ZynqMP AES Driver

Linux AES Driver for Zynq Ultrascale+ MPSoC

Table of Contents


This Linux AES driver is written using symmetric key framework. However as ZynqMP supports AES-GCM mode, the driver is migrated to more appropriate AEAD framework in release 2019.2. The old symmetric key framework based AES driver will be deprecated in release 2021.2


The Zynq UltraScale+ MPSoC includes an AES-GCM engine for symmetric key encryption and decryption. This block performs the modulus math based on Rivest-Shamir-Adelman (RSA)-4096 algorithm.
It is an symmetric algorithm. 
This block uses AES-GCM algorithm to encrypt or decrypt the provided data. It requires a key of size 256 bits and initialization vector(IV) of size 96 bits.

HW IP Features

  • Supports Symmetric key algorithm.

Features supported in driver

  • Supports Symmetric key algorithm.

Kernel Configuration

Cryptographic API  -→


TC Execution: Cross compile the below example and Need to create the executable file to test the AES functionality.

AF ALG AES Encrypt example

 With KUP key

AF ALG AES Decrypt example

With KUP key

  • The above applications demonstrate how to use user provided key or KUP key for AES encryption/decryption.

With Device/PUF key :

To use Device key or PUF key for data blob encryption/decryption , Create a primary boot image with PMU_FW (built with SECURE_ENVIRONMENT flag set).

To use device/puf key encryption/decryption, above applications remain same but with minor changes. Those changes should be as follows

__u8 key_type[] = {AES_DEVICE_KEY};


__u8 key_type[] = {AES_PUF_KEY};

for device key and puf key respectively.

And set socket options like below

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY_TYPE, key_type, 0);

setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, NULL, 0);

Expected Output

Please note as the data provided in user space will be located in virtual space, linux driver before handing off to ATF converts the data buffers to physical address.

Mainline status

  • This driver is currently not available in mainline kernel.

Change Log



  • crypto: zynqmp-aes: Adds zynqmp-aes driver


Initial commit

  • c7e7089 crypto: synqmp-aes: Adds zynqmp-aes driver 

Bug fixes 

  • 6c6033a crypto: zynqmp-aes: Fix for segfault seen with large sets of data
  • c1a602d crypto: zynqmp-aes: Adds an error code for zynqmp-aes driver

Related Links