Key Management

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

The AES crypto engine has access to a diverse set of key sources. Non-volatile key sources include eFUSEs, BBRAM, a PUF key encryption key (KEK), and a family key. These keys maintain their values even when the device is powered-down. Volatile key sources include an operational key and a key update register key.

The device key source selection is exclusively done by the CSU ROM based on the authenticated boot image header. A device key can be from any of the following sources (see This Figure).

BBRAM

Boot

eFUSE

Family

Operational

PUF KEK

Table 12-5:      Types of Keys

Key Name

Description

BBRAM

The BBRAM key is stored in plain text form in a 256-bit RAM array.

Boot

The boot key register holds the decrypted key while the key is in use.

eFUSE

The eFUSE key is stored in eFUSEs. It can be either plain text, obfuscated (i.e., encrypted with the family key), or encrypted with the PUF KEK.

Family

The family key is a constant AES key value hard-coded into the devices. The same key is used across all devices in the Zynq UltraScale+ MPSoC family. This key is only used by the CSU ROM to decrypt an obfuscated key. The decrypted obfuscated key is used to decrypt the boot images. The obfuscated key can be stored in either eFUSE or the authenticated boot header. Because the family key is the same across all devices, the term obfuscated is used rather than encrypted to reflect the relative strength of the security mechanism.

Operational

The operational (OP) key is obtained by decrypting the secure header using a plain text key obtained from the other device key sources. For secure boot, this key is optional. Use of the OP key is specified in the boot header and minimizes the use of the device key, thus limiting its exposure.

PUF KEK

The PUF KEK is a key-encryption key that is generated by the PUF.

Key update register (KUP)

User provided key source. After boot, a user selected key can be used with the hardened AES accelerator.

In addition to the BBRAM and eFUSE key storage locations, the Zynq UltraScale+ MPSoC also allows for the device key to be stored externally in the boot flash. This key can be stored in its obfuscated form (i.e., encrypted with the family key) or in its black form (i.e., encrypted with the PUF KEK).

A device key (a key used to boot the device) is selected by the CSU ROM based on the authenticated boot header or the ENC_ONLY eFUSE setting. To use the device key post boot, the following conditions must be met.

The device key is available post boot if the initial configuration files are encrypted or if the authentication only option is selected. See Hardware Root of Trust Only Boot (Auth_Only Option) for more information.

The device key used during boot must be used for all image partitions. The key source used for partition decryption cannot be changed until the next POR. For example, it is not possible to encrypt some partitions with a BBRAM key and others with an eFUSE key. It is also not possible for some partitions to use the operational key and other partitions to not use the operational key.

The device key can be changed to the PUF KEK if all of the conditions in the section are fulfilled. See Secure Non-Volatile Storage for more information.

Using only the device key post boot is not restricted. A user key can also be loaded into the KUP. The aes_key_src register can be used to select between the device key and the key update key. This Figure shows the key selection process and the protections in place.

Figure 12-2:      Key Selection

X-Ref Target - Figure 12-2

X15319-key-selection.jpg