AR# 73475

|

Design Advisory for Zynq UltraScale+ MPSoC/RFSoC: 2019.1-2019.2 Warm Restart should be disabled for Security Conscientious Customers

Description

Warm Restart modifications in Vivado 2019.1 and 2019.2 created a security vulnerability:

  • If the FSBL is encrypted, when Warm Restart is invoked, the FSBL is written back out to external memory (DDR) in unencrypted form, compromising confidentiality
  • If the FSBL is authenticated, when Warm Restart is invoked, the calculated FSBL HASH is written back out to external memory (DDR), compromising authenticity

For more information on how to sign up to receive notifications for new Design Advisories, see (Xilinx Answer 18683).

Solution

The attached patches for 2019.1 and 2019.2 disable the Warm Restart feature for Security Conscientious Customers.

Note: When installed, open the xpfw_config.h file and change the value of USE_DDR_FOR_APU_RESTART_VAL from (1) to (0).

Attachments

Associated Attachments

AR# 73475
Date 05/12/2020
Status Active
Type Design Advisory
Devices
Tools
People Also Viewed