Intel® Agilex™ Device Security User Guide

ID 683823
Date 11/09/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

3.3.1. Configuration Bitstream Encryption Using the Programming File Generator Graphical Interface

You can use the Programming File Generator to encrypt and sign the owner image.
  1. On the Intel® Quartus® Prime File menu select Programming File Generator.
  2. On the Output Files tab, specify the output file type for your configuration scheme.
    Figure 4. Output File Specification
  3. On the Input Files tab, click Add Bitstream and browse to your .sof.
  4. To specify encryption and authentication options select the .sof and click Properties.
    1. Turn Enable signing tool on.
    2. For Private key file select your signing key private .pem file.
    3. Turn Finalize encryption on.
    4. For Encryption key file, select your AES .qek file.
      Figure 5. Input (.sof) File Properties for Authentication and Encryption
  5. To generate the signed and encrypted bitstream, on the Input Files tab, click Generate.
    Password dialog boxes appear for you to input your passphrase for your AES key .qek file and signing private key .pem file. The programming file generator creates the encrypted and signed output_file.rbf.