The cryptographic application is responsible for the configuration, control, and monitoring of the hardware and programmable logic. Upon execution, the software initializes, verifies the software image residing in secure flash, and performs a series of self-tests. If the initialization succeeds, the software enters the normal operation state. If initialization fails, the software enters the critical error state.
The critical error state supports the ability to load new software and provide status. No critical security parameters (CSPs) or cryptographic functions are available. The normal operation mode supports two sub-modes: limited and full-featured.
When the software enters the normal operation state, by default it is in the limited sub-mode which supports the ability to load new software, load a device bitstream, and provide status. No CSPs or cryptographic functions are available. As discussed in the next section, the software can enter full-featured mode when the device bitstream is authenticated, loaded into the PL, and verified. If anything fails along the way, the software remains in limited mode.
The full-featured mode supports cryptographic functions including the encryption and decryption of all data. Periodic tests are performed in full-featured mode to continue verification of the programmable logic and software. If any tests fail, the software moves to the critical error state. Full-featured mode also supports the ability to update CSPs.
A request to load a device bitstream while in full-featured mode causes the software to return to limited-mode after the new bitstream is authenticated, but before it is loaded and verified.