UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 67178

Soft Error Mitigation (SEM) IP – UltraScale and UltraScale+ Bitstream Encryption and Authentication

Description

Note: this answer record was updated for Vivado 2017.3.

(PG187) - UltraScale Architecture Soft Error Mitigation Controller v3.1 Product Guide for 2017.3 indicates the following:

  • In UltraScale+ FPGAs, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) has not been verified, and as a result, is not currently supported with the SEM IP.
    Public key authentication using RSA-2048 has not been verified, and as a result, is not currently supported with the SEM IP.
  • In UltraScale+ MPSoC, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) has not been verified, and as a result, is not currently supported with the SEM IP.
    Public key authentication using RSA-4096 has not been verified, and as a result, is not currently supported with the SEM IP.

This Answer Record provides the latest update regarding bitstream security support using SEM IP.  

The information in this Answer Record supersedes the information described in (PG187) above.

Solution

 

Starting in Vivado 2016.1:

In UltraScale devices, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP.

Public key authentication using RSA-2048 is supported with SEM IP.

 

Starting in Vivado 2017.3:

 

In UltraScale+ FPGAs, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP. 

Public key authentication using RSA-2048 is supported with SEM IP.

 

Starting in Vivado 2017.3:

In UltraScale+ MPSoC, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP.

Public key authentication using RSA-4096 is supported with SEM IP.

For more information, contact Xilinx support.

AR# 67178
Date 11/01/2017
Status Active
Type General Article
Devices
  • Kintex UltraScale
  • Kintex UltraScale+
  • Virtex UltraScale
  • More
  • Virtex UltraScale+
  • Zynq UltraScale+ MPSoC
  • Less
Page Bookmarked