Yes, Stratix® II or Stratix II GX devices with successful non-volatile security key-programmed can accept both encrypted and unencrypted configuration bitstreams if the Encryption Key Programming (EKP) file is generated from the Quartus® II software version 7.2 SP2 (and later). For the EKP file that is generated from a previous version of Quartus II software, the key-programmed Stratix II or Stratix II GX device can accept only encrypted configuration bitstreams.
This is a new design security feature that was introduced in the Quartus® II software version 7.2 SP2 (and later). The main objective is to allow board-level testing with unencrypted configuration bitstreams on the key-programmed Stratix II or Stratix II GX device.
Designs for Stratix II or Stratix II GX devices are secured against copying and reverse engineering by using configuration bitstream encryption. Tampering is prevented only when the tamper-protection bit is set, thus preventing configuration with an unencrypted configuration bitstream. However, enabling the tamper-protection bit disables the test mode in Stratix II or Stratix II GX devices. This process is irreversible and prevents Altera® from carrying out a failure analysis if test mode is disabled.
Contact Altera Technical Support for assistance to enable the tamper-protection bit which only allows encrypted configuration bitstreams on the key-programmed Stratix II or Stratix II GX FPGA, reference rd07072008_269.