UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Visitor frturan
Visitor
749 Views
Registered: ‎02-13-2018

The extent of BITSTREAM.READBACK.SECURITY

Hello Dear All,

 

I would like to ask information about bitstream readback prevention settings, specifically BITSTREAM.READBACK.SECURITY. I found this setting in UG908; however, it is a very limited information for the setting, and I could not find more about it anywhere else.

 

My question is basically is about the extend of the readback prevention that comes with this setting. On a Zynq-7010 (ZedBoard) device, does it disable readback only for JTAG? Or does it disable readback for all interfaces including PCAP and ICAP?

 

Also, can you please guide me to document that provides detailed information about these settings?

 

Kind Regards,

 

Furkan

0 Kudos
2 Replies
Moderator
Moderator
729 Views
Registered: ‎09-18-2014

Re: The extent of BITSTREAM.READBACK.SECURITY

frturan,

 

Just FYI the bitstream settings only apply to the PL as Zynq devices boot sequence/mechanism is processor driven. I am sure you know that already in any case. What more did you want to know about the setting BITSTREAM.READBACK.SECURITY? The description states the 2 different level settings. Level 1 disables all readback. Level 2 in addition to level 1 disables all reconfiguration attempts regardless which configuration mode. Besides the Zynq TRM, Zynq Wiki pages, and the below application note, I don't think we have more detailed info on this setting. 

 

https://www.xilinx.com/support/documentation/application_notes/xapp1175_zynq_secure_boot.pdf

 

Regards,

Tezz

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
Visitor frturan
Visitor
727 Views
Registered: ‎02-13-2018

Re: The extent of BITSTREAM.READBACK.SECURITY

Hello Tezz,

 

Thank you very much for your reply. I know that we need to secure the bootload phase as AES engine may be most vulnerable to attacks on boot time, as PS controls AES engine to program the PL.

 

My question was about how much readback and reconfiguration limitation we can achieve with the setting. I am asking because I got confused with readback on encrypted bitstream case. For example, when we use encrypted bitstream, readback is disabled for external channels, but internal channels PCAP and ICAP are still capable of performing readback. The TRM states that they are assumed to be trusted, considering that if encrypted bitstream is loaded, then secure boot should be completed accurately.

 

Moreover, do you know if it is possible to disable the readback and programming interfaces that we want selectively? 

 

Kind Regards,

 

Furkan

 

 

0 Kudos