Bitstream Encryption and Authentication - Bitstream Encryption and Authentication

Bitstream Encryption and Authentication - Bitstream Encryption and Authentication - UG570

UltraScale Architecture Configuration User Guide (UG570)

Document ID

UG570

Release Date

2025-03-04

Revision

1.20.1 English

The AMD UltraScale™ architecture-based FPGAs have on-chip Advanced Encryption Standard (AES) decryption and authentication logic to provide a high degree of design security. Without knowledge of the encryption key, adversaries cannot analyze an externally intercepted bitstream to modify or clone the design. Encrypted FPGA designs cannot be copied or reverse-engineered.

The FPGA AES system consists of software-based bitstream encryption and on-chip bitstream decryption with dedicated memory for storing the encryption key. Using the AMD Vivado™ tools, you generate the encryption key and the encrypted bitstream. UltraScale architecture-based FPGAs store the encryption key internally in either dedicated RAM, backed up by a small externally connected battery, or in the nonvolatile, one-time-programmable eFUSE. The selected option is defined with BITSTREAM.ENCRYPTION.ENCRYPTKEYSELECT set to BBRAM or EFUSE. The encryption key can only be programmed onto the device through the external JTAG port or through the internal MASTER_JTAG primitive. The encryption key cannot be read back. Refer to XAPP1283 Internal Programming of BBRAM and eFUSEs for more information on using the internal MASTER_JTAG primitive option.

During configuration, the FPGA performs the reverse operation, decrypting the incoming bitstream. The FPGA AES encryption logic uses a 256-bit encryption key.

The on-chip AES decryption logic cannot be used for any purpose other than bitstream decryption. The AES decryption logic is not available to the user design and cannot be used to decrypt any data other than the configuration bitstream.

Important: RSA authentication on AMD UltraScale and UltraScale+ FPGA series devices can be circumvented when encryption is not enforced using eFUSE programming. To avoid potential security issues, users requiring RSA authentication should also enforce encryption by configuring an AES key in either BBRAM or eFUSES and configure the device to only accept encrypted bitstreams. Devices configured to enforce both RSA authentication and encryption are not susceptible to the RSA authentication issue. For further details, seehttps://support.xilinx.com/s/article/000036039.

Although the AES-GCM algorithm is a self authenticating algorithm, it does so with a symmetric key, meaning that the key to encrypt is the same as the one to decrypt. This key must be protected as it is secret (hence storage to internal key space). However, if only authentication is desired, the UltraScale architecture provides for an alternative form of authentication in the form of RSA-2048. RSA is an asymmetric algorithm, meaning that the key to verify is not the same key used to sign. The verification is done with a public key. This key is public and does not need to be protected and does not need special secure storage. If desired, this form of authentication can be used with encryption to provide both authenticity and confidentiality. See RSA Authentication.

For the step-by-step process to generate an encrypted bitstream and encryption keys using the AMD Vivado™ Design Suite, see Using Encryption and Authentication to Secure an UltraScale/UltraScale+ FPGA Bitstream (XAPP1267). It is important to follow the critical guidance provided in XAPP1267 and the references it provides, to avoid creating critical security issues.