The size of the bitstream is too large to be contained inside the device, therefore external memory must be used. The use of external memory could create a security risk. Therefore, two methods are provided to authenticate and decrypt a Bitstream.
- The first method uses the internal OCM as temporary buffer for all cryptographic operations. For details, see Loading an Authenticated and Encrypted Bitstream using OCM. This method does not require trust in external DDR memory.
- The second method uses external DDR memory for authentication prior to sending the data to the decryptor, there by requiring trust in the external DDR memory. For details, see Loading an Authenticated and Encrypted Bitstream using DDR Memory Controller.