New ContributorProgram EKP and encrypted POF separately as JAM
I have a MAX10 FPGA that I want to program using the encrypted bitstream feature. I have the following use case:
- Initial programming of the FPGA with key + firmware (key stays confidental)
- Ability to roll out updates in field with only the firmware
I am using the JAM STAPL Player v2.5 to program the MAX10 on the carrier board. Before the encrypted bitstream feature I would convert the pof to a jam file and just use `jam -aPROGRAM firmware.jam`. Now I have an EKP file and an encrypted POF.
Naively, I would have expected the following to work:
- Convert both EKP and the encrypted POF to separate JAM files.
- Flash the key `jam -aKEY_PROGRAM key.jam`
Programming Max 10 FPGA non-volatile security key(s)... Successfully programmed non-volatile security key(s) DONE Exit code = 0... Success - Flash the encrypted POF converted to JAM: `jam -aPROGRAM firmware.jam`
configuring SRAM device(s)... full-chip erasing Max 10 FPGA device(s) ... programming Max 10 FPGA DSM block ... performing operation on MAX 10 FPGA CFM0 block at sector 4 ... performing operation on MAX 10 FPGA CFM0 block at sector 5 ... performing operation on MAX 10 FPGA UFM block at sector 1 ... performing operation on MAX 10 FPGA UFM block at sector 2 ... DONE Exit code = 0... Success
However, this does not work: the FPGA is not responding. I assume this is because when programming the firmware.jam, the player performs a full-chip erase, thus deleting the key. What does work is when I integrate the EKP into the POF and convert the resulting JAM. However, I want to keep the EKP confidential.
How can I program the firmware JAM without erasing the key?
