The Versal device provides several security-related features. One of the biggest security features that Versal ACAP provides is the hardened cryptographic engines that support:
- Advanced encryption standard Galois counter mode (AES-GCM) 128-bit and 256-bit, and supports additional authenticated data (AAD).
- RSA 2048, 3072, and 4096
- Elliptic curve cryptography (ECC) engine that supports multiple
- NIST P-384
- NIST P-521
- SHA3/384 Hashing
- True Random Number Generator (TRNG)
Because of the hardened cryptographic engines in Versal ACAP, Xilinx provides an associated set of security-related drivers that use the cryptographic engines either during secure boot or run time. During secure boot, the ROM, the PLM, and U-Boot can take advantage of these cryptographic features. During run time, these drivers can be accessed directly through a bare-metal application or indirectly depending on the architecture configuration. This can include using an operating system, a hypervisor, Trusted Execution Environment (TEE), etc. For example, in a Linux application, the application can call the Linux kernel, which would send an IPI request to the PLM where the security library runs. This is just one example of accessing the security libraries from run time; the options are numerous because Versal ACAP is highly configurable.
If there are any security features not provided by Xilinx, you can take advantage of the PL to implement additional security features or use the built-in Armv8 cryptographic extensions and the Arm® NEON extensions in the Arm Cortex®-A72 processors.