The Versal device provides several security-related features. One of the biggest security features that Versal devices provides is the hardened cryptographic engines that support:
- Advanced encryption standard Galois counter mode (AES-GCM) 128-bit and 256-bit, and supports additional authenticated data (AAD), including GMAC creation and validation.
- RSA 2048, 3072, and 4096
- Elliptic curve cryptography (ECC) engine that supports multiple
curves
- NIST P-256
- NIST P-384
- NIST P-521
- SHA-3/384 Hashing
- True Random Number Generator (TRNG)
Because of the hardened cryptographic engines in Versal devices, AMD provides an associated set of security-related drivers that use the cryptographic engines either during secure boot or runtime. During secure boot, the ROM, the PLM, and U-Boot can take advantage of these cryptographic features. During runtime, these drivers can be accessed directly through a bare-metal application or indirectly depending on the architecture configuration. This can include using an operating system, a hypervisor, Trusted Execution Environment (TEE), etc. For example, in a Linux application, the application can call the Linux kernel, which would send an IPI request to the PLM where the security library runs. This is just one example of accessing the security libraries from runtime; the options are numerous because Versal devices are highly configurable.
If there are any security features not provided by AMD, you can take advantage of the PL to implement additional security features or use the built-in Armv8 cryptographic extensions and the ArmĀ® NEON extensions in the Arm Cortex-A processors.