Using PR Bitstream Security Verification (Intel® Stratix® 10 Designs)
PR bitstream validation confirms that the persona does not use FPGA
resources that are unauthorized by the .smsf.
Thereafter, the Programmer requires both the .pmsf and .smsf to generate the PR
bitstream (.rbf) for this PR region, ensuring that the
PR persona can only change bits that the persona owns. The Platform Owner can optionally
release .smsf files to third-party Clients as part of
the PR region collateral. The Platform Owner uses the .smsf to generate the PR bitstream from Client's .pmsf for this PR region.
The Platform Owner should follow these steps
to license, enable, and use PR bitstream security verification:
Obtain the license file to enable generation of .smsf files for PR regions during base compilation, and to
perform PR bitstream security verification during PR bitstream generation in the
Programmer. To obtain the license, login or register for a My-Intel account, and then
submit an
Intel® Premier Support case
requesting the license key.
To add the license file to the Intel® Quartus® Prime Pro Edition software, click Tools > License Setup and specify the feature License
File.
To enable PR security validation features, add the following line to
the project .qsf:
set_global_assignment -name PR_SECURITY_VALIDATION on
Compile the base revision.
Following base compilation, view the Assembler reports to view the
generated .smsf files required for bitstream
generation for each PR region.
The Client provides the .pmsf to
the Platform Owner.
The Platform Owner verifies the .pmsf, converts the .pmsf to
.rbf, and configures the FPGA device with the
.rbf.
The platform owner converts the .pmsf to a PR bitstream. Providing the .smsf file to quartus_cmf instructs the tool to validate
the .pmsf against that .smsf, and then to generate a bitstream only if the files are
compatible.