AR# 72588


Design Advisory for Zynq UltraScale+ MPSoC/RFSoC: Encrypt Only Boot Mode - Unauthenticated Boot and Partition Headers


The Encrypt Only boot mode in the Zynq UltraScale+ device requires system level protections to be resistant to Differential Power Analysis (DPA) attacks. 

This is documented in version 1.8 of the Technical Reference Manual (TRM) that introduced the Encrypt Only boot mode, (UG1085): Zynq UltraScale+ Device Technical Reference Manual, which was released 8/3/2018.

This advisory notifies customers that the system level protections referenced in the TRM should also take into consideration that the Boot and Partition Headers are not authenticated in the Encrypt Only boot mode. 

Without authentication of these headers it is possible for an adversary who has access to the boot image to modify the control fields resulting in incorrect secure boot behavior. 

One such example is modification of the destination execution address. This address represents the start instruction address for a loaded partition. 

An adversary with access to the boot image could modify the address, causing the device to jump to an arbitrary memory location to modify or bypass the secure boot process.

For more information on how to sign up to receive notifications of new Design Advisories, see (Xilinx Answer 18683).


Xilinx continues to recommend the use of the Hardware Root of Trust (HWRoT) boot mode when possible. The HWRoT boot mode does authenticate the boot and partition headers.

For systems that must use the Encrypt Only boot mode, customers are advised to consider system level protections that take into account DPA, unauthenticated boot, and partition header attack vectors.

AR# 72588
Date 08/08/2019
Status Active
Type Design Advisory
People Also Viewed