The public key cryptographic algorithms ECDSA and RSA are used to verify the authenticity of the programmable device image. Boot images can be authenticated using either RSA-4096 or EDCSA (NIST P-384 curve). After boot, the RSA key length or ECDSA curve is user-selectable.
The VersalĀ® ACAP includes an accelerator for both RSA and ECDSA math, and it is available to the user. For additional details, see the Versal ACAP Security Manual (UG1508). This manual requires an active NDA to download from the Design Security Lounge.
The accelerator supports the following:
- RSA
- Implements a modular exponentiation engine
- R*R mod M precalculation
- 2048, 3072, and 4096-bit key sizes
- ECDSA
- Implements a point multiplier engine for elliptic curve cryptography
- P-384 curve for initial boot
- Support for a wide variety of NIST, SECG, SM2, and Brainpool curves for user images and data beyond initial boot
Note: The RSA/ECDSA engine is not
available in the encryption disabled (-ED) devices. See the Devices with Encryption Disabled section for more information on -ED devices.