The size of the Bitstream is too large to be contained inside the device, therefore external memory must be used.
The use of external memory could create a security risk. Therefore, two methods are provided to authenticate and decrypt a Bitstream.
-
The first method uses the internal OCM as temporary buffer for all cryptographic operations. For details, see
Authenticated and Encrypted Bitstream Loading Using OCM
. This method does not require trust in external DDR. -
The second method uses external DDR for authentication prior to sending the data to the decryptor, there by requiring trust in the external DDR. For details, see
Authenticated and Encrypted Bitstream Loading Using DDR
.