Revocation as a Tamper Penalty

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.4 English

Key revocation has a valuable dual use role. Revocation can be used to inflict a penalty when a tamper event is detected. Programming both PPK invalid bits makes the device permanently inoperable (also known as a brick). While in some applications bricking the device is valuable, in other applications a temporary disabling is desired. In this situation, the SPK ID can be modified as a result of a tamper condition. This keeps the device from booting until the authorized user creates a new boot image with the correct SPK and SPK ID.   In this scenario, the penalty is temporary until a new boot image is loaded, either remotely or when a system is returned to a depot.