Intel® Stratix® 10 Device Security User Guide

ID 683642
Date 11/09/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface

You can use the Programming File Generator to encrypt and sign the owner image.
  1. On the Intel® Quartus® Prime File menu select Programming File Generator.
  2. On the Output Files tab, specify the output file type for your configuration scheme.
    Figure 3. Output File Specification
  3. On the Input Files tab, click Add Bitstream and browse to your .sof.
  4. To specify encryption and authentication options select the .sof and click Properties.
    1. Turn Enable signing tool on.
    2. For Private key file select your signing key private .pem file.
    3. Turn Finalize encryption on.
    4. For Encryption key file, select your AES .qek file.
      Figure 4. Input (.sof) File Properties for Authentication and Encryption
  5. To generate the signed and encrypted bitstream, on the Input Files tab, click Generate.
    The password dialog box prompts you to input your passphrase for the .qek. The programming file generator generates output_file.rbf if the passphrase is correct.