Chapter 32: Device Security
XILINX CONFIDENTIAL — DISCLOSED UNDER NDA
Zynq-7000 EPP Technical Reference Manual www.xilinx.com 7
UG585 (DRAFT) February 15, 2012
33.3.3 HMAC Signature
The authentication method requires a signature that must also be supplied to the bootgen software. This signature is
not loaded into the PL directly via JTAG like the AES key. It is contained and protected by the encrypted boot image
and the encrypted bitstream. During the on-chip decryption process, this HMAC signature will be extracted from the
boot image and bitstream and used by the authentication algorithm. No on-chip storage for the HMAC signature is
required.
33.3.4 Key Management
The AES encryption key is stored on-chip within the PL. It can be loaded into either volatile battery-backed RAM
(BBRAM) or in non-volatile eFuse storage. The keys are loaded into the PL via the JTAG interface using the iMPACT
software see the 7-series Configuration User Guide for more information.
33.4 Zynq Security Features
33.4.1 Non-Secure State Allowances
The non-secure state is entered when the boot ROM detects that the FSBL is not encrypted. In this state the decryption
and authentication engines are disabled and locked requiring a power-on reset to re-enable. All subsequent PS images,
PL configuration bitstreams, and PL partial reconfiguration bitstreams loaded via PCAP-SMAP, PCAP-ICAP, or
ICAP must ne unencrypted.
There is no mechanism to move from the non-secure state to the secure state, besides power-on reset (POR). Any
attempt to load encrypted data after unencrypted data will result in security violation and security lockdown.
33.4.2 Secure State Allowances
Zynq is either operating in a secure state or a non-secure state. Note that this is not the same as the secure and
non-secure worlds of TrustZone, but rather the state of the device. The secure state is entered when the boot ROM
reads the encryption status from the boot ROM header section of the boot image. In this state the encrypted FSBL will
be loaded into the PS and any PL configuration using the PCAP-SMAP port must also be encrypted.
Since the encrypted FSBL loaded in a secure boot is “trusted”, it is possible to load additional PS images in plain text
mode. PL partial reconfiguration bitstreams can be loaded via the PCAP-ICAP or ICAP interface as either cipher text
or plain text. Subsequent PS images or PL bitstreams must use the same key source as the FSBL, key switching is not
allowed. Loading of plain text images or bitstreams after a secure boot is not recommended.
33.4.3 Security Reset
The PS’s device configuration interface contains a security policy block that is used to monitor the system security.
When conflicting status is detected either from the PS or the PL that could indicate inconsistent system configuration
or tampering, a security reset is triggered. In a security reset the on-chip RAM is cleared along with all the system
caches. The PL is reset and the PS enters a lockdown mode that can only be exited by issuing a power-on reset.
33.4.4 Golden Image Search
The Zynq Boot ROM supports the capability to fall-back and reload to a “golden” image (multi-boot). If the FSBL is
plain text, the subsequent golden images must also be plain text. Loading an encrypted golden image after loading a
plain text FSBL is not supported. Likewise, if the FSBL is cipher text, the golden image must also be encrypted with
the same key as the FSBL. Loading a plain text golden image after loading a cipher text FSBL is not supported.
33.4.5 JTAG and Debug Considerations
In secure boot, the PS DAP and the PL TAP controllers are bypassed by default, eliminating any JTAG access to the
Zynq device. JTAG access can be restored in secure mode by the FSBL or subsequent PS images since these appli-
cations are considered “trusted”. Access to the DAP enable registers can be locked out using the Device Configuration
Interface LOCK register.
To Next Page
Loading...
Need help?
General
