Allow encrypted POF only

Regular Contributor

18 days ago

Hello,

Once you selected "Allow encryption POF only" - the device refuses unencrypted configuration images, only encrypted POF (must match AES key) can be used to configure the FPGA.

1- After programming the encrypted POF (even with matching key), any further operation will fail, until you erase. The device remains in a secure state that rejects even valid encrypted/reconfigured POFs.

2- The device expects the AES key to be in place before its encrypted POF is accepted. Trying to load a new encrypted POF without loading its matching EKP first, will cause rejection.

Steps :

1- Generate .ekp and encrypted .pof in Quartus:

a. Use Convert Programming File GUI

b. Within Options/Boot info -> enable the Security option

c. "Allow encrypted POF only"

d. "Verify Protect"

e. Add .ekp file, then generate both .ekp and encrypted .pof.

2- Erase the device completely

a. Before any configuration- "Erase Device" in Quartus Programmer tool

b. This will clear any prior AES key on encrypted image that would block new programming.

3- Program the AES key(.ekp) first

a. In Quartus Programmer, add the .ekp file

b. command : quartus_pgm -c 1 -m jtag -o "p;yourfile.ekp"

c. Ensure .ekp key is loaded and ready.

4- Program the encrypted POF

a. After .ekp in place: run this command : quartus_pgm -c 1 -m jtag -o "p;yourfile.pof"

regards,

Farabi

Forum Discussion

Recent Discussions

intel_onchip_Memory II RAM: r/w doesn t work from FPGA but from HPS

Power Rating Required for RZQ Resistor on Cyclone V SE

MAX 10. No 3.0 V Schmitt Trigger I/O standard

Arria 10: Remote Update may brick FPGA and Factory Fallback won't work

Unable to program EPCQ16A on custom cyclone IV board - error during jic flashing.