To store data in non-volatile memory (NVM) using a Zynq® UltraScale+™ device, data must be
stored externally and should be encrypted if it is confidential. All Zynq UltraScale+ devices have
a built-in physically unclonable function (PUF), which can generate a cryptographically strong,
device-unique encryption key that can be used in combination with the built-in advanced
encryption standard (AES) cryptographic core. This key cannot be read by a user, allowing for a
heightened level of key security. Only if a Zynq UltraScale+ device is provisioned to store the
PUF configuration information in eFUSEs and if Rivest-Shamir-Adleman (RSA) Authentication is
registered and enabled in eFUSEs, then the PUF’s device-unique encryption key can be used to
encrypt and decrypt user data, which can then be stored and read from external non-volatile
memory. Download the reference design files for this application note from the Xilinx website. For detailed information about the design files, see Reference Design .