Description

Note: this answer record was updated for Vivado 2017.3.

(PG187) - UltraScale Architecture Soft Error Mitigation Controller v3.1 Product Guide for 2017.3 indicates the following:

• In UltraScale+ FPGAs, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) has not been verified, and as a result, is not currently supported with the SEM IP.
  Public key authentication using RSA-2048 has not been verified, and as a result, is not currently supported with the SEM IP.
• In UltraScale+ MPSoC, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) has not been verified, and as a result, is not currently supported with the SEM IP.
  Public key authentication using RSA-4096 has not been verified, and as a result, is not currently supported with the SEM IP.

This Answer Record provides the latest update regarding bitstream security support using SEM IP.  

The information in this Answer Record supersedes the information described in (PG187) above.

Solution

Starting in Vivado 2016.1:

In UltraScale devices, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP.

Public key authentication using RSA-2048 is supported with SEM IP.

Starting in Vivado 2017.3:

In UltraScale+ FPGAs, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP. 

Public key authentication using RSA-2048 is supported with SEM IP.

Starting in Vivado 2017.3:

In UltraScale+ MPSoC, private key encryption of the bitstream using AES-GCM-256 (a self-authenticating AES algorithm) is supported with SEM IP.

Public key authentication using RSA-4096 is supported with SEM IP.

For more information, contact Xilinx support.