Encrypting the Boot Image and Configuration File
The Quartus Prime Design Suite includes the Quartus Prime Convert Programming File tool, quartus_cpf, which you use to generate the AES 256 encryption file.1 You invoke the Quartus Prime Convert Programming File tool as follows:
quartus_cpf -e -k <keyfile>:<key_id>[:<key_id>] <input_sof_file> <output_ekp_file>
If you configure the boot loader generator to encrypt the boot image, quartus_cpf requires the encryption key file as specified in the configuration tool’s security settings. For an overview of the tool flow, see the figure in "Software Image Authentication and Encryption".
For details of Quartus Prime Convert Programming File tool usage, refer to "How to Generate the Single-Device .ekp File and Encrypt Configuration File Using Quartus Prime Software with the Command-Line Interface" in AN-556: Using the Design Security Features in the Altera FPGAs.
Did you find the information on this page useful?