Intel® Quartus® Prime Pro Edition User Guide: Partial Reconfiguration

ID 683834
Date 8/26/2022
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

2.12.1. PR Bitstream Security Validation ( Intel® Stratix® 10 Designs)

PR bitstream security validation confirms that the persona does not access FPGA resources that are unauthorized by the platform owner.
Note: PR bitstream security validation only supports Intel® Stratix® 10 devices. Hierarchical PR (HPR) designs do not support PR bitstream security verification.

PR bitstream security validation enables multi-tenant FPGA usage. For example, a platform owner partitions a single device to host multiple third-party clients. The platform owner may not trust the clients, and the clients may not trust each other, but the clients trust the platform owner. PR bitstream security validation provides the platform owner and clients protection from any party corrupting the proprietary server, the client configurations, or from initiating a peek or poke attack by a subsequent partial reconfiguration.

PR bitstream validation allows the platform owner to determine whether the client has modified their .pmsf file in an attempt to damage the FPGA, or has attempted connection to signals without access. To be effective, the platform owner must accept only .pmsf files (not .rbf) from the client, and the platform owner must validate all client .pmsf files. Thereafter, the Programmer requires both the .pmsf and .smsf to generate the PR bitstream (.rbf) for this PR region, ensuring that the PR persona can only change bits that the persona owns. The Platform Owner can optionally release .smsf files to third-party Clients as part of the PR region collateral.

PR Bitstream Security Validation in Programmer

For PR bitstream validation, the platform owner generates the .smsf file themselves, to ensure that the platform owner can trust the .smsf. The bitstream validation check compares the client supplied .pmsf against the trusted .smsf. The comparison fails if the .pmsf is invalid for deliberate or accidental reasons.

The Platform Owner should follow these steps to license, enable, and use PR bitstream security validation:
  1. Obtain the license file to enable generation of .smsf files for PR regions during base compilation, and to perform PR bitstream security validation during PR bitstream generation in the Programmer. To obtain the license, login or register for a My Intel account, and then submit an Intel Premier Support case quoting reference number 22013030316 to request a license key.
  2. To add the license file to the Intel® Quartus® Prime Pro Edition software, click Tools > License Setup and specify the feature License File.
  3. To enable PR security validation features, add the following line to the project .qsf:
    set_global_assignment -name PR_SECURITY_VALIDATION on
  4. Compile the base revision.
  5. Following base compilation, view the Assembler reports to view the generated .smsf files required for bitstream generation for each PR region.
  6. The Client provides the .pmsf to the Platform Owner.
  7. The Platform Owner validates the .pmsf, converts the .pmsf to .rbf, and configures the FPGA device with the .rbf. The Platform Owner converts the .pmsf to a PR bitstream. Provide the .smsf file to quartus_pfg to instruct the tool to validate the .pmsf against that .smsf. Then generate a bitstream only if the files are compatible.
    quartus_pfg -c -o smsf_file=<smsf_file> <pmsf_file> <output_rbf_file>