On Versal devices, secure boot ensures the confidentiality, integrity, and authentication of the firmware and software loaded onto the device. The root of trust starts with the BootROM, which authenticates and/or decrypts the PLM software. Now that the PLM software is trusted, the PLM handles loading the rest of the firmware and software in a secure manner. Secure boot is extremely important for two reasons.
- Ensures that the software being loaded onto a device is allowed to be loaded, which prevents malicious code from running on the device
- Protects the OEM IP because the software is stored in an encrypted fashion, which prevents the OEM IP from being stolen.
Additionally, if secure boot is not desired, then software can at least be validated with a simple checksum; however, keep in mind that the protections listed above do not apply when using this method of boot. The following table highlights the possible secure boot configurations.
| Boot Type | Operations | Hardware Crypto Engines | ||
|---|---|---|---|---|
| Authentication | Decryption | Integrity (Checksum Verification) | ||
| Non-secure boot | No | No | No | None |
| Asymmetric Hardware Root-of-Trust (A-HWRoT) | Yes (Required) | No | No | RSA/ECDSA along with SHA3 |
| Symmetric Hardware Root-of-Trust (S-HWRoT) (Forces decryption of PDI with eFUSE black key) | No | Yes (Required PLM and Meta Header should be encrypted with eFUSE KEK) | No | AES-GCM |
| A-HWRoT + S-HWRoT | Yes (Required) | Yes (Required) | No | RSA/ECDSA along with SHA3 and AES-GCM |
| Authentication + Decryption of PDI | Yes | Yes (Key source can be either from BBRAM or eFUSE) | No | RSA/ECDSA along with SHA3 and AES-GCM |
| Decryption (Uses user-selected key. The key source can be of any type such as BBRAM/BHDR or even eFUSE) | No | Yes | No | AES-GCM |
| Checksum Verification | No | No | Yes | SHA3 |
The Versal ACAP system uses the following hardware cryptographic blocks in the secure boot process:
- SHA Hardware Accelerator
- Calculates the SHA3/384 hash on images, used in conjugation with the RSA or elliptical curve cryptography (ECC) engine for signing.
- ECDSA-RSA Hardware Accelerator
- Authenticates images using a public asymmetric key. Either RSA-4096 or
ECDSA with curve NIST P-384 can be used.
In addition to NIST-P384, NIST-P521 curve can also be used by the PLM for other images. P-381 is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, you can use P-521.
- AES-GCM Hardened Crypto Block
- Decrypts images using a 256-bit key, and verifies the integrity of the
decrypted image using the GCM tag.
In addition to AES-GCM 256-bit, AES-GCM 128-bit can also be used by the PLM for other images. AES-GCM 256-bit is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, use AES-GCM 128-bit.