External Secure Storage Using the PUF (XAPP1333)

Document ID
Release Date
1.2 English

To store data in non-volatile memory (NVM) using a Zynq® UltraScale+™ device, data must be

stored externally and should be encrypted if it is confidential. All Zynq UltraScale+ devices have

a built-in physically unclonable function (PUF), which can generate a cryptographically strong,

device-unique encryption key that can be used in combination with the built-in advanced

encryption standard (AES) cryptographic core. This key cannot be read by a user, allowing for a

heightened level of key security. Only if a Zynq UltraScale+ device is provisioned to store the

PUF configuration information in eFUSEs and if Rivest-Shamir-Adleman (RSA) Authentication is

registered and enabled in eFUSEs, then the PUF’s device-unique encryption key can be used to

encrypt and decrypt user data, which can then be stored and read from external non-volatile

memory. Download the reference design files for this application note from the Xilinx website. For detailed information about the design files, see Reference Design .