FPGA Support

As described in the Boot Time Security, FPGA-only devices also need to maintain security while deploying them in the field. Xilinx® tools provide embedded IP modules to achieve the Encryption and Authentication, is part of programming logic. Bootgen extends the secure image creation (Encrypted and/or Authenticated) support for FPGA family devices from 7 series and beyond. This chapter details some of the examples of how Bootgen can be used to encrypt and authenticate a bitstream. Bootgen support for FPGAs is available in the standalone Bootgen install.

Note: Only bitstreams from 7 series devices and beyond are supported.

Encryption and Authentication

Xilinx® 7 series FPGAs use the embedded, PL-based, hash-based message authentication code (HMAC) and an advanced encryption standard (AES) module with a cipher block chaining (CBC) mode. For UltraScale devices and beyond, AES-256/Galois Counter Mode (GCM) are used, and HMAC is not required.

Encryption Example

To create an encrypted bitstream, the AES key file is specified in the BIF using the attribute aeskeyfile. The attribute encryption=aes should be specified against the bitstream listed in the BIF file that needs to be encrypted.

bootgen -arch fpga -image secure.bif -w -o securetop.bit

The BIF file looks like the following:

the_ROM_image:
{
	[aeskeyfile] encrypt.nky
	[encryption=aes] top.bit
}

Authentication Example

A Bootgen command to authenticate an FPGA bitstream is as follows:

bootgen -arch fpga -image all.bif -o rsa.bit -w on -log error

The BIF file is as follows:

the_ROM_image:
{
	[sskfile] rsaPrivKeyInfo.pem
	[authentication=rsa] plain.bit
}

Family or Obfuscated Key

Note: Obfuscated key encryption is not supported in Versal devices.

To support obfuscated key encryption, you must register with Xilinx support and request the family key file for the target device family. The path to where this file is stored must be passed as a bif option before attempting obfuscated encryption. Contact secure.solutions@xilinx.com to obtain the Family Key.

image:
{
	[aeskeyfile] key_file.nky
	[familykey] familyKey.cfg
	[encryption=aes] top.bit
}
A sample aeskey file is shown in the following image.
Figure 1: AES Key Sample

HSM Mode

For production, FPGAs use the HSM mode, and can also be used in Standard mode.

Standard Mode

Standard mode generates a bitstream which has the authentication signature embedded. In this mode, the secret keys are supposed to be available to the user for generating the authenticated bitstream. Run Bootgen as follows:

bootgen -arch fpga -image all.bif -o rsa_ref.bit -w on -log error

The following steps listed below describe how to generate an authenticated bitstream in HSM mode, where the secret keys are maintained by secure team and not available with the user. The following figure shows the HSM mode flow:

Figure 2: HSM Mode Flow

Stage 0: Authenticate with dummy key

This is a one time task for a given bit stream. For stage 0, Bootgen generates the stage0.bif file.

the_ROM_image:
{
	[sskfile] dummykey.pem
	[authentication=rsa] plain.bit
}
Note: The authenticated bitstream has a header, an actual bitstream, a signature and a footer. This dummy.bit is created to get a bitstream in the format of authenticated bitstream, with a dummy signature. Now, when the dummy bit file is given to Bootgen, it calculates the signature and inserts at the offset to give an authenticated bitstream.

Stage 1: Generate hashes

bootgen -arch fpga
          -image stage1.bif -generate_hashes -log error

Stage1.bif is as follows:

the_ROM_image:
{
	[authentication=rsa] dummy.bit
}

Stage 2: Sign the Hash HSM

Here, OpenSSL is used for demonstration.

openssl rsautl -sign
  -inkey rsaPrivKeyInfo.pem -in dummy.sha384 > dummy.sha384.sig

Stage 3: Update the RSA certificate with Actual Signature

The Stage3.bif is as follows:

bootgen -arch fpga -image stage3.bif -w -o rsa_rel.bit -log error
the_ROM_image:
{
	 [spkfile] rsaPubKeyInfo.pem
	 [authentication=rsa, presign=dummy.sha384.sig]dummy.bit
}
Note: The public key digest, which must be burnt into eFUSEs, can be found in the generated rsaPubKeyInfo.pem.nky file in Stage3 of HSM mode.