The AES-GCM encryption standard supports built-in authentication, enhancing security and eliminating the need to specify a separate HMAC key as in the 7 series FPGAs. Without knowledge of the AES-GCM key, the bitstream cannot be modified or forged. Encryption provides the basic design security to protect the design from copying or reverse engineering, while authentication provides assurance that the bitstream provided for the configuration of the FPGA was the unmodified bitstream created by an authorized user. Authentication verifies both data integrity and authenticity of the bitstream.
Authentication covers the entire bitstream for all types of control and data. Any bitstream tampering including single bit flips are detected. If authentication passes, the configuration goes to completion through the startup cycle. If authentication fails the device will not start up if any changes to the bitstream are detected by the AES-GCM engine. If fallback is enabled the fallback bitstream is loaded after the entire device configuration has been cleared. If fallback is not enabled, the configuration logic disables the configuration interface, blocking any access to the FPGA. Pulsing the PROGRAM_B signal or power-on reset is required to reset the configuration interface. You will need to select one of two choices for bitstream authentication:
1. If you are using bitstream encryption, you can rely on the authentication built into the AES-GCM standard.
2. If you are using bitstream encryption or if your bitstream is unencrypted, you can rely on RSA-2048 Authentication. RSA-2048 is discussed in the following paragraphs.