Security Features - 2020.2 English

Versal ACAP System Software Developers Guide (UG1304)

Document ID
Release Date
2020.2 English

The Versal device provides several security-related features. One of the biggest security features that Versal ACAP provides is the hardened cryptographic engines that support:

  • Advanced encryption standard galois counter mode (AES-GCM) 128-bit and 256-bit
  • RSA 2048, 3072, and 4096
  • Elliptic curve cryptography (ECC) engine that supports multiple curves
  • SHA3/384 Hashing

Because of the hardened cryptographic engines in Versal ACAP, Xilinx provides an associated set of security-related drivers that use the cryptographic engines either during secure boot or run time. During secure boot, the ROM, the PLM, and U-Boot can take advantage of these cryptographic features. During run time, these drivers can be accessed directly through a bare-metal application or indirectly depending on the architecture configuration. This can include using an OS, a hypervisor, trusted execution environment, etc. For example, in a Linux application, the application can call the Linux kernel, which would send an IPI request to the PLM where the security library runs. This is just one example of accessing the security libraries from run time; the options are numerous because Versal ACAP is highly configurable.

If there are any security features not provided by Xilinx, you can take advantage of the PL to implement additional security features or use the built-in ArmĀ® v8 cryptographic extensions and the Arm NEON extensions in the Arm Cortex-A72 processors.