IMPORTANT: See Xilinx Design Advisory 68832 for important updates about eFUSE programming with Vivado Design Suite 2016.4 and earlier versions.
This application note describes a simple step-by-step process to generate an encrypted bitstream and encryption keys (both Advanced Encryption Standard Galois/Counter Mode (AES-GCM) and RSA authentication) using the Xilinx® Vivado® Design Suite. Steps to program the Advanced Encryption Standard Global System for Mobile communications (AES-GSM) encryption key and the hash of the RSA public key, along with the encrypted bitstream into a Xilinx UltraScale™ FPGA using the Vivado Design Suite are also included. This application note applies to both UltraScale and UltraScale+™ FPGAs. This document is not intended to discuss security issues, such as generating keys or selecting initialization vectors (IVs) to comply to National Institute of Standards and Technology (NIST) standards.