You will most likely want validation that the AES key was programmed into either the BBRAM or eFUSE bits properly. The following is a check-list of verification steps:
1. Generate bitstreams using Vivado 2017.1 or later: An unencrypted bitstream, an encrypted bitstream with your personalized key, an encrypted bitstream with an all-ones key, and an encrypted bitstream with an all-zeros key.
2. Review the generated bitstreams to validate that encryption occurred.
3. Check Hardware: Use Vivado Device Programmer to connect to the FPGA, download the unencrypted bit file via JTAG. Verify that the design functions as expected.
4. Test the FPGA decryptor: Download the encrypted .bit file with the all-zeros key (for eFUSE).
5. Program the AES key via JTAG following the recommendations in the previous section. (If using eFUSE, first perform steps 5 and 6 with the BBRAM key as a validation check; then, if working as expected, program the eFUSE for final test.)
6. Test key: Download the encrypted .bit file with your personalized key.
7. Test key: Download encrypted .bit file with all-zeros key (expect failure).
8. Test key settings: Download the unencrypted .bit file (results can vary depending on security settings).
9. Check key security: Check that the key is read-protected.