1. Manuals
  2. Brands
  3. Xilinx Manuals
  4. Motherboard
  5. Zynq-7000
  6. Application note

Hardware Root Of Trust - Xilinx Zynq-7000 Application Note

Programmable soc
Hide thumbs Also See for Zynq-7000:
Table of Contents

Advertisement

Hardware Root of Trust

Figure 5
shows three possible system setups. The strongSwan software running on an Ubuntu
server does both the remote attestation and the network security. The Ethernet connection can
be either direct from the PC to the Avnet board or dynamic host configuration protocol (DHCP)
using Ethernet wall sockets. In (a), the server is run on an Ubuntu installation on either
VirtualBox or VMware on the PC. In (b), an Ubuntu-based PC runs the strongSwan server. In (c),
the server runs on an Amazon web server (AWS). Xilinx does not provide the AWS account.
X-Ref Target - Figure 5
The reference system provides methods for a measured boot of a single client, providing
remote attestation of early load software (BootROM, FSBL) which is new functionality for
embedded systems. An actual connected system has multiple embedded devices, and the
strongSwan server measures all Linux partitions loaded, not just the early load software.
Hardware Root of Trust
In Zynq-7000 AP SoCs, the HROT is based on the first code executed by the ARM® CPU0 at
power-on. The code is stored in on-chip, metal-masked ROM, and is referred to as BootROM
code. BootROM code is immutable, and its principle function is to perform device initialization
and load the FSBL into read/writable on-chip memory (OCM). Neither the BootROM nor the
OCM are accessible at device pins. The BootROM Configuration Flowchart figure in Zynq-7000
All Programmable SoC Technical Reference Manual (UG585)
BootROM code functionality. If secure boot is specified, the BootROM authenticates the FSBL
using the RSA-2048 standard prior to execution of the FSBL. The Zynq-7000 AP SoC HROT is
enhanced by adding a TPM to the embedded platform. The TPM provides partition
measurements, cryptographic functions, and secure key storage for keys used by the Zynq-7000
AP SoC.
XAPP1309 (v1.0) March 7, 2017
Server
Laptop
Virtual Box
Ubuntu
strongSwan
Laptop
Ubuntu
strongSwan
Laptop
AWS
strongSwan
Figure 5: Reference System Hardware Setup Options
www.xilinx.com
Client
IIoT
Starter Kit
MicroZed
(a)
IIoT Starter Kit
MicroZed
(b)
IIoT
Starter Kit
MicroZed
(c)
X18732-030617
[Ref 1]
provides the flow of the
7
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Xilinx Zynq-7000

Related Content for Xilinx Zynq-7000

Table of Contents