Mailbox Client IP - SEND_CERTIFICATE command through FPGA fabric

Hi colleagues,

under Agilex3C (A3CY135BM16A) Non-HPS with Quartus 26.1 (latest SDM, latest IPs)
how one can send compact certificates to SDM through the internal FPGA fabric?

I tried it with Mailbox Client (1024/1024 FIFO depth, AXI accelerator path disabled) + SPI slave/JTAG Avalon Master, all other SDM commands (incl. the complicated ones like SPI programming with larger payloads) are working fine except this one.
The error I get back all the time is 0xF00000FF (which appears as 0x3FF in SDM level1 log), so generic error, no explanation.

When I load the same certificate over JTAG (external JTAG not via JTAG Avalon bridge to Mailbox Client), then it is working fine (so signature and certificate content is right).

I tried both burning fuse or just loading virtual fuse with/without test bit. All gives back this same answer if it has been sent over FPGA Fabric SDM mailbox.

Does anyone know any example project for this?

(I tried to make it work based on ATF-A mailbox driver's VAB certificate loading command implementation (which theoretically should accept other certificates too). I believe this is something supposed to work without HPS. (otherwise you should leave JTAG enabled in your system).

Links:
arm-trusted-firmware/plat/altera/soc/common/include/socfpga_mailbox.h at socfpga_v2.14.0 · altera-fpga/arm-trusted-firmware
arm-trusted-firmware/plat/altera/soc/common/soc/socfpga_mailbox.c at socfpga_v2.14.0 · altera-fpga/arm-trusted-firmware

Thanks,
Peter

Platform

Forum Discussion

Mailbox Client IP - SEND_CERTIFICATE command through FPGA fabric

Recent Discussions

Unable to Use Fault Injection Debugger (Subscription License Required Message)

USB Blaster II Problem

Mailbox Client IP - SEND_CERTIFICATE command through FPGA fabric

List of available patches for specific Quartus version

Modifying and/or hiding interfaces based on component parameters?