The AES-GCM algorithm implements authentication and decryption at the same time. However, an alternative security method is to authenticate the bitstream data before it is sent to the decryptor. This method can be used to help prevent attacks on the decryption engine itself by making sure the data is authentic before performing any decryption. UltraScale architecture-based FPGAs support RSA-2048 authentication for this purpose.
RSA authentication is not supported in the Kintex UltraScale KU025 device, or when using serial or selected other configuration modes in the Kintex UltraScale and Virtex UltraScale FPGAs (see the following table). For RSA authentication there are no configuration mode limitations in the Artix UltraScale+, Kintex UltraScale+, and Virtex UltraScale+ FPGAs.
| Interface | Width | Kintex UltraScale FPGAs | Virtex UltraScale FPGAs | Artix UltraScale+, Kintex UltraScale+, and Virtex UltraScale+ FPGAs | |||||
|---|---|---|---|---|---|---|---|---|---|
| KU025 |
KU035 KU040 |
KU060 KU085 KU115 |
KU095 |
VU080 VU095 |
VU065 VU125 VU160 VU190 |
VU440 | |||
| SelectMAP | 32 | N/A | Yes 1 | Yes 1 | Yes 1 | Yes 1 | Yes 1 | Yes 1 | Yes |
| 16 | N/A | Yes 1 | Yes 1 | Yes 1 | Yes 1 | Yes 1 | Yes 1 | Yes | |
| 8 | N/A | No | No | Yes 1 | Yes 1 | No | Yes 1 | Yes | |
| BPI | 16 | N/A | Yes | Yes 2 | Yes | Yes | Yes | Yes | Yes |
| 8 | N/A | No | No | Yes 2 | Yes 2 | No | Yes | Yes | |
| SPI | 8 | N/A | No | No | Yes | Yes | No | Yes | Yes |
| 4 | N/A | No | No | No | No | No | Yes | Yes | |
| 2 | N/A | No | No | No | No | No | No | Yes | |
| 1 | N/A | No | No | No | No | No | No | Yes | |
| JTAG | 1 | N/A | No | No | No | No | No | No | Yes |
| Serial | 1 | N/A | No | No | No | No | No | No | Yes |
|
|||||||||
RSA authentication is enabled with the
bitstream properties BITSTREAM.AUTHENTICATION.AUTHENTICATE
and BITSTREAM.AUTHENTICATION.RSAPRIVATEKEYFILE. RSA
authentication can be used independent of bitstream encryption, meaning it can authenticate
either an unencrypted or encrypted bitstream. The RSA configuration control logic reads the
encrypted bitstream, including a public key and bitstream signature, into the device memory.
The RSA configuration control logic then instructs the RSA engine to calculate the expected
digest based on the public key and signature. After the bitstream is buffered and the RSA
engine has calculated the expected digest, the actual digest is compared against that
result. If RSA authentication passes, then the FPGA is released to decrypt to bitstream (RSA
authentication should only be use with bitstream encryption in accordance with https://support.xilinx.com/s/article/000036039).
If RSA authentication passes and the configuration was not encrypted, the FPGA is released for operation. If RSA authentication passes and the configuration data was encrypted, then the FPGA is released for decryption of the bitstream. If RSA authentication fails, an error equivalent to an AES-GCM authentication error is generated. At this point the device either locks down or, if enabled, a fallback occurs. RSA authentication cannot be used with bitstream compression, partial reconfiguration, or tandem configuration over the PCIe® interface.
The actual time increase is dependent upon the mode of configuration. There are two steps required before loading the RSA bitstream:
- Load phase: Configuration data is loaded into the FPGA's configuration memory from the selected configuration interface.
- Read-Decrypt-Write (RDW) phase: Internal operation reads the configuration memory, optionally decrypts the data, and writes the final data into the configuration memory.
The load phase time is based on the size of the image and the configuration interface bandwidth. The RSA signature verification is done in parallel, so no additional time is required for that step. The RDW phase time is based on an internal bus that is always 32 bits wide and runs on the configuration clock. The number of clock periods the RDW takes is approximately: 2.5 * (bitstream_size_in_bits / 32 bits) * the configuration clock period / # of SLRs in device.