Secure Boot Summary

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

There are a number of functional blocks involved in the secure boot process, including the following.

Dedicated hardware state machines

Platform management unit (PMU)

Configuration and security unit (CSU)

The high level boot flow summary is shown in This Figure.

Figure 12-8:      High-Level Boot Flow

X-Ref Target - Figure 12-8

X18922-high-level-boot-flow.jpg

Once power is valid to the device, the dedicated hardware state machines perform a series of mandatory and optional tasks. The device includes test logic used by the developer for device verification and test. The test interfaces power up in a known secure state. The registers in the PMU are zeroized, which means zeros are written to them, and the zeros are readback to confirm they were written correctly. Optionally, a logic built in self test (LBIST) can be performed during boot. This option is enabled by programming the LBIST_EN eFUSE. LBIST is commonly used in functional safety applications, see Functional Safety for more details on what circuits of the device are covered via LBIST.

Note:   Extra boot time is required when running LBIST.

Finally, the dedicated hardware sends the PMU immutable ROM code through the SHA-3/384 engine and compares the calculated cryptographic checksum to the golden copy stored in the device. If the cryptographic checksums match, the integrity of the PMU ROM is validated and the reset to the PMU is released. If any of these tasks fail, an error flag is set in the JTAG error status register (readable through JTAG). To prevent the error message from being readable through the JTAG error status register, the ERR_DIS eFUSE can be programmed.

The PMU performs a number of mandatory and optional security operations as listed in Table: PMU Security Operations. See Platform Management Unit for more information.

Table 12-14:      PMU Security Operations

Security Operation

Description

Optional?

Zeroize low power domain (LPD) registers

When the LPD_SC eFUSE is programmed, the PMU zeroizes all registers in the LPD.

Yes

Zeroize full power domain (FPD) registers

When the FPD_SC eFUSE is programmed, the PMU zeroizes all registers in the FPD.

Note:   The MGTs must be powered during full-power domain zeroization.

Yes

Zeroize PMU RAM

The PMU RAM has zeros written to it, and read back to confirm the write is successful.

No

Voltage checks

The PMU checks the supply voltage of the LPD, AUX, and dedicated I/O to confirm that the voltages are within specifications.

No

Zeroize memories

The PMU zeroizes memories located in the CSU, LPD, and FPD.

No

Once these security operations are complete, the PMU sends the CSU immutable ROM code through the SHA-3/384 engine and compares the calculated cryptographic checksum to the golden copy stored in the device. If the cryptographic checksums match, the integrity of the CSU ROM is validated and the reset to the CSU is released. If any of these tasks fail, an error flag is set in the JTAG error status register (readable through JTAG). The error message can be prevented from being read through the JTAG error status register by programming the ERR_DIS eFUSE. In the event of a PMU error, the default operation of the device is to continue the boot process and release the reset to the CSU. Once the design comes online, it can read the status of all the error messages from inside the device and determine whether or not to continue to operate. To make the device automatically go into lockdown when an error occurs during the boot process, the PBR_BOOT_ERROR eFUSE can be programmed.

The CSU is the center of the secure boot process. It enforces the hardware root of trust or encrypt only secure boot steps when they are enabled. The CSU also maintains the security state of the device by prohibiting the transition from a secure state to an unsecure state, or from an unsecure state to a secure state without a full POR. Once the FSBL (and, if applicable, the PMUFW) has been loaded securely, the CSU zeroizes the storage elements of the cryptographic engines and releases the reset to the specified processing unit (APU or RPU).