Secure Boot - 2022.1 English

Versal ACAP System Software Developers Guide (UG1304)

Document ID
UG1304
Release Date
2022-04-21
Version
2022.1 English

On Versal devices, secure boot ensures the confidentiality, integrity, and authentication of the firmware and software loaded onto the device. The root of trust starts with the BootROM, which authenticates and/or decrypts the PLM depending on the secure boot mode selected. Versal ACAPs offer two secure boot modes: Asymmetric Hardware Root of Trust (A-HWRoT) and Symmetric Hardware Root of Trust (S-HWRoT).

The A-HWRoT boot mode forces the device to only boot images that are authenticated using RSA or ECDSA. The S-HWRoT boot mode forces the device to only boot images that have the PLM and MetaHeader encrypted using a black (encrypted) eFUSE key.

Encryption of partitions beyond the PLM and MetaHeader is defined by the MetaHeader that is authenticated using AES-GCM. Secure boot is important for two reasons.

  • Ensures that the software being loaded onto a device is allowed to be loaded, which prevents malicious code from running on the device
  • Protects the OEM IP because the software is stored in an encrypted fashion, which prevents the OEM IP from being stolen.

Additionally, if secure boot is not desired, then software can at least be validated with a simple SHA3 checksum; however, keep in mind that the protections listed above do not apply when using this method of boot. The following table highlights the possible secure boot configurations.

Table 1. Cumulative Secure Boot Operations
Boot Type Operations Hardware Crypto Engines
Authentication Decryption Integrity (Checksum Verification)
Non-secure No No No N/A
Hardware Root-of-Trust (HWRoT) Yes Optional Integrity via Authentication N/A
Asymmetric Hardware Root-of-Trust (A-HWRoT) Yes. Enforced using eFUSEs Optional Integrity via Authentication RSA/ECDSA and SHA3
Symmetric Hardware Root-of-Trust (S-HWRoT) Yes via GCM and eFUSEs

Yes

Must use PUF KEK

Integrity via Authentication AES-GCM/PUF
A-HWRoT + S-HWRoT Yes

Yes

Must use PUF KEK

Integrity via Authentication RSA/ECDSA, SHA3, AES-GCM, PUF
Note: Checksum is used to verify the integrity of the image loaded and is not a secure boot mode. See Black Key for more information.

The Versal ACAP system uses the following hardware cryptographic blocks in the secure boot process:

SHA Hardware Accelerator
Calculates the SHA3/384 hash on images, used in conjugation with the RSA or elliptical curve cryptography (ECC) engine for authentication.
ECDSA-RSA Hardware Accelerator
Authenticates images using a public asymmetric key. Either RSA-4096 or ECDSA with curve NIST P-384 can be used.

In addition to NIST-P384, NIST-P521 curve can also be used by the PLM for other images. P-384 is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, you can use P-521.

AES-GCM Hardened Crypto Block
Decrypts images using a 256-bit key, and verifies the integrity of the decrypted image using the GCM tag.

In addition to AES-GCM 256-bit, AES-GCM 128-bit can also be used by the PLM for other images. AES-GCM 256-bit is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, use AES-GCM 128-bit.