AES-GCM

Versal ACAP Technical Reference Manual (AM011)

Document ID
AM011
Release Date
2022-04-26
Revision
1.4 English

The VersalĀ® device AES accelerator operates in GCM mode offering symmetric authentication, as well as decryption and encryption. Available at both boot and run time, this AES accelerator offers built-in protection against differential power attacks (DPA) and supports protocol protections (i.e., key rolling).

The AES-GCM supports a 256-bit key for boot and either a 128-bit or a 256-bit key afterward and uses a 128-bit data interface (broken into 32-bit words). In addition to GCM, this core also supports Galois Message Authentication Code (GMAC), which is intended for authentication of data using a symmetric key when encryption is not required. The AES-GCM engine also supports additional authenticated data (AAD).

The following key sources are supported:

  • Battery-backed RAM (BBRAM)
  • eFUSE
  • Boot header
  • User key register
  • Black key (PUF encrypted key storage)

For additional details, see the Versal ACAP Security Manual (UG1508). This manual requires an active NDA to download from the Design Security Lounge.