xilskey
Table of Contents
Introduction
This page gives an overview of xilskey library.The LibXil SKey Library provides a programming mechanism for user-defined eFUSE bits and for programming the KEY into battery-backed RAM (BBRAM).
How to enable
xilskey library can be found at
https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilskey
xilskey
|
- data - Provides the API and data structure details
|
- src - Driver source files which are further organised into
|
- examples - Contains example applications demonstrating the use of xilskey library
Features Supported
- Programming/reading eFUSE's AES key, RSA hashs, User key and control secure bits.
- Programming BBRAM with AES key.
Zynq
PL- PL eFUSE is accessed by PS via MIO pins which are used for PL JTAG signals, these can be changed depending on the hardware.
- eFUSE holds the AES key, User key and some of the feature bits.
- BBRAM holds the AES key
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_efuse_example.c
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_bbram_example.c
PS
- PS eFUSE holds the RSA primary key hash bits and user feature bits
ZynqMP
- It has PS eFUSE and BBRAM.
- PS eFUSE holds AES key, user key, PPK0 and PPK1 hashs, SPK ID and some other features.
- BBRAM holds AES key.
- Library also supports PUF registration and programming eFUSE with generated PUF helper data, CHASH and auxilary data
- Example provided for PUF registration illustrates generating black key with provided red key using AES engine (Xilsecure library) and programming eFUSE with black key.
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_efuseps_zynqmp_example.c
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_bbramps_zynqmp_example.c
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_puf_registration.c
For detailed information you may also refer to
https://www.xilinx.com/support/documentation/application_notes/xapp1319-zynq-usp-prog-nvm.pdfUltraScale or UltraScale Plus
- Ultrascale's eFUSE and BBRAM are accessed through MASTER JTAG. Crucial programming sequence will be taken care by Hardware module. So Hardware module should be added compulsory in the design.
- PL eFUSE holds AES key, user keys and RSA key's hash and some other features
- PL BBRAM holds AES key with configurable DPA protection, also supports obfuscated key programming.
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_bbram_ultrascale_example.c
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_efuse_example.c
For detailed information you may also refer to
https://www.xilinx.com/support/documentation/application_notes/xapp1283-internalprogramming-bbram-efuses.pdfTest cases
Test cases ran by taking examples from example folder specified above.Library Parameters
Each example has .h file where user needs to configure the parameters as per the requirement, Detailed description can be found at each header file's header.Note:
eFUSE bits are one-time programmable. Once they are burnt, they cannot be modified.Complete documentation of API descriptions and usage can be found at
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/doc/xilskey.pdf
Changelog
2016.3
Zynq :- Fixed Zynq eFUSE programming sequence, by programming DFT bits before eFUSE write protect bit.
- Added margin 2 read checks for Zynq eFUSE PS and PL.
Ultrascale:
- Ultrscale eFUSE programming is handled using hardware module, Hardware module is controlled through GPIO pins,
- Corrected sysmon temperature reads of sysmon to 16-bit resolution.
- Added 128 bit user key programming.
- Provided single bit programming for User keys 32 and 128 bit User keys.
- Added error codes on failures.
- BBRAM is updated to have DPA protection and count configuration.
- Modified ZynqMP PS eFUSE's single USER key programming to separate 32 bit User keys. Provided single bit programming for User Key.
2016.4
ZynqMP:- Added support for PUF registration, programming eFUSE with syndrome data, Auxilary value and CHash value.
Zynq:
- Removed ForcePowerCycle and JtagDisable, from BBRAM Zynq PL instance as they are not actually programming any control bit.
2017.1
ZynqMP:- On ZynqMP Added CRC check after programming whole AES key.
- For each ZynqMP eFUSE bit programming added verification with all 3 margin reads
- Removed temperaure and voltage checks for every eFUSE bit programming for ZynqMP.
- Added support for programming more secure control bits-Lbist,LPD/FPD SC enable.
- Modified PROG_GATE programming from three inputs to one.
2017.2
None2017.3
- Provided support for programming eFUSE and BBRAM of Kintex Ultrascale plus
2017.4
None2018.1
- Corrected status bits of Ultrascale Plus