Crypto Interface Block

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.4 English

The features of the CIB include the following.

Secure stream switch for managing data exchange with cryptographic cores.

SHA-3/384 hardened core.

AES-GCM-256 hardened core.

RSA exponential multiplier accelerator hardened core.

Secure key management including BBRAM and eFUSE key storage.

Processor configuration access port (PCAP).

In secure configurations, the RSA and SHA-3/384 are used to authenticate the image and the AES-GCM is used to decrypt the image. During boot, the CIB and SPB run on the internal clock oscillator. After boot, the CIB clock can be sourced from a faster PLL clock to increase the performance of the user-accessible crypto blocks.

Data is moved into and out from the CIB using a direct memory access controller (CSU_DMA) and the secure stream switch (SSS). The Secure Stream Switch outlines the options for data movement. See Secure Stream Switch and CSU DMA in Boot and Configuration for more information on DMA between cryptographic accelerators and memory. The CIB also contains key vaults and key management functionality for keys used during boot, as well as post boot for cryptographic acceleration.

Access to the PL is provided via the PCAP interface.   See PL Configuration for more information. Table: CSU Register Summary lists CSU registers for performing cryptographic functions, as well as other CSU security critical functionality.