The security architecture of Versal ACAP is significantly enhanced from previous generations. The root of trust starts with the PMC ROM, which authenticates and optionally, decrypts the PLM software. The PMC ROM can only be loaded into and run from the PPU in the PMC. After the PLM software is authenticated, the PLM ensures secure loading of the remaining firmware and software. For more information, see the Versal ACAP System Software Developers Guide (UG1304), Versal ACAP Technical Reference Manual (AM011), or visit the Design Security Lounge (registration required) on the Xilinx website for access to detailed security related information. The following table highlights the possible secure boot configurations for Versal ACAP and shows a comparison with Zynq UltraScale+ MPSoC.
Boot Type | Operations | Hardware Crypto Engines | |||
---|---|---|---|---|---|
Authentication | Decryption | Integrity (Checksum Verification) | Zynq UltraScale+ MPSoC | Versal ACAP | |
Non-secure | No | No | No | N/A | N/A |
Hardware Root-of-Trust (HWRoT) | Yes | Optional | Integrity via Authentication | RSA, SHA3 | N/A |
Encrypt Only (EO) | Yes via GCM | Yes | Integrity via Authentication | AES-GCM | N/A |
Asymmetric Hardware Root-of-Trust (A-HWRoT) | Yes | Optional | Integrity via Authentication | N/A | RSA/ECDSA and SHA3 |
Symmetric Hardware Root-of-Trust (S-HWRoT) | Yes via GCM and eFUSEs |
Yes Must use PUF KEK |
Integrity via Authentication | N/A | AES-GCM/PUF |
A-HWRoT + S-HWRoT | Yes |
Yes Must use PUF KEK |
Integrity via Authentication | N/A | RSA/ECDSA, SHA3, AES-GCM, PUF |
Authentication + Decryption | Yes | Yes | Integrity via Authentication | RSA, SHA3, AES-GCM | RSA/ECDSA, SHA3, AES-GCM |
Decrypt Only | No | Yes | Yes | AES-GCM | AES-GCM |
Checksum Verification | No | No | Yes | SHA3 | SHA3 |