The security architecture of Versal ACAP is significantly enhanced from previous generations. The root of trust starts with the BootROM, which authenticates and optionally, decrypts the PLM firmware. The BootROM can only be loaded into and run from the RCU in the PMC. After the PLM firmware is authenticated, the PLM ensures secure loading of the remaining firmware and software. For more information, see the Versal ACAP System Software Developers Guide (UG1304) and Versal ACAP Technical Reference Manual (AM011). For detailed security-related information, including usage instructions, see the Versal ACAP Security Manual (UG1508) available from the Design Security Lounge (registration required) on the Xilinx website. The following table highlights the possible secure boot configurations for Versal ACAP and shows a comparison with Zynq UltraScale+ MPSoC.
Boot Type | Operations | Hardware Crypto Engines | |||
---|---|---|---|---|---|
Authentication | Decryption | Integrity (Checksum Verification) | Zynq UltraScale+ MPSoC | Versal ACAP | |
Non-secure | No | No | No | N/A | N/A |
Hardware Root-of-Trust (HWRoT) | Yes | Optional | Integrity via Authentication | RSA, SHA3 | N/A |
Encrypt Only (EO) | Yes via GCM | Yes | Integrity via Authentication | AES-GCM | N/A |
Asymmetric Hardware Root-of-Trust (A-HWRoT) | Yes | Optional | Integrity via Authentication | N/A | RSA/ECDSA and SHA3 |
Symmetric Hardware Root-of-Trust (S-HWRoT) | Yes via GCM and eFUSEs |
Yes Must use PUF KEK |
Integrity via Authentication | N/A | AES-GCM/PUF |
A-HWRoT + S-HWRoT | Yes |
Yes Must use PUF KEK |
Integrity via Authentication | N/A | RSA/ECDSA, SHA3, AES-GCM, PUF |
Authentication + Decryption | Yes | Yes | Integrity via Authentication | RSA, SHA3, AES-GCM | RSA/ECDSA, SHA3, AES-GCM |
Decrypt Only | No | Yes | Yes | AES-GCM | AES-GCM |
Checksum Verification | No | No | Yes | SHA3 | SHA3 |