cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Explorer
Explorer
3,351 Views
Registered: ‎03-13-2014

Is it possible just to have secure PL?

Jump to solution

I run Petalinux and configure/reconfigure my PL by simply cat the filename in a shell script. It works great, however I have been asked if we protect the IP by encrypting the .bit file. I don't want to do a secure boot, just secure the IP in our logic. Is that possible and if so what is the best way?

 

I am using a Zynq 7015 and boot from the SD card

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Teacher
Teacher
6,362 Views
Registered: ‎03-31-2012

Yes, ug585 says: "In all devices, the PL bitstream, which contains sensitive customer IP, can be protected with 256-bit AES encryption and HMAC/SHA-256 authentication to prevent unauthorized copying of the design. The PL performs decryption on the fly during configuration using an internally stored 256-bit key. This key can reside in battery-backed RAM or in nonvolatile eFUSE bits."

- Please mark the Answer as "Accept as solution" if information provided is helpful.
Give Kudos to a post which you think is helpful and reply oriented.

View solution in original post

0 Kudos
2 Replies
Highlighted
Teacher
Teacher
6,363 Views
Registered: ‎03-31-2012

Yes, ug585 says: "In all devices, the PL bitstream, which contains sensitive customer IP, can be protected with 256-bit AES encryption and HMAC/SHA-256 authentication to prevent unauthorized copying of the design. The PL performs decryption on the fly during configuration using an internally stored 256-bit key. This key can reside in battery-backed RAM or in nonvolatile eFUSE bits."

- Please mark the Answer as "Accept as solution" if information provided is helpful.
Give Kudos to a post which you think is helpful and reply oriented.

View solution in original post

0 Kudos
Highlighted
Explorer
Explorer
3,303 Views
Registered: ‎03-13-2014

Thanks for that

0 Kudos