Intel Agilex® 7 Device Security User Guide

ID 683823
Date 7/07/2023
Document Table of Contents

3.1. Creating the AES Root Key

You may use the quartus_encrypt tool or reference implementation to create an AES root key in the Intel® Quartus® Prime software encryption key (.qek) format file.
Note: The file is used for both Intel® Stratix® 10 and Intel Agilex® 7 devices.

You may optionally specify the base key used to derive the AES root key and key derivation key, the value for the AES root key directly, the number of intermediate keys, and the maximum use per intermediate key.

You must specify the device family, output .qek file location, and passphrase when prompted.

Run the following command to generate the AES root key using random data for the base key and default values for number of intermediate keys and maximum key use.

To use the reference implementation, you substitute a call to the Python interpreter included with Intel® Quartus® Prime software and omit the --family=agilex option; all other options are equivalent. For example, the quartus_encrypt command found later in the section

quartus_encrypt --family=agilex --operation=MAKE_AES_KEY aes_root.qek
can be converted into the equivalent call to the reference implementation as follows:
pgm_py --operation=MAKE_AES_KEY aes_root.qek

Did you find the information on this page useful?

Characters remaining:

Feedback Message