Secure Boot - 2024.1 English

Versal Adaptive SoC System Software Developers Guide (UG1304)

Document ID
UG1304
Release Date
2024-05-30
Version
2024.1 English

On Versal devices, secure boot ensures the confidentiality, integrity, and authenticity of the firmware and software loaded onto the device. The root of trust starts with the BootROM, which authenticates and/or decrypts the PLM depending on the secure boot mode selected. Versal devices offer two secure boot modes: Asymmetric Hardware Root of Trust (A-HWRoT) and Symmetric Hardware Root of Trust (S-HWRoT). Additionally, both of these modes can be used at the same time.

The A-HWRoT boot mode forces the device to only boot images that are authenticated using RSA or ECDSA. The S-HWRoT boot mode forces the device to only boot images that have the PLM and MetaHeader encrypted using a black (encrypted) eFUSE key.

Encryption of partitions beyond the PLM and MetaHeader is defined by the MetaHeader that is authenticated using AES-GCM. Secure boot is important for two reasons.

  • Ensures that the software being loaded onto a device is allowed to be loaded, which prevents malicious code from running on the device
  • Protects the OEM IP because the software is stored in an encrypted fashion, which prevents the OEM IP from being stolen.

Additionally, if secure boot is not desired, then software can at least be validated with a simple SHA-3 integrity check. However, keep in mind that the protections listed above do not apply when using this method of boot. The following table highlights the possible secure boot configurations.

Table 1. Cumulative Secure Boot Operations
Boot Type Operations Hardware Crypto Engines
Authentication Decryption Integrity (Checksum Verification)
Non-secure No No No N/A
Asymmetric Hardware Root-of-Trust (A-HWRoT) Yes. Enforced using eFUSEs Optional Integrity via Asymmetric Authentication RSA/ECDSA and SHA-3
Symmetric Hardware Root-of-Trust (S-HWRoT) Yes via GCM and eFUSEs

Yes

Must use PUF KEK

Integrity via Symmetric Authentication AES-GCM/PUF
A-HWRoT + S-HWRoT Yes

Yes

Must use PUF KEK

Integrity via Asymmetric and Symmetric Authentication RSA/ECDSA, SHA-3, AES-GCM, PUF
Note: Checksum is used to verify the integrity of the image loaded and is not a secure boot mode. See Checksum Verification for more information.

Versal devices use the following hardware cryptographic blocks in the secure boot process:

SHA Hardware Accelerator
Calculates the SHA3/384 hash on images that is used with the RSA or elliptical curve cryptography (ECC) engine for authentication.
ECDSA-RSA Hardware Accelerator
Authenticates images using a public asymmetric key. Either RSA-4096 or ECDSA with curve NIST P-384 can be used.

In addition to NIST-P384, NIST-P521 curve can also be used by the PLM for other images. P-384 is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, you can use P-521.

AES-GCM Hardened Crypto Block
Decrypts images using a 256-bit key, and verifies the integrity of the decrypted image using the GCM tag.

In addition to AES-GCM 256-bit, AES-GCM 128-bit can also be used by the PLM for other images. AES-GCM 256-bit is required for the MetaHeader, the PMC CDO, and the PLM. For all the other partitions, use AES-GCM 128-bit.