Implementation Details - 2024.2 English - UG1304

Versal Adaptive SoC System Software Developers Guide (UG1304)

Document ID
UG1304
Release Date
2024-12-13
Version
2024.2 English
Configure user keys for secure communication
To write AES user keys of 3SLRs, use the write CDO command. Write key of SSLR1 is in USER_KEY_6 register, key of SSLR2 is in USER_KEY_5 register, key of SSLR3 is in USER_KEY_4 register.
XPLMI_SSIT_CFG_SEC_COMM_CMD_ID
This API ID is used to configure secure communication between master and slave SLR. Header in payload of IPI command contains this API ID. The PLM handles the IP integrator request based on this API ID. Handler for this API ID must be registered in PLM during initialization time. The buffer at source address contains the IV1, IV2 and key.
Command: Configure secure communication
Reserved [31:25]=0 Security Flag[24] Length[23:16]=3 PLM=1 SSIT_CFG_SEC_COMM=43
SLR Index
Source Addr High
Source Addr Low
XPlmi_SsitCfgSecComm
In Master SLR
  1. This handler is called upon the reception of configure secure communication command. This routine transforms the received command into the following form.
    Command: Configure secure communication
    Reserved[31:25]=0 Security Flag[24] Length[23:16]=3 PLM=1 SSIT_CFG_SEC_COMM=43
    SLR Index (4B)
    IV1, IV2 (32B)
    Key (32B)
  2. Writes IV1 as current IV. Sends command to slave and receives a response using XPlmi_SsitSendMsgEventAndGetResp.
  3. XPlmi_SsitSendMsgEventAndGetResp internally uses XPlm_SsitCommSendMessage API to send message with encryption and XPlm_SsitCommReceiveMessage API to receive message after decryption.
  4. On success response reception, current IV and key are updated with IV2 and key received in the above command.
In Slave SLR
Upon reception of configure secure command, slave stores IV2 and key in the command as new IV and new key.
XPlm_SsitCommSendMessage
This function sends the message/response with or without encryption based on command type (configure secure communication command or not) and secure communication establishment status.
If secure communication is not established, except configure secure communication command, all other SSI technology messages/responses are communicated without encryption. configure secure communication command is sent as in protocol 2 with IV2 and Key encrypted with current key-IV pair of SLR to which it must be sent.
If secure communication is established, all the messages are sent as mentioned in protocol 3 and all responses are sent as mentioned in protocol 4. Before every message/response sending, IV is incremented by 2 because you have to use unique IV for every message/response sent.
XPlm_SsitCommReceiveMessage
This function receives the message/response with or without decryption based on the command type (configure secure communication command or not) and secure communication establishment status.
If secure communication is not established, except configure secure communication command all other SSI technology messages/responses are received without decryption. configure secure communication command is received and IV1 is updated as current IV and IV2 and key are decrypted using current key and IV.
If secure communication is established, all the messages and responses are received and decrypted with current key and (current IV+1).