Step 2B: Generating Programming Files Using The Command Line Interface; Step 3A: Specifying Keys And Configuring The Encrypted Image Using The Intel Quartus Prime Programmer - Intel Stratix 10 User Manual

6.1.3. Step 2b: Generating Programming Files Using the Command Line
Interface
For JTAG or Avalon-ST configuration schemes, you can use the
generate the signed and encrypted output file.
Generating the fully encrypted programming files is a two-step process.
1. In your output files directory, run the following command:
quartus_pfg -c encryption_enabled.sof test.rbf partly_encrypted.rbf \
-o finalize_encryption_later=ON -o sign_later=ON
2. Run the
partially encrypted
quartus_encrypt --family=stratix10 --operation=encrypt --key=aes.qek
partly_encrypted.rbf encrypted.rbf
6.1.4. Step 3a: Specifying Keys and Configuring the Encrypted Image
Using the Intel Quartus Prime Programmer
You should already have specified a storage location for your
Authentication and Encryption page of the Assignments
Pin Options. In the current release, you can select Battery Backup RAM (BBRAM)
or Virtual eFuses. When you generate the
records the key you specify to partially encrypt the configuration bitstream.
Figure 16. Specify Storage Location for Encryption Key
Specify Quartus
Prime Key File
Select Key
Storage Location
1. Bring up the Intel Quartus Prime Programmer.
2. Right click the Intel Stratix 10 device and select Add QKY/QEK/FUSE File file.
Navigate to your
® ®
Intel Stratix 10 Device Security User Guide
38
command or your own custom script to finalize the
quartus_encrypt
file.
.rbf
file and select it.
.qky
6. Encryption and Decryption Overview
UG-S10SECURITY | 2019.05.10
quartus_pfg
.qek
Device
the Intel Quartus Prime Software
.sof
script to
on the
Device and
Send Feedback