UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 68210

Design Advisory for Zynq UltraScale+ MPSoC: FSBL authenticates the boot image in external DDR

Description

The Xilinx Secure Library (xilsecure), used by the 2016.3 FSBL to Authenticate boot images (including bitstreams), was developed to support early integration and testing of the Zynq UltraScale+ Devices.

Therefore, it performs the entirety of the asymmetric authentication operation on the boot image in external DDR memory.

This approach is subject to tampering by an adversary that has direct access to the DDR.

Xilinx does not recommend fielding a system using this library unless proper protections have been put in place at a system level.

Solution

For the 2017.1 version of the FSBL, Xilinx is developing a new Xilinx Secure Library (xilsecure) that will securely authenticate the boot image. 

This software continues to utilize external DDR memory to maximize performance and reduce boot time. However, the entirety of the authentication process is not performed in external memory. 

Tampering will be detected with the implementation of the new Xilinx Secure Library (xilsecure). Xilinx recommends customers use this library in fielded systems where an adversary could have direct access to the DDR.

AR# 68210
Date 12/05/2016
Status Active
Type Design Advisory
Devices
  • Zynq UltraScale+ MPSoC
Tools
  • Vivado Design Suite - 2016.3
Page Bookmarked