Intel® Quartus® Prime Software
Intel® Quartus® Prime Design Software, Design Entry, Synthesis, Simulation, Verification, Timing Analysis, System Design (Platform Designer, formerly Qsys)
16704 Discussions

Encrypted Key Programming file security

RVCA
Beginner
812 Views

During production we program a Primary Encryption Key into our Arria10-based devices using a JAM™ Standard Test and Programming Language (STAPL) Format (.jam) file, generated from an Encrypted Key Programming (.ekp) file.

These files are generated on our secure signing and encryption server. It is not workable to have the production systems contact this server to generate the files for each board we produce, so these are stored locally on a server in our production environment. The only guidance Intel provides here is a recommendation to "keep these files confidential".

As we are assessing the security of our production systems, we would like to know the impact of an attacker gaining access to these files. Would it be feasible to extract the plaintext encryption keys from them? Or is the risk limited to creation of counterfeit products using our keys?

0 Kudos
4 Replies
NurAiman_M_Intel
Employee
750 Views

Hi,


Thank you for contacting Intel community.


Keeping the ekp file secure is recommended. However, the impact of an attacker gaining access to these files are beyond our scope as this is related to your security system. If anyone has the access to the ekp file, they may have access to the programming file.


Regards,

Aiman


0 Kudos
RVCA
Beginner
742 Views

That's not really answering my questions. I know you can't judge the full impact, but can you at least provide some guidance on how the .ekp file protects the keys?

0 Kudos
NurAiman_M_Intel
Employee
684 Views

Hi,


Apologize if my previous response did not answer to your question.


Th design was encrypted by enabling the design security. Hence the .ekp file is the key to decrypt the design that has been secure. That is the reason why the .ekp file must be kept confidential.


Let me know if you need further information.


Regards,

Aiman


0 Kudos
NurAiman_M_Intel
Employee
618 Views

We do not receive any response from you to the previous answer that I have provided. This thread will be transitioned to community support. If you have a new question, feel free to open a new thread to get the support from Intel experts. Otherwise, the community users will continue to help you on this thread. Thank you


0 Kudos
Reply