Secure booting through latest authentication methods is supported to prevent unauthorized or modified code from being run on Xilinx® devices, and to make sure only authorized programs access the images for loading various encryption techniques.
For device-specific hardware security features, see the following documents:
- Zynq-7000 SoC Technical Reference Manual (UG585).
- Zynq UltraScale+ Device Technical Reference Manual (UG1085).
- Versal ACAP Technical Reference Manual (AM011). For additional information, see the Versal ACAP Security Manual (UG1508). This manual requires an active NDA to be downloaded from the Design Security Lounge.
See Using Encryption and Using Authentication for more information about encrypting and authenticating content when using Bootgen.
The Bootgen hardware security monitor (HSM) mode increases key handling security because the BIF attributes use public rather than private RSA keys. The HSM is a secure key/signature generation device which generates private keys, encrypts partitions using the private key, and provides the public part of the RSA key to Bootgen. The private keys do not leave the HSM. The BIF for Bootgen HSM mode uses public keys and signatures generated by the HSM. See Using HSM Mode for more information.