Xilinx Secure Configuration Linux Driver

This page gives an overview of the xlnx_secure_config driver which is available as part of the Versal Linux distribution. Paths, files, links and documentation on this page are given relative to the Linux kernel source tree.

Table of Contents

Features supported in driver

  • Access to BBRAM, volatile user keys and eFuse.

Missing Features, Known Issues and Limitations

  • None

Kernel configuration

To ensure that the driver is included in the kernel image, make sure to enable Xilinx Secure Configuration nvmem firmware support in the Kernel configuration. This configuration is available under :

Device Drivers---> NVMEM Support---> <*>Xilinx Secure Configuration nvmem firmware support

PLM Configuration

To access BBRAM and EFUSE , PLM should be built by commenting #define PLM_NVM_EXCLUDE in xplmi_config.h. This will enable the NVM code in PLM. (By default it is disabled).

To write the specific eFuse, the below varibles  should be enabled in PLM according to the requirement.

xnvm_en_write_sec_crit_efuse -  For Security Critical eFuses

xnvm_en_write_user_efuse -  For User eFuses

xnvm_en_write_key_management_efuse - For key management eFuses

 

For both eFuse read and write, cache offset have to be provided by the user, where the offset is defined as follows:

1.offset is of 32 bit, where lower 16 bits indicate offset value of the corresponding memory device

2.Bit 17th of the offset is used to identify, which memory device should be programmed; To program eFuse, 17th bit of the offset should be set as 1, for BBRAM should be set to 0.

3.For eFuse write, user has the choice to enable or disable the environment disable variable, by setting the 18th bit of the offset to 1 or 0 respectively.

Device tree

Below device tree mentions the offset and size of the different registers which can be accessed using the Xilinx Secure Configuration driver:

