Visible to Intel only — GUID: mri1616561573067
Ixiasoft
1. Intel Stratix 10 Device Security Overview
2. Authentication and Authorization
3. AES Bitstream Encryption
4. Device Provisioning
5. Advanced Features
6. Troubleshooting
7. Intel® Stratix® 10 Device Security User Guide Archives
8. Document Revision History for Intel® Stratix® 10 Device Security User Guide
3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface
3.3.2. Configuration Bitstream Encryption Using the Programming File Generator Command Line Interface
3.3.3. Partially Encrypted Configuration Bitstream Generation Using the Command Line Interface
3.3.4. Partial Reconfiguration Bitstream Encryption
4.1. Using SDM Provision Firmware
4.2. Authentication Root Key Provisioning
4.3. Using QSPI Factory Default Helper Image on Owned Devices
4.4. Programming Key Cancellation ID Fuses
4.5. Security Setting Fuse Provisioning
4.6. AES Root Key Provisioning
4.7. Converting Owner Root Key, AES Root Key Certificates, and Fuse files to Jam STAPL File Formats
6.1. Using Quartus Commands in a Windows Environment Error
6.2. Generating a Private Key Warning
6.3. Adding a Signing Key to the Quartus Project Error
6.4. Generating Quartus Prime Programming File was Unsuccessful
6.5. Unknown Argument Errors
6.6. Bitstream Encryption Option Disabled Error
6.7. Specifying Correct Path to the Key
6.8. Using Unsupported Output File Type
Visible to Intel only — GUID: mri1616561573067
Ixiasoft
3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface
You can use the Programming File Generator to encrypt and sign the owner image.
- On the Intel® Quartus® Prime File menu select Programming File Generator.
- On the Output Files tab, specify the output file type for your configuration scheme.
Figure 3. Output File Specification
- On the Input Files tab, click Add Bitstream and browse to your .sof.
- To specify encryption and authentication options select the .sof and click Properties.
- Turn Enable signing tool on.
- For Private key file select your signing key private .pem file.
- Turn Finalize encryption on.
- For Encryption key file, select your AES .qek file.
Figure 4. Input (.sof) File Properties for Authentication and Encryption
- To generate the signed and encrypted bitstream, on the Input Files tab, click Generate.
The password dialog box prompts you to input your passphrase for the .qek. The programming file generator generates output_file.rbf if the passphrase is correct.