Article ID: 000086868 Content Type: Install & Setup Last Reviewed: 11/14/2024

How can I improve the security of my Quartus® Prime Software installation?

Environment

  • Intel® Quartus® Prime Pro Edition
  • BUILT IN - ARTICLE INTRO SECOND COMPONENT
    Description

    You can improve the security of your Quartus® Prime Software installation by following these security recommendations:

    Install the latest tools that support your design.

    • During installation, select only the minimum software components that you require.

    Install the latest version of the Quartus® Prime Standard Edition Software or the Quartus® Prime Pro Edition Software backward-compatible components that require connection to network or FPGA hardware device (FPGA Software Download Center, Additional Software tab):

    • FLEXlm License Server Software

    • Quartus® Prime Programmer and Tools, which includes Quartus Programmer, JTAG utilities, and USB-Blaster Drivers

    Turn off the following optional features that connect to the Internet:

    Check for software updates: Tools menu > Options, Internet Connectivity tab; Disable options under Startup.

    • Crash reporter: Tools menu > Options, Internet Connectivity tab, Problem report; Disable Always send report to Altera when internal error occurs (command-line only)

    • Talkback: Tools menu > Options, Internet Connectivity tab, TalkBack Options; Disable Turn on the Quartus® II software TalkBack feature option if you were using Quartus® II software edition 16.0 and below

    Install and run the Quartus® Prime Software or Quartus® II software under unprivileged system accounts (No root/administrator privileges).

    Set your firewall rules to block network connectivity for any of the Quartus® II software, Quartus® Prime software, or ModelSim* component:

    • Allow traffic only to the FlexLM license server, or use a node-locked fixed license instead of a network floating license.

    Use System Console and related on-chip debug tools in a secure environment by opening ports (assigned when installing the server) only for inter-process communication on local machine.

     Only open  Quartus® Prime projects and files from trusted sources. The Quartus® Prime Software incorporates scripting capabilities and supports automated script execution that can be exploited by a malicious actor that is able to control Quartus® Prime Software project files. 

    • Ensure all directories under your PATH environment variables are trusted. The Quartus® Prime software relies on the system environment variables to locate the 3rd party simulations tools. 

    • If you are using JTAG server, use SSH tunneling as recommended in Application Note 939.

    Resolution

    NIL

    Related Products

    This article applies to 1 products

    Intel® Programmable Devices