1. Manuals
  2. Brands
  3. Xilinx Manuals
  4. Motherboard
  5. Zynq-7000
  6. Application note

Xilinx Zynq-7000 Application Note

Programmable soc
Hide thumbs Also See for Zynq-7000:
Table of Contents

Advertisement

Quick Links

See also: User Manual
XAPP1309 (v1.0) March 7, 2017
Summary
The secure boot functionality for the Zynq®-7000 All Programmable (AP) SoC provides the
capability to authenticate all partitions loaded at boot using RSA-2048 authentication. It also
supports advanced encryption standard (AES) encryption of partitions that need confidentiality.
The Zynq-7000 AP SoC immutable BootROM includes security functions to provide a hardware
root of trust (HROT) to protect against early load attacks.
This application note discusses a method to add measured boot capability to Zynq-7000 AP
SoCs used in a connected environment. A server provides remote attestation that the
embedded systems boot with trusted software over a secure network. The method uses a
trusted platform module (TPM) to enhance the HROT functionality. The TPM provides
cryptographic functions in a cost-effective, tamper-resistant device which are an effective
complement to Zynq-7000 SoC security functions.
Download the
Introduction
In most current applications, Xilinx FPGAs and SoCs are programmed once at the factory and
often not reconfigured for the life cycle of the device. A method to add functionality and/or
reduce the total cost of ownership (TCO) of an embedded system is to support field updates. In
Zynq-7000 AP SoCs, the SoC and programmable logic can be updated, so field updates can be
very effective. Field updates are typically done over the Internet, which opens up attacks on an
embedded system to anyone with network access. Measured boot and network security are
critical in firmware updates.
Figure 1
shows an example system environment that uses measured boot. A server manages
the software load, update, and validation of fielded, embedded systems based on the
Zynq-7000 AP SoC. The embedded systems connect to the server using Ethernet. In addition to
updating software on the embedded systems, the server verifies that the correct, trusted
software is loaded. This verification by the server, done at boot and run time, is remote
attestation.
XAPP1309 (v1.0) March 7, 2017
Measured Boot of Zynq-7000 All
Programmable SoCs
Author: Lester Sanders
reference design files
for this application note from the Xilinx website.
www.xilinx.com
Application Note: Zynq-7000 AP SoC
1

Advertisement

Table of Contents
loading

Related Manuals for Xilinx Zynq-7000

Summary of Contents for Xilinx Zynq-7000

  • Page 1 (TCO) of an embedded system is to support field updates. In Zynq-7000 AP SoCs, the SoC and programmable logic can be updated, so field updates can be very effective. Field updates are typically done over the Internet, which opens up attacks on an embedded system to anyone with network access.
  • Page 2 The TPM is placed on the same board as the Zynq-7000 AP SoC. A device ID is associated with the Zynq-7000 SoC-TPM platform. The TPM provides cryptographic functions used in measure boot. The HROT is enhanced with the TPM because an adversary has to defeat both the Zynq-7000 AP SoC and the tamper-resistant TPM for a successful attack.
  • Page 3 Figure 2: Functional Diagram of Client Platform Based on Zynq-7000 AP SoC At power-up, the Zynq-7000 AP SoC on-chip BootROM code loads the first stage boot loader (FSBL). The FSBL loads U-boot, and U-Boot loads the Linux kernel, root file system, device tree, and Linux application software.

  • Page 4: Hardware And Software Requirements

    Micro Secure Digital (microSD) memory card (16 GB) • Ethernet cable • Xilinx Software Development Kit 2017.1 • Xilinx Vivado® Design Suite 2017.1 (optional) • Wind River Pulsar Linux 8.0 • VirtualBox 5.0.26 or higher (or VMware equivalent) • Ubuntu or Ubuntu command line virtual machine image in Open Virtual Appliance format •...

  • Page 5: Reference System Description

    Avnet IIoT drives a communication terminal. The strongSwan attestation server runs from VirtualBox. A browser is used to view the measurements and the implementation of the policy. X-Ref Target - Figure 3 X18725-020317 Figure 3: Measured Boot Reference Design XAPP1309 (v1.0) March 7, 2017 www.xilinx.com...
  • Page 6 Zynq-7000 AP SoC using the processing system (PS) serial peripheral interface (SPI) driver. Wind River Pulsar Linux (WRPL) 8.0 runs on MicroZed and includes the strongSwan client software. Prior to booting WRPL, the Zynq-7000 AP SoC runs the FSBL. The FSBL runs pre-boot authentication on the BootROM and FSBL.

  • Page 7: Hardware Root Of Trust

    Linux partitions loaded, not just the early load software. Hardware Root of Trust In Zynq-7000 AP SoCs, the HROT is based on the first code executed by the ARM® CPU0 at power-on. The code is stored in on-chip, metal-masked ROM, and is referred to as BootROM code.

  • Page 8: Measured Boot

    Measured Boot In Zynq-7000 AP SoCs, the term secure boot is used to define the secure loading of the bitstream and software at power-on. The bitstream is loaded into on-chip configuration memory. Software partitions encrypted in non-volatile memory (NVM) are generally authenticated, decrypted, and copied to DDR memory.

  • Page 9: Integrity Measurement Architecture

    In an IMA implementation, the client runs integrity measurement collection (IMC). The server runs integrity measurement verification (IMV). Figure 7 shows an example log when all Linux partitions are measured. X-Ref Target - Figure 7 X18726-020317 Figure 7: Integrity Measurement Architecture Evidence Log XAPP1309 (v1.0) March 7, 2017 www.xilinx.com...

  • Page 10: Trusted Platform Module

    (RTS) security. This application note focuses on the RTR in which the measurement log file held in the TPM’s PCRs is reported to the server. In addition to support for RTR, TPMs provide capability that might be useful in Zynq-7000 SoC applications. TPMs provide re-programmable non-volatile memory. The TPM hardened cryptographic functions allow a key to be securely transmitted to the Zynq-7000 device on demand.

  • Page 11: Zynq 7000 Soc-Tpm Interface

    The Zynq-7000 AP SoC connects to the SLB9670 TPM using the SPI bus. The Zynq-7000 AP SoC contains a hardened SPI IP in the PS and a soft AXI SPI IP in the programmable logic (PL). The PS SPI is used in the reference design because it saves PL resources.

  • Page 12: Network Security In Measured Boot

    A virtual private network is set up in the strongSwan architecture. A privacy CA generates the x509 certificates. The strongSwan Readme.txt provides information on the IPsec flow. XAPP1309 (v1.0) March 7, 2017 www.xilinx.com...

  • Page 13: Reference Design Functional Overview

    Conclusion Zynq-7000 AP SoCs provide significant advantages in their ability to program both hardware and software on the same device. Cost-effective firmware updates are a key to increasing embedded system capability and providing maintenance to reduce the TCO. Remote firmware updates rely on using the Internet, opening the embedded system to cryptographic attacks.

  • Page 14: Revision History

    (including loss of data, profits, goodwill, or any type of loss or damage suffered as a result of any action brought by a third party) even if such damage or loss was reasonably foreseeable or Xilinx had been advised of the possibility of the same.

Table of Contents