Loading an Authenticated and Encrypted Bitstream using OCM - 2023.2 English

Standalone Library Documentation: BSP and Libraries Document Collection (UG643)

Document ID
UG643
Release Date
2023-12-13
Version
2023.2 English

To authenticate the Bitstream partition securely, XilFPGA uses the FSBL section's OCM memory to copy the bitstream in chunks from DDR.

This method does not require trust in the external DDR to securely authenticate and decrypt a Bitstream.

The software workflow for authenticating Bitstream is as follows:

  1. XilFPGA identifies DDR secure Bitstream image base address. XilFPGA has two buffers in OCM, the Read Buffer is of size 56KB and hash of chunks to store intermediate hashes calculated for each 56 KB of every 8MB block.
  2. XilFPGA copies a 56KB chunk from the first 8MB block to Read Buffer.
  3. XilFPGA calculates hash on 56 KB and stores in HashsOfChunks.
  4. XilFPGA repeats steps 1 to 3 until the entire 8MB of block is completed.
    Note: The chunk that XilFPGA copies can be of any size. A 56KB chunk is taken for better performance.
  5. XilFPGA authenticates the 8MB Bitstream chunk.
  6. Once the authentication is successful, XilFPGA starts copying information in batches of 56KB starting from the first block which is located in DDR to Read Buffer, calculates the hash, and then compares it with the hash stored at HashsOfChunks.
  7. If the hash comparison is successful, FSBL transmits data to PCAP using DMA (for un-encrypted Bitstream) or AES (if encryption is enabled).
  8. XilFPGA repeats steps 6 and 7 until the entire 8MB block is completed.
  9. Repeats steps 1 through 8 for all the blocks of Bitstream.
Note: You can perform warm restart even when the FSBL OCM memory is used to authenticate the Bitstream. PMU stores the FSBL image in the PMU reserved DDR memory which is visible and accessible only to the PMU and restores back to the OCM when APU-only restart needs to be performed. PMU uses the SHA3 hash to validate the FSBL image integrity before restoring the image to OCM (PMU takes care of only image integrity and not confidentiality).