The public key cryptographic algorithms ECC and RSA are used to verify the authenticity of the programmable device image. Boot images can be authenticated using either RSA-4096 or elliptic curve cryptography (ECC NIST P-384 curve). After boot, the RSA key length or ECC curve is user-selectable. The SoC device includes an accelerator for both RSA and ECC math, and it is available to the user. The accelerator supports the following:
- RSA
- Implements a modular exponentiation engine
- R*R mod M precalculation
- 2048, 3072, and 4096-bit key sizes
- ECC
- Implements a point multiplier engine for elliptic curve cryptography
- P-384 curve loading of the PLM firmware by the RCU BootROM code and either P-384 or P-521 for images loaded by the PLM firmware
- Support for a wide variety NIST P-256, NIST P-384, and NIST P-521 beyond initial boot
Note:
The RSA/ECC engine is not available in the encryption disabled (-ED)
devices. See the Encryption Disabled Devices section for more information on
-ED devices.
Documentation
For additional details, see the Versal Adaptive SoC Security Manual (UG1508).
This manual requires an active NDA to download from the Design Security Lounge.