The public key cryptographic algorithms ECDSA and RSA are used to verify the authenticity of the programmable device image. Boot images can be authenticated using either RSA-4096 or EDCSA (NIST P-384 curve). After boot, the RSA key length or ECDSA curve is user-selectable.
The AMD Versal™ adaptive SoC includes an accelerator for both RSA and ECDSA math, and it is available to the user. For additional details, see the Versal Adaptive SoC Security Manual (UG1508). This manual requires an active NDA to download from the Design Security Lounge.
The accelerator supports the following:
- Implements a modular exponentiation engine
- R*R mod M precalculation
- 2048, 3072, and 4096-bit key sizes
- Implements a point multiplier engine for elliptic curve cryptography
- P-384 curve loading of the PLM firmware by the RCU BootROM code and either P-384 or P-521 for images loaded by the PLM firmware
- Support for a wide variety NIST P-256, NIST P-384, and NIST P-521 beyond initial boot