versal_sec_cfg: versal-sec-cfg { compatible = "xlnx,versal-sec-cfg"; #address-cells = <1>; #size-cells = <1>; bbram_zeroize: bbram-zeroize@4 { reg = <0x04 0x4>; }; bbram_key: bbram-key@10 { reg = <0x10 0x20>; }; bbram_usr: bbram-usr@30 { reg = <0x30 0x4>; }; bbram_lock: bbram-lock@48 { reg = <0x48 0x4>; }; user_key0: user-key0@110 { reg = <0x110 0x20>; }; user_key1: user-key1@130 { reg = <0x130 0x20>; }; user_key2: user-key2@150 { reg = <0x150 0x20>; }; user_key3: user-key3@170 { reg = <0x170 0x20>; }; user_key4: user-key4@190 { reg = <0x190 0x20>; }; user_key5: user-key5@1B0 { reg = <0x1B0 0x20>; }; user_key6: user-key6@1D0 { reg = <0x1D0 0x20>; }; user_key7: user-key7@1F0 { reg = <0x1F0 0x20>; }; metaheader_iv: metaheader_iv@10180 { reg = <0x10180 0x0c>; }; plm_iv: plm_iv@101dc { reg = <0x101dc 0x0c>; }; black_iv: black_iv@101d0 { reg = <0x101d0 0x0c>; }; datapartition_iv: datapartition_iv@101e8 { reg = <0x101e8 0x0c>; }; security_misc: security_misc@100e8 { reg = <0x100e8 0x4>; }; user_1: user_1@10208 { reg = <0x10208 0x4>; }; user_2: user_2@1020c { reg = <0x1020c 0x4>; }; user_3: user_3@10210 { reg = <0x10210 0x4>; }; user_4: user_4@10214 { reg = <0x10214 0x4>; }; user_5: user_5@10218 { reg = <0x10218 0x4>; }; user_6: user_6@1021c { reg = <0x1021c 0x4>; }; user_7: user_7@10220 { reg = <0x10220 0x4>; }; user_8: user_8@10224 { reg = <0x10224 0x4>; }; user_9: user_9@10228 { reg = <0x10228 0x4>; }; user_10: user_10@1022c { reg = <0x1022c 0x4>; }; user_11: user_11@10230 { reg = <0x10230 0x4>; }; user_12: user_12@10234 { reg = <0x10234 0x4>; }; user_13: user_13@10238 { reg = <0x10238 0x4>; }; user_14: user_14@1023c { reg = <0x1023c 0x4>; }; user_15: user_15@10240 { reg = <0x10240 0x4>; }; user_16: user_16@10244 { reg = <0x10244 0x4>; }; user_17: user_17@10248 { reg = <0x10248 0x4>; }; user_18: user_18@1024c { reg = <0x1024c 0x4>; }; user_19: user_19@10250 { reg = <0x10250 0x4>; }; user_20: user_20@10254 { reg = <0x10254 0x4>; }; user_21: user_21@10258 { reg = <0x10258 0x4>; }; user_22: user_22@1025c { reg = <0x1025c 0x4>; }; user_23: user_23@10260 { reg = <0x10260 0x4>; }; user_24: user_24@10264 { reg = <0x10264 0x4>; }; user_25: user_25@10268 { reg = <0x10268 0x4>; }; user_26: user_26@1026c { reg = <0x1026c 0x4>; }; user_27: user_27@10270 { reg = <0x10270 0x4>; }; user_28: user_28@10274 { reg = <0x10274 0x4>; }; user_29: user_29@10278 { reg = <0x10278 0x4>; }; user_30: user_30@1027c { reg = <0x1027c 0x4>; }; user_31: user_31@10280 { reg = <0x10280 0x4>; }; user_32: user_32@10284 { reg = <0x10284 0x4>; }; user_33: user_33@10288 { reg = <0x10288 0x4>; }; user_34: user_34@1028c { reg = <0x1028c 0x4>; }; user_35: user_35@10290 { reg = <0x10290 0x4>; }; user_36: user_36@10294 { reg = <0x10294 0x4>; }; user_37: user_37@10298 { reg = <0x10298 0x4>; }; user_38: user_38@1029c { reg = <0x1029c 0x4>; }; user_39: user_39@102a0 { reg = <0x102a0 0x4>; }; user_40: user_40@102a4 { reg = <0x102a4 0x4>; }; user_41: user_41@102a8 { reg = <0x102a8 0x4>; }; user_42: user_42@102ac { reg = <0x102ac 0x4>; }; user_43: user_43@102b0 { reg = <0x102b0 0x4>; }; user_44: user_44@102b4 { reg = <0x102b4 0x4>; }; user_45: user_45@102b8 { reg = <0x102b8 0x4>; }; user_46: user_46@102bc { reg = <0x102bc 0x4>; }; user_47: user_47@102c0 { reg = <0x102c0 0x4>; }; user_48: user_48@102c4 { reg = <0x102c4 0x4>; }; user_49: user_49@102c8 { reg = <0x102c8 0x4>; }; user_50: user_50@102cc { reg = <0x102cc 0x4>; }; user_51: user_51@102d0 { reg = <0x102d0 0x4>; }; user_52: user_52@102d4 { reg = <0x102d4 0x4>; }; user_53: user_53@102d8 { reg = <0x102d8 0x4>; }; user_54: user_54@102dc { reg = <0x102dc 0x4>; }; user_55: user_55@102e0 { reg = <0x102e0 0x4>; }; user_56: user_56@102e4 { reg = <0x102e4 0x4>; }; user_57: user_57@102e8 { reg = <0x102e8 0x4>; }; user_58: user_58@102ec { reg = <0x102ec 0x4>; }; user_59: user_59@102f0 { reg = <0x102f0 0x4>; }; user_60: user_60@102f4 { reg = <0x102f4 0x4>; }; user_61: user_61@102f8 { reg = <0x102f8 0x4>; }; user_62: user_62@102fc { reg = <0x102fc 0x4>; }; user_63: user_63@10300 { reg = <0x10300 0x4>; }; aux: aux@100a4 { reg = <0x100a4 0x4>; }; chash: chash@100a8 { reg = <0x100a8 0x4>; }; revocationid_0: revocationid_0@100b0 { reg = <0x100b0 0x4>; }; revocationid_1: revocationid_1@100b4 { reg = <0x100b4 0x4>; }; revocationid_2: revocationid_2@100b8 { reg = <0x100b8 0x4>; }; revocationid_3: revocationid_3@100bc { reg = <0x100bc 0x4>; }; revocationid_4: revocationid_4@100c0 { reg = <0x100c0 0x4>; }; revocationid_5: revocationid_5@100c4 { reg = <0x100c4 0x4>; }; revocationid_6: revocationid_6@100c8 { reg = <0x100c8 0x4>; }; revocationid_7: revocationid_7@100cc { reg = <0x100cc 0x4>; }; offchip_revoke_0: offchip_revoke_0@10160 { reg = <0x10160 0x4>; }; offchip_revoke_1: offchip_revoke_1@10164 { reg = <0x10164 0x4>; }; offchip_revoke_2: offchip_revoke_2@10168 { reg = <0x10168 0x4>; }; offchip_revoke_3: offchip_revoke_3@1016c { reg = <0x1016c 0x4>; }; offchip_revoke_4: offchip_revoke_4@10170 { reg = <0x10170 0x4>; }; offchip_revoke_5: offchip_revoke_5@10174 { reg = <0x10174 0x4>; }; offchip_revoke_6: offchip_revoke_6@10178 { reg = <0x10178 0x4>; }; offchip_revoke_7: offchip_revoke_7@1017c { reg = <0x1017c 0x4>; }; security_control: security_control@100ac { reg = <0x100ac 0x4>; }; pufdata: pufdata@1ffff { reg = <0x1ffff 0x408>; }; puf_syndata: puf_syndata@10a04 { reg = <0x10a04 0x1fc>; }; ppk0_hash: ppk0_hash@10100 { reg = <0x10100 0x20>; }; ppk1_hash: ppk1_hash@10104 { reg = <0x10104 0x20>; }; ppk2_hash: ppk2_hash@10108 { reg = <0x10108 0x20>; }; anlg_trim3: anlg_trim3@10010 { reg = <0x10010 0x4>; }; boot_env_ctrl: boot_env_ctrl@10094 { reg = <0x10094 0x4>; }; misc_ctrl: misc_ctrl@100a0 { reg = <0x100a0 0x4>; }; security_misc0: security_misc0@100e4 { reg = <0x100e4 0x4>; }; dna_0: dna_0@10020 { reg = <0x10020 0x4>; }; dna_1: dna_1@10024 { reg = <0x10024 0x4>; }; dna_2: dna_2@10028 { reg = <0x10028 0x4>; }; dna_3: dna_3@1002c { reg = <0x1002c 0x4>; }; };

The following table gives the overview of possible addresses for read/write and with the sizes for BBRAM. For eFuses all the above mentioned eFuses has read and write permissions except dna which has only read permissions.

Register

Read

Write

Size in bytes

Offset is

Register

Read