Configuration Security Unit (CSU) Introduction

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.3 English

At the center of the device security is the configuration security unit (CSU). The CSU is composed of two main blocks as shown in This Figure. On the left is the secure processor block (SPB) that contains a triple redundant processor for controlling boot operation. It also contains an associated ROM, a small private RAM, the physically unclonable function (PUF), and the necessary control/status registers required to support all secure operations. The component on the right is the crypto interface block (CIB) and contains the AES-GCM, DMA, SHA-3, RSA, and PCAP interfaces.

Runtime access to the CSU can be controlled via the Xilinx peripheral protection unit (XPPU). The CSU has a number of responsibilities, including the following.

Secure boot.

Tamper monitoring and response.

Secure key storage and management.

Cryptographic hardware acceleration.

Figure 12-1:      Configuration Security Unit Block Diagram

X-Ref Target - Figure 12-1