Hi, 

thanks for answer, can you point me exactly where I can find it in Intel® Stratix® 10 Device Security
User Guide documentation ?.

I'm looking form MailBox command code and response template that can be used inside FPGA -VHDL/Verilog - driver for Mailbox IPcore not quartus programmer/jtag instructions.

In our products JTAG is not available anymore after unit shipment to customer.

Hi there,

I see what you mean. Here it is:

1.   The mailbox’s function of enabling cryptographic services is just available for Intel Agilex® 7 devices in Intel® Quartus® Prime software version 21.3 or later.

2.   Normally, the S10 use command line to realize the function what you need, which based on system console (JTAG).

3.   I will try to ask if there is any other way to set the key into S10 without JTAG.

Thanks that would be great.

For now our main problem is that some units where shipped without owner key programmed into device. As signed software can run on unsigned FPGA goal is to update software with Mailbox IP that will check if owner public key was written into that specific FPGA - similar to (wyswing) internal_jtag module and key_verify command for older FPGA's - thats the feature what we found is missing in mailbox IP commands documentation.

Hi there,

I check again, For S10, there is no mailbox command for your requirement. There is a way may work for you is use the command line to write the key to device again for all device, Do you think so?

Is there any at least any mailbox command to check if keys were written into device - so that only production units without the keys will have to be pulled back to our factory ?

Hi there,

I wanted to check if you have any further questions or concerns. If not, I will go ahead and mark this issue as resolved.

Additionally, we would greatly appreciate it if you could take a moment to fill out our survey. Your feedback is valuable to us and helps us improve our support quality.

Thank you for your time and cooperation.

Best regards,

WZ