To program the AES key into the BBR, right-click FPGA in the Hardware window, and select Program BBR Key.
Figure 1. Program the BBR Key from Hardware Window
The Program BBR Key dialog box appears.
Figure 2. Program BBR Key – UltraScale and UltraScale+
Devices
In the Program BBR Key dialog box, specify the AES key file (.nky) and Enable DPA PROTECT as follows.
- Specify the AES key file (.nky) by typing the file name or navigating to the desired file. After specifying a valid .nky file, the AES key field automatically fills in.
- Check the Enable DPA PROTECT check box.
- Specify the DPA_COUNT value. The valid range is 1–256 when
enabled.Note: For more details on the BBR AES key and DPA_PROTECT feature refer to the UltraScale Architecture Configuration User Guide (UG570).
- Click OK, to have the Hardware Manager program load the key into the BBR.
- After programming the key, program the FPGA with an encrypted bitstream that was encrypted using the same AES key as was loaded into BBR and had BBRAM selected as the specified encryption key location. .
Important: For
UltraScale devices, if you download an encrypted
bitstream (which uses the BBR as the key source) before programming the key into the BBR
register, the FPGA locks up and you are unable to load the BBR key. You can still
download unencrypted bitstreams, but you are unable to download encrypted bitstreams
because the FPGA prevents you from downloading a key into BBR. You must power-cycle the
board to unlock the UltraScale device and then
reload the BBR key.
Important: When
verify_hw_devices
is performed on the BBR key, an
error is shown. To verify the BBR key, the user should test this by programming the FPGA
with a bitstream that has the key. Vivado does not
support any post BBR program verify option to verify the programmed BBR key.