On Versal devices, secure boot ensures the confidentiality, integrity, and authentication of the firmware and software loaded onto the device. The root of trust starts with the BootROM, which authenticates and/or decrypts the PLM depending on the secure boot mode selected. Versal ACAPs offer two secure boot modes: Asymmetric Hardware Root of Trust (A-HWRoT) and Symmetric Hardware Root of Trust (S-HWRoT).
The A-HWRoT boot mode forces the device to only boot images that are authenticated using RSA or ECDSA. The S-HWRoT boot mode forces the device to only boot images that have the PLM and MetaHeader encrypted using a black (encrypted) eFUSE key.
Encryption of partitions beyond the PLM and MetaHeader is defined by the MetaHeader that is authenticated using AES-GCM. Secure boot is important for two reasons.
- Ensures that the software being loaded onto a device is allowed to be loaded, which prevents malicious code from running on the device
- Protects the OEM IP because the software is stored in an encrypted fashion, which prevents the OEM IP from being stolen.
Additionally, if secure boot is not desired, then software can at least be validated with a simple SHA3 checksum; however, keep in mind that the protections listed above do not apply when using this method of boot. The following table highlights the possible secure boot configurations.
|Boot Type||Operations||Hardware Crypto Engines|
|Authentication||Decryption||Integrity (Checksum Verification)|
|Hardware Root-of-Trust (HWRoT)||Yes||Optional||Integrity via Authentication||N/A|
|Asymmetric Hardware Root-of-Trust (A-HWRoT)||Yes. Enforced using eFUSEs||Optional||Integrity via Authentication||RSA/ECDSA and SHA3|
|Symmetric Hardware Root-of-Trust (S-HWRoT)||Yes via GCM and eFUSEs||
Must use PUF KEK
|Integrity via Authentication||AES-GCM/PUF|
|A-HWRoT + S-HWRoT||Yes||
Must use PUF KEK
|Integrity via Authentication||RSA/ECDSA, SHA3, AES-GCM, PUF|
The Versal ACAP system uses the following hardware cryptographic blocks in the secure boot process:
- SHA Hardware Accelerator
- Calculates the SHA3/384 hash on images, used in conjugation with the RSA or elliptical curve cryptography (ECC) engine for authentication.
- ECDSA-RSA Hardware Accelerator
- Authenticates images using a public asymmetric key. Either RSA-4096 or
ECDSA with curve NIST P-384 can be used.
In addition to NIST-P384, NIST-P521 curve can also be used by the PLM for other images. P-384 is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, you can use P-521.
- AES-GCM Hardened Crypto Block
- Decrypts images using a 256-bit key, and verifies the integrity
of the decrypted image using the GCM tag.
In addition to AES-GCM 256-bit, AES-GCM 128-bit can also be used by the PLM for other images. AES-GCM 256-bit is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, use AES-GCM 128-bit.