Intel® Quartus® Prime Pro Edition User Guide: Partial Reconfiguration

ID 683834
Date 10/04/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

1.12.1. Generating an Encrypted PR Bitstream ( Intel® Arria® 10 or Intel® Cyclone® 10 GX Designs)

To partially reconfigure your Intel® Arria® 10 or Intel® Cyclone® 10 GX device with an encrypted bitstream:
Note: Intel® Quartus® Prime software does not support bitstream encryption and compression for Intel® Stratix® 10 or Intel® Agilex™ designs.
  1. Create a 256-bit key file (.key).
  2. To generate the key programming file (.ekp) from the Intel® Quartus® Prime shell, type the following command:
    quartus_cpf --key <keyfile>:<keyid> \
         <base_sof_file> <output_ekp_file>

    For example:

    quartus_cpf --key my_key.key:key1 base.sof key.ekp
  3. To generate the encrypted PR bitstream (.rbf), run the following command:
    quartus_cpf -c <pr_pmsf_file> <pr_rbf_file>
    qcrypt -e --keyfile=<keyfile> --keyname=<keyid> –lockto=\
         <qlk file> --keystore=<battery|OTP> \
         <pr_rbf_file> <pr_encrypted_rbf_file>
    • lockto—specifies the encryption lock.
    • keystore—specifies the volatile key (battery) or the non-volatile key (OTP).

    For example:

    quartus_cpf -c top_v1.pr_region.pmsf top_v1.pr_region.rbf \
         qcrypt -e --keyfile=my_key.key --keyname=key1 --keystore=battery \
         top_v1.pr_region.rbf top_v1_encrypted.rbf
  4. To program the key file as volatile key (default) into the device, type the following command:
    quartus_pgm -m jtag -o P;<output_ekp_file>

    For example:

    quartus_pgm -m jtag -o P;key.ekp
  5. To program the base image into the device, type the following command:
    quartus_pgm -m jtag -o P;<base_sof_file>

    For example:

    quartus_pgm -m jtag -o P;base.sof
  6. To partially reconfigure the device with the encrypted bitstream, type the following command:
    quartus_pgm -m jtag --pr <output_encrypted_rbf_file>

    For example:

    quartus_pgm -m jtag --pr top_v1_encrypted.rbf
Note:

qcrypt generates an error if the Enable bitstream compatibility check parameter is enabled for an instance of the Partial Reconfiguration Controller Intel® Arria® 10/Cyclone 10 FPGA IP. Use one of the following methods to avoid this error:

  • Use the Convert Programming Files dialog box, rather than qcrypt, to generate the encrypted PR bitstream, as Generating PR Bitstream Files describes.
  • If you want use qcrypt with Intel® Arria® 10 or Intel® Cyclone® 10 GX designs, regenerate the Partial Reconfiguration Controller IP without the Enable bitstream compatibility check option enabled, and with the Enable hierarchical PR support option enabled, as Adding the Partial Reconfiguration Controller Intel® Arria® 10/Cyclone 10 FPGA IP describes. Recompile the design before regenerating the PR bitstream.