Xilinx works closely with government agencies such as NIST in order to provide a complete security solution. The solution provides silicon features, IP, and design flows to meet TRUST specifications and provide solutions for anti-tampering and information assurance.
Xilinx has been at the forefront of providing FPGA AT solutions for many years. The Virtex-II device was the first FPGA with bitstream encryption, extended by additional AT solutions in Spartan®-6, Virtex®-5, Virtex-6, 7 series, and UltraScale Architecture Devices, including bitstream authentication in Virtex-6, Virtex-7 and UltraScale Architecture devices. Xilinx also offers a soft IP core, Security Monitor, providing certain tamper protections after configuration.
By taking advantage of various Xilinx FPGA AT features, a systems engineer can choose how much AT to include with the FPGA design. AT can be in the form of enabling individual silicon AT features or a combination of these AT features to cover three main AT categories:
1. Prevention – For example, bitstream encryption and authentication
2. Detection – For example, voltage and temperature monitoring
3. Response – For example, bitstream BBRAM decryption key erasure penalty
The table below shows the supported built-in device capabilities for the different Xilinx device families. Passive security features are built into the FPGA and do not require the user to do anything extra in their FPGA logic design. Active security features require the user design to add them to their FPGA logic design.
|BUILT-IN SILICON FEATURES||Virtex-5||Spartan-6||Virtex-6||7 series||Zynq||UltraScale|
|AES 256 (BBRAM)||X||X||X||X||X||X|
|AES 256 (eFUSE)||X||X||X||X||X|
|Secure Config/Boot (PL/PS)||X||X||X||X||X||X|
|Hardened Readback Disable||X||X||X||X||X||X|
|Decrypt then Authenticate||X||X||X||X|
|JTAG Disable/Monitor (BSCAN)||X||X||X||X||X||X|
|Internal Config Mem Clear||X||X||X||X||X|
|Unique Identifier (Device DNA)||X||X||X||X||X|
|On-chip Temp/Volt Monitoring||X||X||X||X||X|
|Unique Identifier (User eFUSE)||X||X||X||X|
Also available is the Xilinx Security Monitor (SecMon) IP, an agency-evaluated and exportable security solution. It consolidates many of the above active security features into a single security module. For example, it can be used to monitor and respond to attacks such as JTAG, power and temperature and can enforce secure partial reconfiguration (PR) operations. For additional details please see the Security Monitor IP Product Brief.
Formally known as the Single Chip Cryptography (SCC) flow, Xilinx Isolation Design Flow (IDF) provides fault containments at the FPGA module level, enabling single-chip fault tolerance by various techniques including modular redundancy, watchdog alarms, segregation by safety level, and isolation of test logic for safe removal. More information is available on the Isolation Design Flow webpage.
Xilinx algorithm implementations have achieved Algorithm Validation Program (CAVP) certification.
Additionally, the algorithm implementations that are used to securely configure Xilinx 7 Series FPGA and Zynq SoC devices have been independently validated as being correct by an NIST-accredited security testing laboratory. These validations have been entered on the NIST Cryptographic Algorithm Validation Program (CAVP) website here.
Cyber Security for Industrial IoT
Xilinx Zynq®-7000 SoCs and Zynq UltraScale+™ MPSoCs support a Defense in Depth approach to Cyber Security through a combination of in-house solutions and an extensive ecosystem, which provide comprehensive coverage of evolving standards. Additionally, Xilinx is a foundational technology provider of the Industrial Internet Consortium (IIC) Security Claims Evaluation Testbed, enabling 3rd parties to validate their Cyber Security claims. Xilinx provides validated solutions throughout the chain of trust from supply chain through run-time enabling customers to build their applications on a strong root-of-trust. These multi-layered security solutions include (but not limited to):
- Secure Communication Engines (e.g. Cryptographic Software Libraries and Hardware Acceleration)
- Run-Time Security/Isolation via Embedded Software, Hardware, and Design Flows (e.g. Hypervisors, TrustZone, Protection Units)
- Hardware Root-of-Trust (e.g. Secure Boot, Measured Boot)
- Trusted Supply Chain
The foundation of security is to ensure that only the true and intended devices, software, firmware, and IP used in the systems do only what they are designed to do and nothing more. Xilinx actively evaluates and monitors open standards such as NIST Standard 800-161 and 5200.44 to meet and exceed these documented specifications.
Please contact firstname.lastname@example.org for all general TRUST related questions.