Article ID: 000074665 Content Type: Product Information & Documentation Last Reviewed: 08/14/2023

How can I write or erase the Intel® Stratix® 10 AES BBRAM encryption key using the Mailbox Client Intel® FPGA IP interface and System Console?


  • Intel® Quartus® Prime Pro Edition
  • Mailbox Client Intel® Stratix® 10 FPGA IP

    You can program the Intel® Stratix® 10 AES encryption key into battery backup RAM (BBRAM) using either the Intel Quartus® Prime Pro Programmer via JTAG or through the Mailbox Client Intel FPGA IP Interface.

    When you program the key using Intel® Quartus® Prime Pro Programmer, the Programmer sends the Quartus encryption key (.qek) file using JTAG and programs the BBRAM.

    When using the Mailbox Client Intel FPGA IP interface, you write the 8 individual 32-bit words that comprise the AES encryption key to the Mailbox Client IP.




    Using the quartus_encrypt command with the –operation=aes_key option, generate the .qek file:

    quartus_encrypt –family=stratix10 --operation=make_aes_key -–aes_key=mykey.txt ik_count=4 max_key_use=32 keyfile.qek

    The mykey.txt file contains the 8 key values you choose for your AES key (for example):

    0xD6971FC7 0x28932CB0 0x5097E5A7 0x16968C52 0x7BB0AE8E 0x5C2F59E6 0x35B69453 0xC8E357BA

    The keywords you choose to program the AES encryption key using the Mailbox Client IP interface.

    The .qek file encrypts the bitstream file using the quartus_pfg command.

    You can load the following mailbox_aeskey.tcl script into System Console. This script contains functions that program or erase the AES key.

    Related Products

    This article applies to 1 products

    Intel® Stratix® 10 FPGAs and SoC FPGAs