AR# 76171

|

Design Advisory: Xilinx recommends that the user generates their own keys for fielded systems and then provide those keys to the development tools

Description

The most secure keying material comes only from a truly random process which avoids weak keys.

Keys from deterministic processes (i.e., non-true-random processes) can be weak which means they may be predictable or could be brute-forced.

As a result, Xilinx recommends that the user generates their own keys for fielded systems and then provide those keys to the development tools.

This Design Advisory impacts Zynq-7000 SoC, Zynq UltraScale+ MPSoC/RFSoC, Versal ACAP, UltraScale, UltraScale+ and previous FPGA families (Virtex-2 Pro, Virtex-4, Virtex-5, Virtex-6, 7 Series).

Solution

FPGA (UltraScale, UltraScale+):

When using the NIST approved Counter Mode KDF for Key Generation as provided by either bootgen or write_bitstream, a Seed is needed for the KDF and is expected to be provide by the user.
If the Seed is not provided by the user, Bootgen uses OpenSSL’s RAND_Bytes to generate the seed.

Although this seed generation should be cryptographically strong, Xilinx does not intend for Vivado or Vitis generated Seeds to be used for generation of production keys for users (1).
More information on using OpenSSL to generate random numbers can be found at https://wiki.openssl.org/index.php/Random_Numbers.

When using the time-based pseudorandom process in either bootgen or write_bistream, the generated keys might be weak as it is not a truly random process.

For fielded systems, we always recommend that you provide your own keys.

 

Zynq UltraScale+ MPSoC/RFSoC and Versal ACAP:

Bootgen uses NIST approved Counter Mode KDF for Key Generation, but the Seed that is needed for the KDF is expected to be provided by the user.

If the Seed is not provided by the user, Bootgen uses OpenSSL’s RAND_Bytes to generate the seed.

Although this seed generation should be cryptographically strong, Xilinx does not intend for Vivado or Vitis generated Seeds to be used for generation of production keys for users (1).

More information on using OpenSSL to generate random numbers can be found at https://wiki.openssl.org/index.php/Random_Numbers.

 

Zynq-7000:

The Bootgen tool uses a pseudorandom process seeded with the current date and time to generate AES and HMAC keys. As a result, the generated keys might be weak as it is not a truly random process.

For fielded systems, we always recommend that you provide your own keys.

This key generation in Bootgen can be used for testing when real/production keys are not available to engineers during development.

 

FPGA (Virtex-2 Pro, Virtex-4, Virtex-5, Virtex-6, 7 Series):

ISE’s BitGen and Vivado’s write_bitstream use a pseudorandom process seeded with the current date and time to generate AES and HMAC keys.

As a result, the generated keys might be weak as it is not a truly random process. For fielded systems, we always recommend that you provide your own keys.

Xilinx’s key generation can be used for testing when real/production keys are not available to engineers during development.

 

Note 1: Xilinx incorporates a snapshot of the OpenSSL library as-is without further inspection or validation.

AR# 76171
Date 04/23/2021
Status Active
Type General Article
Devices More Less
Tools
People Also Viewed