UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Visitor yorgzero
Visitor
355 Views
Registered: ‎08-13-2019

Using the bitstream AES encryption block for user AES encryption/decryption

Jump to solution

Hello,

The Ultrascale product suite includes and AES block to decrypt the FPGA bitstreams. It does not seem like that the bitstream encryption AES block can be used by the FPGA logic or for any other purpose than bitstream decryption. Is that correct?

Thanks in advance

YorgZ

 

0 Kudos
1 Solution

Accepted Solutions
Observer yufei.leung
Observer
345 Views
Registered: ‎02-05-2019

Re: Using the bitstream AES encryption block for user AES encryption/decryption

Jump to solution

It can be used from Linux after boot-up.  Refer to:

https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/64749783/ZynqMP+AES+Driver

 

Starting from Xilinx SDK version 2018.3, it is available under the list of Hardware crypto devices in the menuconfig.

You also need to enable the User-space interface for symmetric key cipher algorithms in the menuconfig.

Edit your Device Tree to include the zynqmp_aes device.

Using the Device Key:

  • If you try to use the Device Key as your key source, and it errors out with this message:
    • zynqmp_aes zynqmp_aes: ERROR: Wrong KeySrc, enable secure mode
  • Then it's a restriction imposed by the PMUFW. Look in the PMUFW code, and find this file, and look for the function:
    • pmufw/zynqmp_pmufw_bsp/psu_pmu_0/libsrc/xilsecure_v3_2/src/xsecure.c  XSecure_AesOperation()
    • Edit this snippet of code to allow yourself to use a key source other than the KUP key: 
      #ifndef XSECURE_TRUSTED_ENVIRONMENT
         if (AesParams->KeySrc != XSECURE_AES_KUP_KEY) {
            Status = XSECURE_DEC_WRONG_KEY_SOURCE;
            return Status;
         }
      #endif
    • Then just re-compile the PMUFW

View solution in original post

4 Replies
Observer yufei.leung
Observer
346 Views
Registered: ‎02-05-2019

Re: Using the bitstream AES encryption block for user AES encryption/decryption

Jump to solution

It can be used from Linux after boot-up.  Refer to:

https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/64749783/ZynqMP+AES+Driver

 

Starting from Xilinx SDK version 2018.3, it is available under the list of Hardware crypto devices in the menuconfig.

You also need to enable the User-space interface for symmetric key cipher algorithms in the menuconfig.

Edit your Device Tree to include the zynqmp_aes device.

Using the Device Key:

  • If you try to use the Device Key as your key source, and it errors out with this message:
    • zynqmp_aes zynqmp_aes: ERROR: Wrong KeySrc, enable secure mode
  • Then it's a restriction imposed by the PMUFW. Look in the PMUFW code, and find this file, and look for the function:
    • pmufw/zynqmp_pmufw_bsp/psu_pmu_0/libsrc/xilsecure_v3_2/src/xsecure.c  XSecure_AesOperation()
    • Edit this snippet of code to allow yourself to use a key source other than the KUP key: 
      #ifndef XSECURE_TRUSTED_ENVIRONMENT
         if (AesParams->KeySrc != XSECURE_AES_KUP_KEY) {
            Status = XSECURE_DEC_WRONG_KEY_SOURCE;
            return Status;
         }
      #endif
    • Then just re-compile the PMUFW

View solution in original post

Visitor yorgzero
Visitor
331 Views
Registered: ‎08-13-2019

Re: Using the bitstream AES encryption block for user AES encryption/decryption

Jump to solution

Hello Yufei,

 

Thanks a lot. That answers my question. I wanted to know that it was possible so that is great.

Just to make sure I understand correctly. This assumes Linux has boot up, in the Zynq ARM CPU and then the AES can be addressed from inside the FPGA programmable logic via the AXI bus. Is that correct? Or is it just available to the ARM CPU drivers?

Thanks

YorgZ

0 Kudos
Observer yufei.leung
Observer
309 Views
Registered: ‎02-05-2019

Re: Using the bitstream AES encryption block for user AES encryption/decryption

Jump to solution

The procedure I referred to is using the AES HW from the ARM CPU (the Cortex A53), after booting up in the Linux.

I'm not sure if the FPGA can use the AES HW via AXI bus.  I have to admit that overall I am not familiar with the FPGA-side of things, since I've mainly worked on the PS-side.

0 Kudos
Visitor yorgzero
Visitor
257 Views
Registered: ‎08-13-2019

Re: Using the bitstream AES encryption block for user AES encryption/decryption

Jump to solution

Hi Yufei,

Thanks, that is fine, so far I didn't find anything suggesting that it is possible in the docs. So, I will assume that is not supported.

Thanks

YorgZ

0 Kudos