AN 556: Using the Design Security Features in Intel FPGAs

ID 683269
Date 5/21/2021
Document Table of Contents

Intel® Arria® 10 and Intel® Cyclone® 10 GX Qcrypt Security Tool

The Qcrypt tool is a stand-alone encryption tool for encrypting and decrypting Intel® Arria® 10 and Intel® Cyclone® 10 GX FPGA configuration bit-stream files. The Qcrypt tool can also be used to encrypt HPS boot images through a script. Different kinds of security settings that are currently not accessible from the Intel® Quartus® Prime graphical user interface can be set through the Qcrypt tool.

The Qcrypt tool encrypts and decrypts raw binary files (.rbf) only and not other configuration files, such as .sof and .pof files. Throughout the encryption flow, the Qcrypt tool generates an authentication tag while encrypting the .rbf file. The authentication tag prevents any modification or tampering of the configuration bit-stream. Besides encryption and decryption, the Qcrypt tool allows you to enable and set various security features and settings. By incorporating security features and settings into the .rbf file, you have the flexibility to use different kinds of security features on Intel® Arria® 10 and Intel® Cyclone® 10 GX devices without permanently burning the security fuses. To generate the .ekp file or encrypted configuration file other than .rbf, you have to use the Intel® Quartus® Prime Convert Programming File tool.

Note: The Qcrypt tool is not license-protected and can be used by all Intel® Quartus® Prime software user.