Authenticated FPGA Configuration

Single Chip FIPS 140-3 on Zynq UltraScale+ MPSoC (WP548)

Document ID
Release Date
1.1 English

To maintain control over the authenticity of programmable logic's images, the iDirect Government’s cryptographic application is developed to be the sole master of PL configuration. This isolation configuration ensures that only iDirect Government signed and authenticated bitstreams can be configured. The cryptographic application running on the RPU receives a device configuration message from the modem software running on the APU. Requests to load a bitstream are processed when the software is in limited or full-featured mode. A device configuration message requests the cryptographic application to copy the programmable logic image into secure DRAM memory, authenticate the RSA signature, and load the image into the PL. As with messages, the copy to secure DRAM is necessary to verify the bitstream is not altered during or after the authentication phase. As described previously, once a device bitstream is loaded into the secure PL region and verified using a set of known answer tests (KAT), the software enters full-featured mode.