The K26 SOM provides two levels of security with dedicated hardware built into the MPSoC and an on-board trusted platform module (TPM) device. Together they enable implementation of tamper monitoring, secure boot, measured boot, and hardware accelerated cryptographic functions.
The K26 SOM includes the following security features:
- Encryption and authentication of configuration files (non-ED devices only)
- Hardened crypto-accelerators available for user applications (non-ED devices only)
- Secure methods for storing cryptographic keys via eFUSEs
- Methods for detecting and responding to device tamper events
MPSoCs have a dedicated configuration security unit (CSU), which is used for supporting secure boot, tamper monitoring, secure key storage, and cryptographic hardware acceleration. See the Security chapter in the Zynq UltraScale+ Device Technical Reference Manual (UG1085) for implementation details. The cryptographic accelerators available on the MPSoC are as follows:
- RSA exponential multiplier
The CSU, an internal on-chip memory (OCM), and flexible key storage provide hardware root of trust mechanisms for implementing secure boot within the MPSoC. The hardware capabilities support authenticated and encrypted protections for boot and associated configuration files.
After ensuring the initial boot integrity of the device, the CSU then acts as a centralized tamper monitoring and response controller using the MPSoC integrated system monitor (SYSMON) for measuring and implementing voltage and temperature alarms and configurations. Various alarms and set points can be configured as defined in the Zynq UltraScale+ Device Technical Reference Manual (UG1085).
The MPSoC includes a key management infrastructure supporting battery-backed RAM (BBRAM), eFUSE, embedded boot keys, and device family keys. When BBRAM is required, battery backup must be provided on the carrier card. Additional details on the key management functions of the MPSoC are outlined in the Zynq UltraScale+ Device Technical Reference Manual (UG1085).
The MPSoC contains a 96-bit unique, nonvolatile device identifier called the device DNA that is permanently programmed in the MPSoC. The SOM EEPROM also contains a unique identifier (UID), programmed at the time of SOM manufacturing. These unique identifiers support the implementation over-the-air (OTA) device enrollment and attestation functionality.
The MPSoC eFUSEs allow permanent enable or disable of specific features to protect deployed systems. A complete list of these capabilities is outlined in the Zynq UltraScale+ Device Technical Reference Manual (UG1085). Two commonly used features are:
- Forces every device boot to be authenticated via RSA
- Disables JTAG
In addition to the MPSoC security features, the SOM includes an external TPM device, compliant with the trusted computing group (TCG) TPM 2.0 standard. The TPM 2.0 device enables hardware-based security for remote attestation, measured boot, and other secure cryptographic functions. The TPM reset is connected to PS_POR_L.