PUF Registration into eFUSEs

External Secure Storage Using the PUF (XAPP1333)
Document ID
XAPP1333
Release Date
2022-04-12
Revision
1.2 English

IMPORTANT: THESE INSTRUCTIONS MODIFY THE EFUSES ON THE ZCU102 DEVELOPMENT BOARD AND MIGHT LIMIT FUTURE USE OF THE DEVELOPMENT BOARD FOR TESTING AND DEBUGGING!

To register the PUF into the eFuse, perform the following steps:

1. Right-click on the platform.spr that is located under ZCU102_XAPP1333 platform in the Explorer view and click Open .

2. Select Board Support Package under standalone on psu_cortexa53_0 in the ZCU102_XAPP1333 platform view and click Modify BSP settings .

3. In the Board Support Package Settings window, expand the Overview tree, then click standalone as shown in the figure below.

Figure 6: Setting Up the UART Output Using the BSP Settings

X-Ref Target - Figure 6

fig5.png

4. Ensure the stdin and stdout functions are mapped to psu_uart_0 and click OK .

5. In Xilinx Vitis Explorer view, on the left , right-click xilskey_puf_registration_example_1_system and select Build Project .

6. Turn power off to the ZCU102 board.

7. Connect either the USB JTAG connector J2 to the ZCU102 development board and then a computer or connect the Platform JTAG to the ZCU102 and the associated hardware to a computer.

8. Connect a USB cable from the USB Serial port connector J83 on the ZCU102 board to a computer and note which COM port was enumerated with the Silicon Labs Quad CP2108 USB to UART Bridge: Interface 0.

9. Open a terminal program such as PuTTY or Tera Term and connect to the COM port listed above at 115,200 baud. Enable terminal logging and select a file name and location.

10. On the ZCU102 development board, set the dip switch SW6 to configure the board for JTAG boot mode as shown in the figure below.

Figure 7: ZCU102 JTAG Boot Mode Switch

X-Ref Target - Figure 7

fig6B.png

11. Power on the ZCU102 board using switch SW1.

12. Right-click xilskey_puf_registration_example_1 > Run As > Launch Hardware (Single Application Debug) as shown in the figure below.

Figure 8: Running the PUF Registration on the ZCU102 Board

X-Ref Target - Figure 8

Page-1.jpg

The PUF registration application starts running and outputs information to the terminal as shown in the figure below. An example log of the PUF registration is included in the design files in the Logs folder called puf_registration_log.log .

Figure 9: Terminal Output Registering PUF to eFUSEs

X-Ref Target - Figure 9

3-8.png

13. Verify line 12 of the UART output is the Red Key that was configured in XSK_PUF_AES_KEY in xilskey_puf_registration.h .

14. Verify line 13 of the UART output is the Black Key IV that was configured in XSK_PUF_BLACK_KEY_IV in xilskey_puf_registration.h .

Line 20 of the UART output is the Black Key generated by the AES encryption engine using the PUF as a KEK.

Line 21 shows that the Black Key was burned into eFUSEs.

Line 23 of the UART output is the required syndrome data that the PUF uses to regenerate its device-unique encryption key. It is the data that is being programmed into the eFUSEs.

Lines 31 shows that the PUF information has been burned into eFUSEs.

15. Power off the ZCU102 development board.