BBRAM Storage Location - BBRAM Storage Location - XAPP1267

Using Encryption and Authentication to Secure an UltraScale/UltraScale+ FPGA Bitstream (XAPP1267)
Document ID
XAPP1267
Release Date
2025-05-22
Revision
1.8 English

When an encryption key is stored in the FPGA's battery-backed RAM, the encryption key memory cells are volatile and must receive continuous power to retain their contents. During normal operation, these memory cells are powered by the auxiliary voltage input (VCCAUX).

Recommended: A separate VBATT power input is needed to retain the key if and when VCCAUX is removed. Therefore, it is recommended that the AES key be programmed in-system on a board that has the battery back-up. Otherwise, the key is lost when the power/battery is removed.
Important: Program the BBRAM to a known state before attempting to configure with an encrypted bitstream that uses the BBRAM as the key source. If you attempt to download an encrypted bitstream on power-up before the BBRAM key is programmed, the FPGA might lock up. You must power-cycle the device and then load the BBRAM key before configuring with an encrypted bitstream.

The following table identifies BBRAM storage location advantages and disadvantages.

Table 1. BBRAM Storage Location Advantages and Disadvantages
Advantages Disadvantages
  • Volatile and re-programmable
  • Passive and active key clearing (for example, the evidence can be removed)
  • Tamper resistant 1
  • BBRAM can use either RSA authentication or Configuration Counting for DPA protection
  • Cannot readback the BBRAM key as there is no readback path
  • Requires an external battery.
  • Many battery vendors do not specify operation at high temperatures and/or long lifetimes.
  1. There is no physical path to read the key out of BBRAM (write only access).