- Keep encryption keys and pragmas in a key file and point to it using
encrypt -key
option. - Use the
encrypt -ext
option to avoid inadvertently overwriting input files. - Obtain public keys from tool vendors.CAUTION:Beware cutting and pasting from PDF and Word documents as these operations often corrupt the key; corruption is usually not apparent until the file is subsequently decrypted resulting in syntax errors.
- Use the same key file for as much IP as possible, which allows greater optimization of the resulting netlist.
- Encrypt all the files of an IP in a single call to encrypt.
- Do not split a Verilog module between multiple encryption blocks and/or plain text sections.
- In VHDL, put the entire entity and architecture pair in a single encryption block.
- Verify that the encrypted code loads correctly into Vivado and a
subsequent
write_verilog
re-encrypts all the secure design elements. - Verify interoperability with third-party tools.