Intel® Quartus® Prime Software
Intel® Quartus® Prime Design Software, Design Entry, Synthesis, Simulation, Verification, Timing Analysis, System Design (Platform Designer, formerly Qsys)
Announcements
FPGA community forums and blogs on community.intel.com are migrating to the new Altera Community and are read-only. For urgent support needs during this transition, please visit the FPGA Design Resources page or contact an Altera Authorized Distributor.
17268 Discussions

Encrypted Key Programming file security

RVCA
Beginner
‎05-04-2023 01:16 AM
1,331 Views

During production we program a Primary Encryption Key into our Arria10-based devices using a JAM™ Standard Test and Programming Language (STAPL) Format (.jam) file, generated from an Encrypted Key Programming (.ekp) file.

These files are generated on our secure signing and encryption server. It is not workable to have the production systems contact this server to generate the files for each board we produce, so these are stored locally on a server in our production environment. The only guidance Intel provides here is a recommendation to "keep these files confidential".

As we are assessing the security of our production systems, we would like to know the impact of an attacker gaining access to these files. Would it be feasible to extract the plaintext encryption keys from them? Or is the risk limited to creation of counterfeit products using our keys?

0 Kudos

Link Copied

4 Replies
NurAiman_M_Intel
Employee
‎05-08-2023 01:42 AM
1,269 Views

Hi,


Thank you for contacting Intel community.


Keeping the ekp file secure is recommended. However, the impact of an attacker gaining access to these files are beyond our scope as this is related to your security system. If anyone has the access to the ekp file, they may have access to the programming file.


Regards,

Aiman


0 Kudos
Copy link
RVCA
Beginner
‎05-08-2023 07:11 AM
1,261 Views
In response to NurAiman_M_Intel

That's not really answering my questions. I know you can't judge the full impact, but can you at least provide some guidance on how the .ekp file protects the keys?

In response to NurAiman_M_Intel
0 Kudos
Copy link
NurAiman_M_Intel
Employee
‎05-12-2023 01:51 AM
1,203 Views

Hi,


Apologize if my previous response did not answer to your question.


Th design was encrypted by enabling the design security. Hence the .ekp file is the key to decrypt the design that has been secure. That is the reason why the .ekp file must be kept confidential.


Let me know if you need further information.


Regards,

Aiman


0 Kudos
Copy link
NurAiman_M_Intel
Employee
‎05-17-2023 06:16 PM
1,137 Views

We do not receive any response from you to the previous answer that I have provided. This thread will be transitioned to community support. If you have a new question, feel free to open a new thread to get the support from Intel experts. Otherwise, the community users will continue to help you on this thread. Thank you


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.