The AMD Versalâ„¢ device AES accelerator operates in GCM mode offering symmetric authentication, as well as decryption and encryption. Available at both boot and runtime, this AES accelerator offers built-in protection against differential power attacks (DPA) and supports protocol protections (that is, key rolling).
The AES-GCM supports a 256-bit key for boot and either a 128-bit or a 256-bit key afterward and uses a 128-bit data interface (broken into 32-bit words). In addition to GCM, this core also supports Galois Message Authentication Code (GMAC), which is intended for authentication of data using a symmetric key when encryption is not required. The AES-GCM engine also supports additional authenticated data (AAD).
The following key sources are supported:
- BBRAM, see the Battery-Backed RAM section
- eFUSE
- Boot header
- User key register
- Black key (PUF encrypted key storage)
Documentation
For additional details, see the Versal Adaptive SoC Security Manual (UG1508).
This manual requires an active NDA to download from the Design Security Lounge.