Authenticated Boot with RPU as Root of Trust and Secure Processing System

Single Chip FIPS 140-3 on Zynq UltraScale+ MPSoC (WP548)

Document ID
WP548
Release Date
2022-11-03
Revision
1.0 English

In iDirect Government’s SEE, the RPU is the secure processor ensuring root of trust as well as maintaining the logical isolation of the system. The RPU executes the first stage boot loader (FSBL) and configures XMPU/XPPU isolation control registers, which ensures that the root of trust extends from boot ROM all the way to the cryptographic application. The following figure illustrates the boot flow in iDirect Government’s SEE. The FSBL executes on the RPU that hands off to the cryptographic application. All non-secure software is executed solely on the APU, ensuring that secure peripherals and memory cannot be accessed.

Figure 1. Boot Sequence and Root of Trust