Using PR Bitstream Security Verification (Intel® Stratix® 10 Designs)
PR bitstream security verification requires a separate license and
.qsf setting to enable. After you license and enable
PR bitstream verification, the Compiler generates both a public Secure Mask Settings File
(.smsf) and private Partially Masked Settings File
(.pmsf) for each PR region during the base
compilation.
The .pmsf contains comprehensive
information that the Programmer requires to generate the PR bitstream for a Client region,
including the actual bit settings, a region mask, and all the auxiliary bit masks. The
.smsf contains a region ownership mask and
comprehensive information to detect a peek or poke attack by the PR region’s persona.
Thereafter, the Programmer requires both the private .pmsf and public .smsf to
generate the PR bitstream for this PR region, ensuring that the PR persona can only change
bits that the persona owns. The Platform Owner may or may not release .smsf files to third-party Clients as part of the PR region
collateral. The Platform Owner uses the .smsf to
generate the PR bitstream from Client's .pmsf for this
PR region with the Programmer.
Follow these steps to license, enable, and
use PR bitstream security verification:
Obtain the license file to enable generation of .smsf files for PR regions during base compilation, and to
perform PR bitstream security verification during PR bitstream generation in the
Programmer. To obtain the license, login or register for a My-Intel account, and then
submit an
Intel® Premier Support case
requesting the license key.
To add the license file to the Intel® Quartus® Prime Pro Edition software, click Tools > License Setup and specify the feature License
File.
To enable PR security validation features, add the following line to
the project .qsf:
set_global_assignment -name PR_SECURITY_VALIDATION on
Compile the base revision.
Following base compilation, view the Assembler reports to view the
generated .smsf files required for bitstream
generation for each PR region.
The Platform Owner may release .smsf files to third-party clients as part of the PR region collateral. The
Client provides the private .pmsf to the Platform
Owner to verify PR security of the PR Persona configuration and generate validated PR
bitstreams.
To validate PR security of the Client's .pmsf, the Platform Owner specifies the .smsf and corresponding .pmsf files at
the Programmer command line to generate the validated PR bitstreams: