Key Management Summary

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

The device provides a variety of options for securing both boot images and user data. Boot image keys can be stored in BBRAM, eFUSE, or in the boot image itself. These keys can be in plain text (red), obfuscated with the family key, or encrypted with the PUF KEK (black). These options are described in Table: Boot Image Keys.

Table 12-9:      Boot Image Keys

Features

BBRAM

eFUSE

Boot Image

Programming method

Internal via software

External via JTAG

Internal via software

External via JTAG

PUF registration software

Bootgen

Bootgen + PUF Registration software

 

Program verification

CRC32 Only

CRC32 Only

N/A

Key state during storage

Red

Red, black, or obfuscated

Black or obfuscated

In-use protections

Temporary storage in registers, not RAM.

Transferred in parallel, not serial.

Boot: DPA counter measures and zeroization after use.