The Xilinx Secure Library (xilsecure), used by the 2016.3 FSBL to Authenticate boot images (including bitstreams), was developed to support early integration and testing of the Zynq UltraScale+ Devices.
Therefore, it performs the entirety of the asymmetric authentication operation on the boot image in external DDR memory.
This approach is subject to tampering by an adversary that has direct access to the DDR.
Xilinx does not recommend fielding a system using this library unless proper protections have been put in place at a system level.
For the 2017.1 version of the FSBL, Xilinx is developing a new Xilinx Secure Library (xilsecure) that will securely authenticate the boot image.
This software continues to utilize external DDR memory to maximize performance and reduce boot time. However, the entirety of the authentication process is not performed in external memory.
Tampering will be detected with the implementation of the new Xilinx Secure Library (xilsecure). Xilinx recommends customers use this library in fielded systems where an adversary could have direct access to the DDR.