User manual
Table Of Contents
- Zynq-7000 All Programmable SoC
- Table of Contents
- Ch. 1: Introduction
- Ch. 2: Signals, Interfaces, and Pins
- Ch. 3: Application Processing Unit
- Ch. 4: System Addresses
- Ch. 5: Interconnect
- Ch. 6: Boot and Configuration
- Ch. 7: Interrupts
- Ch. 8: Timers
- Ch. 9: DMA Controller
- Introduction
- Functional Description
- DMA Transfers on the AXI Interconnect
- AXI Transaction Considerations
- DMA Manager
- Multi-channel Data FIFO (MFIFO)
- Memory-to-Memory Transfers
- PL Peripheral AXI Transactions
- PL Peripheral Request Interface
- PL Peripheral - Length Managed by PL Peripheral
- PL Peripheral - Length Managed by DMAC
- Events and Interrupts
- Aborts
- Security
- IP Configuration Options
- Programming Guide for DMA Controller
- Programming Guide for DMA Engine
- Programming Restrictions
- System Functions
- I/O Interface
- Ch. 10: DDR Memory Controller
- Introduction
- AXI Memory Port Interface (DDRI)
- DDR Core and Transaction Scheduler (DDRC)
- DDRC Arbitration
- Controller PHY (DDRP)
- Initialization and Calibration
- DDR Clock Initialization
- DDR IOB Impedance Calibration
- DDR IOB Configuration
- DDR Controller Register Programming
- DRAM Reset and Initialization
- DRAM Input Impedance (ODT) Calibration
- DRAM Output Impedance (RON) Calibration
- DRAM Training
- Write Data Eye Adjustment
- Alternatives to Automatic DRAM Training
- DRAM Write Latency Restriction
- Register Overview
- Error Correction Code (ECC)
- Programming Model
- Ch. 11: Static Memory Controller
- Ch. 12: Quad-SPI Flash Controller
- Ch. 13: SD/SDIO Controller
- Ch. 14: General Purpose I/O (GPIO)
- Ch. 15: USB Host, Device, and OTG Controller
- Introduction
- Functional Description
- Programming Overview and Reference
- Device Mode Control
- Device Endpoint Data Structures
- Device Endpoint Packet Operational Model
- Device Endpoint Descriptor Reference
- Programming Guide for Device Controller
- Programming Guide for Device Endpoint Data Structures
- Host Mode Data Structures
- EHCI Implementation
- Host Data Structures Reference
- Programming Guide for Host Controller
- OTG Description and Reference
- System Functions
- I/O Interfaces
- Ch. 16: Gigabit Ethernet Controller
- Ch. 17: SPI Controller
- Ch. 18: CAN Controller
- Ch. 19: UART Controller
- Ch. 20: I2C Controller
- Ch. 21: Programmable Logic Description
- Ch. 22: Programmable Logic Design Guide
- Ch. 23: Programmable Logic Test and Debug
- Ch. 24: Power Management
- Ch. 25: Clocks
- Ch. 26: Reset System
- Ch. 27: JTAG and DAP Subsystem
- Ch. 28: System Test and Debug
- Ch. 29: On-Chip Memory (OCM)
- Ch. 30: XADC Interface
- Ch. 31: PCI Express
- Ch. 32: Device Secure Boot
- Appx. A: Additional Resources
- Appx. B: Register Details
- Overview
- Acronyms
- Module Summary
- AXI_HP Interface (AFI) (axi_hp)
- CAN Controller (can)
- DDR Memory Controller (ddrc)
- CoreSight Cross Trigger Interface (cti)
- Performance Monitor Unit (cortexa9_pmu)
- CoreSight Program Trace Macrocell (ptm)
- Debug Access Port (dap)
- CoreSight Embedded Trace Buffer (etb)
- PL Fabric Trace Monitor (ftm)
- CoreSight Trace Funnel (funnel)
- CoreSight Intstrumentation Trace Macrocell (itm)
- CoreSight Trace Packet Output (tpiu)
- Device Configuration Interface (devcfg)
- DMA Controller (dmac)
- Gigabit Ethernet Controller (GEM)
- General Purpose I/O (gpio)
- Interconnect QoS (qos301)
- NIC301 Address Region Control (nic301_addr_region_ctrl_registers)
- I2C Controller (IIC)
- L2 Cache (L2Cpl310)
- Application Processing Unit (mpcore)
- On-Chip Memory (ocm)
- Quad-SPI Flash Controller (qspi)
- SD Controller (sdio)
- System Level Control Registers (slcr)
- Static Memory Controller (pl353)
- SPI Controller (SPI)
- System Watchdog Timer (swdt)
- Triple Timer Counter (ttc)
- UART Controller (UART)
- USB Controller (usb)
Zynq-7000 AP SoC Technical Reference Manual www.xilinx.com 767
UG585 (v1.11) September 27, 2016
Chapter 32: Device Secure Boot
32.2 Functional Description
32.2.1 Master Secure Boot
Master secure boot is the only secure boot mode supported in Zynq-7000 AP SoC devices. It uses the
hardened AES decryption engine and the hardened HMAC authentication engine within the PL to
decrypt PS images and PL bitstreams. If RSA authentication is enabled, the BootROM authenticates
the encrypted FSBL using the public key prior to decryption (see Table 32-3). The boot process for
the master secure boot mode is shown in Figure 32-2.
IMPORTANT: The master secure boot mode uses the AES
decr
yption and HMAC authentication engines
within the PL, therefore the PL must be powered on during the secure boot process. The BootROM ensures
that the PL is powered before reading the encrypted image from the external boot device. It is the user’s
responsibility to ensure that the PL is powered on before trying to decrypt any new configuration files.
Power on Reset
After the power-on and reset sequences have completed, the on-chip BootROM begins to execute.
An optional eFuse setting can be used to perform a full 128 KB CRC on the BootROM for a small
boot time penalty (around 25 ms at default boot settings). After the integrity check the BootROM
reads the boot mode setting specified by the bootstrap pins. The BootROM then reads the boot
header from the specified external memory.
RSA Authentication Performed on FSBL
If RSA authentication is enabled the BootROM loads the boot image header and the FSBL into the
first 192 KB of the OCM. Next the public key is loaded from the boot image (see section
32.2.3 Secure Boot Image) and validated by calculating a SHA-256 signature and comparing it to the
hash value stored in eFuse. If the values match, the BootROM calculates the signature for the FSBL
and authenticates it with the public key. If the public key signature does not match the hash value
stored in eFuse or the authentication fails on the FSBL, the BootROM performs a fallback and
searches for a new FSBL if the boot device is NAND, NOR, or QSPI. If the fallback fails or the boot
device is SD, the BootROM enters either an error state and enables JTAG or enters a secure lockdown
if the boot image was encrypted. If the authentication of the FSBL passes, the BootROM continues
the boot process. For more details see section 32.2.5 RSA Authentication.
Secure FSBL Decryption
If a secure boot is
specif
ied in the boot image header, the BootROM starts by checking the power-on
status of the PL. Since the AES and HMAC engines reside within the PL, the PL must be powered up
to perform a secure boot. The BootROM waits until the PL is powered up before continuing the secure
boot sequence. After the power-on status of the PL is
conf
irmed, the BootROM begins to load the
encrypted FSBL into the AES engine via the PCAP. The PL sends the decrypted FSBL back to the PS via
the PCAP. The decrypted image is then loaded into the OCM. The BootROM also monitors the HMAC