The device provides a variety of options for securing both boot images and user data. Boot image keys can be stored in BBRAM, eFUSE, or in the boot image itself. These keys can be in plain text (red), obfuscated with the family key, or encrypted with the PUF KEK (black). These options are described in Table: Boot Image Keys.
Table 12-9: Boot Image Keys
Features
|
BBRAM
|
eFUSE
|
Boot Image
|
Programming method
|
Internal via software
External via JTAG
|
Internal via software
External via JTAG
PUF registration software
|
Bootgen
Bootgen + PUF Registration software
|
Program verification
|
CRC32 Only
|
CRC32 Only
|
N/A
|
Key state during storage
|
Red
|
Red, black, or obfuscated
|
Black or obfuscated
|
In-use protections
|
Temporary storage in registers, not RAM.
Transferred in parallel, not serial.
Boot: DPA counter measures and zeroization after use.
|