To program the AES key into the BBR, right-click the FPGA device in the Hardware window, and select Program BBR Key.
Figure 1. Program the BBR Key from Hardware Window
The Program BBR Key dialog box appears.
Figure 2. Program BBR Key - UltraScale and UltraScale+
In the Program BBR Key dialog box, specify the AES key file (.nky) and Enable DPA PROTECT:
AES key file (.nky)
- Specify the AES key file (.nky) by typing the file name or navigating to the desired file. After specifying a valid .nky file, the AES key field automatically fills in.
Enable DPA PROTECT
Note: For more details on the BBR AES key and DPA_PROTECT feature refer to the UltraScale Architecture Configuration User Guide (UG570).
- Check the Enable DPA PROTECT check box.
- Specify the DPA_COUNT value. The valid range is 1-256 when enabled.
Click OK, to have the Hardware Manager program load the key into the BBR.
After programming the key, program the FPGA with an encrypted bitstream that:
- was encrypted using the same AES key as was loaded into BBR.
- had BBRAM selected as the specified encryption key location.
Important: For UltraScale devices, if you download an encrypted bitstream (which uses the BBR as the key source) before programming the key into the BBR register, the FPGA device will lock up and you will not be able to load the BBR key. You can still download unencrypted bitstreams, but you will not be able to download encrypted bitstreams because the FPGA device will prevent you from downloading a key into BBR. You must power-cycle the board to unlock the UltraScale device and then reload the BBR key.Important: When
verify_hw_devicesis performed on the BBR key, an error will be shown. To verify the BBR key, the user should test this by programming the FPGA with a bitstream that has the key. Vivado does not support any post BBR program verify option to verify the programmed BBR key.