This answer record was updated for Vivado 2016.1.
PG187 - UltraScale Architecture Soft Error Mitigation Controller v3.1 Product Guide indicates the following:
"Use of bitstream security (encryption and authentication) is currently not supported by the controller when targeting UltraScale+ devices. Bitstream security (AES encryption and authentication) is supported for UltraScale devices."
This Answer Record provides the latest update regarding bitstream security support using SEM IP.
The information in this Answer Record supersedes the information described in (PG187) above.
In UltraScale devices, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP.
Public key authentication using RSA-2048 is supported with SEM IP.
In UltraScale+ FPGAs, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) has not been verified, and as a result, is not currently supported with SEM IP.
Public key authentication using RSA-2048 has not been verified, and as a result, is not currently supported with SEM IP.
In UltraScale+ MPSoC, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) has not been verified, and as a result, is not currently supported with SEM IP.
Public key authentication using RSA-4096 has not been verified, and as a result, is not currently supported with SEM IP.
For more information, contact Xilinx support.