Intel® Quartus® Prime Software
Intel® Quartus® Prime Design Software, Design Entry, Synthesis, Simulation, Verification, Timing Analysis, System Design (Platform Designer, formerly Qsys)
17255 Discussions

quartus_sign fails to generate signed ccert

grspbr
New Contributor II
‎06-12-2024 07:10 AM
2,181 Views
Solved Jump to solution

Following Intel Agilex® 7 Device Security User Guide for AES Root Key Provisioning, the quartus_sign command fails with Error (20354) but this is no help. Executing the following two commands fails on the second command - all the necessary input files have been generated successfully:

 

## Create an unsigned AES compact certificate for the desired AES root key storage location:

quartus_pfg --ccert -o ccert_type=EFUSE_WRAPPED_AES_KEY -o password=passphrase.txt -o qek_file=aes_root.qek unsigned_efuse1.ccert

 
## Sign the compact certificate with the quartus_sign command or reference implementation:
quartus_sign --family=agilex7 --operation=sign --pem=aesccert1_private.pem --qky=aesccert1_sign_chain.qky unsigned_efuse1.ccert signed_efuse1.ccert

 

Labels (1)
0 Kudos
1 Solution
grspbr
New Contributor II
‎07-04-2024 08:46 AM
1,891 Views
Solved Jump to solution

Hi @Farabi , I was able to get help from Intel via our FAE. Basically the answer was the permission settings (should have been 0x40) which are part of the "Security Methodology for Intel FPGAs and Structured ASICs User Guide". However, this document is restricted. But for others reading this post, the correct settings were actually part of the " Intel Agilex® 7 Device Security User Guide", Page 33.

 

I will close this case. Thank you.

View solution in original post

0 Kudos
Copy link

Link Copied

6 Replies
Farabi
Employee
‎06-19-2024 07:27 PM
2,085 Views
Solved Jump to solution

Hello,


Sorry for late reply. I am still checking with our internal team to get the details of this error.

I will get back to you asap when I have the information.


regards,

Farabi


0 Kudos
Copy link
grspbr
New Contributor II
‎06-20-2024 05:45 AM
2,069 Views
Solved Jump to solution
In response to Farabi

I'm looking forward to your response. We are quite stalled on this. Thanks!

In response to Farabi
0 Kudos
Copy link
grspbr
New Contributor II
‎07-02-2024 08:05 AM
1,933 Views
Solved Jump to solution
In response to Farabi

Hello @Farabi , I have not heard from you and we still have this problem. We are going to be shipping our product in about a month and need a resolution. I look forward to hearing from you.

In response to Farabi
0 Kudos
Copy link
grspbr
New Contributor II
‎06-20-2024 09:02 AM
2,062 Views
Solved Jump to solution

By the way, there is a case number for this that has been opened by our FAE: 00885849

0 Kudos
Copy link
grspbr
New Contributor II
‎07-04-2024 08:46 AM
1,892 Views
Solved Jump to solution

Hi @Farabi , I was able to get help from Intel via our FAE. Basically the answer was the permission settings (should have been 0x40) which are part of the "Security Methodology for Intel FPGAs and Structured ASICs User Guide". However, this document is restricted. But for others reading this post, the correct settings were actually part of the " Intel Agilex® 7 Device Security User Guide", Page 33.

 

I will close this case. Thank you.

0 Kudos
Copy link
Farabi
Employee
‎07-10-2024 10:03 AM
1,812 Views
Solved Jump to solution

KDB(Knowledge Database) has been established to share the solution to more users. I am transferring this case to community back to open access for community support.


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.