For Key-IV establishment at boot time - 2024.2 English - UG1304

Versal Adaptive SoC System Software Developers Guide (UG1304)

Document ID
UG1304
Release Date
2024-12-13
Version
2024.2 English
  • On the App,
    • App must request the TRNG driver to generate 2 IVs (IV1, IV2) each of size 128-bit and a key of size 256-bit by the XTrngpsv_Generate API call.
    • The generated IVs and key must be transferred to master SLR through an IPI request.
    • As the IPI request buffer size is restricted to eight words, the key and IVs are copied to a DataBuffer of size 16 words. This DataBuffer must be located in the OCM.
    • configure secure communication command is framed and sent to the master SLR using XPlmi_ProcessMailbox API, and wait for response.
  • On the Master SLR,
    • The handler for configure secure communication command must be registered during initialization.
    • Master fetches IV1, IV2 and key from the OCM to form a full command.
    • Writes IV1 as current IV and sends to slave. A response using XPlmi_SsitWriteEventBufferAndTriggerMsgEvent API is received.
    • XPlmi_SsitSendMsgEventAndGetResp internally uses XPlm_SsitCommSendMessage API to send message with or without encryption and XPlm_SsitCommReceiveMessage API to receive message with or without decryption.
    • On success response reception, IV2 and key are updated as current IV and key sets SecCommEst Flag.
  • On the Slave SLR,
    • The handler for configure secure communication command must be registered during initialization.
    • The received message event gets processed in XPlmi_SsitMsgEventHandler.
    • Writes IV1 to IV register and decrypts the response with current key and current IV.
    • Executes command by XPlmi_SsitCfgSecComm which stores key and IV2 as new key and IV.
    • Prepares response and updates current key and IV with new key and IV.