Intel® SoC FPGA Embedded Development Suite
Support for SoC FPGA Software Development, SoC FPGA HPS Architecture, HPS SoC Boot and Configuration, Operating Systems
567 Discussions

Arria10 Secure Boot : unable to boot SPL FUSE

ChristianMS
Novice
‎07-16-2025 03:37 AM
5,133 Views

On the Arria10, a signed SPL using the FUSE method does not boot at all, but it does boot when using the USER method. The behavior is the same as if we had not programmed the fuses.


Details :

Using the alt_authtool.py utility found in the repository, the SPL is signed.
The tool accepts the following options:

- fuse: embed root pubkey in image. BootROM verifies its hash against device fuses.
- fpga: fetch trusted root pubkey from location in FPGA memory.
- user: embed root pubkey in image. BootROM does not verify.

 

read EC key
Private-Key: (256 bit)
priv:
9e:e1:55:ec:b6:be:bd:15:22:80:73:3a:66:ee:07:
fa:58:26:1f:d0:13:c8:e5:6a:b0:05:bc:23:f7:dc:
58:46
pub:
04:0d:b3:cf:29:e9:54:60:7a:1c:d2:99:ca:5e:dd:
d0:72:98:0c:5f:89:33:2c:16:35:24:4f:65:ad:ba:
23:45:9d:ec:5e:22:06:9f:b6:b2:bd:d0:19:8c:53:
aa:af:20:1c:df:72:0f:02:e9:44:b0:86:1a:d5:b5:
7a:2c:81:65:dd
ASN1 OID: prime256v1
NIST CURVE: P-256

 

First, we generate the SPL using the user option, then follow the Application Note, and the Arria10 board boots correctly.

python3 -B -E $(which alt_authtool.py) sign -t user -k ${ROOT_KEY_PEM} -i ${DEPLOYDIR}/u-boot-spl-public-key.sfp -o ${DEPLOYDIR}/u-boot-spl-public-key-signed.sfp --fuseout ${DEPLOYDIR}/u-boot-spl-public-key-signed.fuse

 

The following text is displayed:

SHA256 digest of root public key: 3dfe63cab8b3657db2ebdeaca234f0d6ec3744a3905d7e04dfa63a5a6721dfe7

 

==> The SPL with USER option boots correctly.

 

Next, we generate the SPL using the fuse option. With this, the FPGA should only be able to boot if the fuses are programmed (volatile or non-volatile). When alt_authtool.py is executed, it displays the SHA256 hash of the public key. We use this public key to construct a file containing:

key1 3DFE63CAB8B3657DB2EBDEACA234F0D6EC3744A3905D7E04DFA63A5A6721DFE7

 

Using this key file, we generate an EKP file with Quartus (compressed into a zip and attached to the present message).

In the end, using the Quartus Prime Programmer, we program the Arria10 board with EKP file (this takes less than one second).

Capture d'écran 2025-07-15 100249.png

Capture d'écran 2025-07-15 100852.png

Capture d'écran 2025-07-15 111142.png

Immediately after programming the volatile fuses, the board resets (the power supply current drops from 1A to 0.8A, and then returns to 1A), and the fan stops and restarts.

==> However, on the serial console, the SPL signed with the FUSE method does not display any messages, and neither U-Boot nor the kernel is loaded.

 

On the other hand, the SPL signed with the USER method is still able to boot, even with the volatile fuses programmed (boot messages appear, and both U-Boot and the kernel are loaded).

Question:

Can you help us to solve this boot issue with the FUSE method ? The behavior is like volatile fuses are not programmed !

 

If you need more information and details, please tell us.

 

Thanks in advance.

 

Christian & Baptiste

mediane_SPL_key.zip
0 Kudos

Link Copied

21 Replies
Jeet14
Employee
‎07-31-2025 12:50 AM
3,232 Views

Hi Theo & Christian,


Any update on the previous post by Naresh Kumar.


Regards

Tiwari


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.