Loading an Authenticated and Encrypted Bitstream using OCM - 2021.1 English

Xilinx Standalone Library Documentation OS and Libraries Document Collection (UG643)

Document ID
Release Date
2021.1 English
To authenticate the bitstream partition securely, XilFPGA uses the FSBL section's OCM memory to copy the bitstream in chunks from DDR memory. This method does not require trust in the external DDR memory to securely authenticate and decrypt a bitstream.

The software workflow for authenticating Bitstream is as follows:

  1. XilFPGA identifies DDR-secure bitstream image base address. XilFPGA has two buffers in OCM, the Read Buffer is of size 56 KB and hash of chunks to store intermediate hashes calculated for each 56 KB of every 8 MB block.
  2. XilFPGA copies a 56 KB chunk from the first 8 MB block to Read Buffer.
  3. XilFPGA calculates hash on 56 KB and stores in HashsOfChunks.
  4. XilFPGA repeats steps 1 to 3 until the entire 8 MB of block is completed.
    Note: The chunk that XilFPGA copies can be of any size. A 56 KB chunk is taken for better performance.
  5. XilFPGA authenticates the 8 MB Bitstream chunk.
  6. Once the authentication is successful, XilFPGA starts copying information in batches of 56 KB starting from the first block which is located in DDR memory to Read Buffer, calculates the hash, and then compares it with the hash stored at HashsOfChunks.
  7. If the hash comparison is successful, FSBL transmits data to PCAP using DMA (for un-encrypted Bitstream) or AES (if encryption is enabled).
  8. XilFPGA repeats steps 6 and 7 until the entire 8 MB block is completed.
  9. Repeats steps 1 through 8 for all the blocks of Bitstream.
Note: You can perform warm restart even when the FSBL OCM memory is used to authenticate the Bitstream. PMU stores the FSBL image in the PMU reserved DDR memory which is visible and accessible only to the PMU and restores back to the OCM when APU-only restart needs to be performed. PMU uses the SHA3 hash to validate the FSBL image integrity before restoring the image to OCM (PMU takes care of only image integrity and not confidentiality).