent partial reconfiguration.
PR bitstream validation allows the platform owner to determine whether the client has modified their .pmsf file in an attempt to damage the FPGA, or has attempted connection to signals without access. To be effective, the platform owner must accept only .pmsf files (not .rbf) from the client, and the platform owner must validate all client .pmsf files. Thereafter, the Programmer requires both the .pmsf and .smsf to generate the PR bitstream (.rbf) for this PR region, ensuring that the PR persona can only change bits that the persona owns. The Platform Owner can optionally release .smsf files to third-party Clients as part of the PR region collateral.
For PR bitstream validation, the platform owner generates the .smsf file themselves, to ensure that the platform owner can trust the .smsf. The bitstream validation check compares the client supplied .pmsf against the trusted .smsf. The comparison fails if the .pmsf is invalid for deliberate or accidental reasons.
- Obtain the license file to enable generation of .smsf files for PR regions during base compilation, and to perform PR bitstream security validation during PR bitstream generation in the Programmer. To obtain the license, login or register for a My Intel account, and then submit an Intel Premier Support case quoting reference number 22013030316 to request a license key.
- To add the license file to the Intel® Quartus® Prime Pro Edition software, click Tools > License Setup and specify the feature License File.
- To enable PR security validation features, add the following line to the project .qsf:
set_global_assignment -name PR_SECURITY_VALIDATION on
- Compile the base revision.
- Following base compilation, view the Assembler reports to view the generated .smsf files required for bitstream generation for each PR region.
- The Client provides the .pmsf to the Platform Owner.
- The Platform Owner validates the .pmsf, converts the .pmsf to .rbf, and configures the FPGA device with the .rbf. The Platform Owner converts the .pmsf to a PR bitstream. Provide the .smsf file to quartus_pfg to instruct the tool to validate the .pmsf against that .smsf. Then generate a bitstream only if the files are compatible.
quartus_pfg -c -o smsf_file=<smsf_file> <pmsf_file> <output_rbf_file>