Programming the AES Key for UltraScale and UltraScale+ Devices - 2023.2 English

Vivado Design Suite User Guide: Programming and Debugging (UG908)

Document ID
Release Date
2023.2 English

To program the AES key into the BBR, right-click FPGA in the Hardware window, and select Program BBR Key.

Figure 1. Program the BBR Key from Hardware Window

The Program BBR Key dialog box appears.

Figure 2. Program BBR Key – UltraScale and UltraScale+ Devices

In the Program BBR Key dialog box, specify the AES key file (.nky) and Enable DPA PROTECT as follows.

  1. Specify the AES key file (.nky) by typing the file name or navigating to the desired file. After specifying a valid .nky file, the AES key field automatically fills in.
  2. Check the Enable DPA PROTECT check box.
  3. Specify the DPA_COUNT value. The valid range is 1–256 when enabled.
    Note: For more details on the BBR AES key and DPA_PROTECT feature refer to the UltraScale Architecture Configuration User Guide (UG570).
  4. Click OK, to have the Hardware Manager program load the key into the BBR.
  5. After programming the key, program the FPGA with an encrypted bitstream that was encrypted using the same AES key as was loaded into BBR and had BBRAM selected as the specified encryption key location. .
Important: For UltraScale devices, if you download an encrypted bitstream (which uses the BBR as the key source) before programming the key into the BBR register, the FPGA locks up and you are unable to load the BBR key. You can still download unencrypted bitstreams, but you are unable to download encrypted bitstreams because the FPGA prevents you from downloading a key into BBR. You must power-cycle the board to unlock the UltraScale device and then reload the BBR key.
Important: When verify_hw_devices is performed on the BBR key, an error is shown. To verify the BBR key, the user should test this by programming the FPGA with a bitstream that has the key. Vivado does not support any post BBR program verify option to verify the programmed BBR key.