000034480 - Design Advisory for Versal ACAP, Zynq UltraScale+ MPSoC/RFSoC and UltraScale/UltraScale+ FPGA Devices: Preventing Unauthorized Programming of PPK Digests and AES Keys

Release Date
1.0 English

Security is very important for many user applications. However, some users have less stringent security requirements and might choose not to use Asymmetrically Authenticated boot modes, such as RSA authentication for UltraScale and UltraScale+ devices or AHWROT for Zynq UltraScale+ and Versal devices.

These unused capabilities can be seized upon by adversaries to create a “ransomware” scenario where the adversary is able to boot their own code and/or prevent a customer from loading legitimate application code or configurations.

To prevent such attacks on systems not relying on the Asymmetrically Authenticated boot modes, AMD Xilinx is advising customers to consider whether the following recommendations are appropriate for their systems.