manualshive.com logo in svg

Xilinx Zynq-7000, Application Note

The Xilinx Zynq-7000 is a powerful system-on-chip (SoC) that combines a dual-core ARM Cortex-A9 processor with programmable logic for ultimate customization. Get started with this innovative product by downloading the manual for free from manualshive.com and unlock its full potential today.

Share
Download
background image

XAPP1309 (v1.0) March 7, 2017

 1

www.xilinx.com

Summary

The secure boot functionality for the Zynq®-7000 All Programmable (AP) SoC provides the 

capability to authenticate all partitions loaded at boot using RSA-2048 authentication. It also 

supports advanced encryption standard (AES) encryption of partitions that need confidentiality. 

The Zynq-7000 AP SoC immutable BootROM includes security functions to provide a hardware 

root of trust (HROT) to protect against early load attacks.

This application note discusses a method to add measured boot capability to Zynq-7000 AP 

SoCs used in a connected environment. A server provides remote attestation that the 

embedded systems boot with trusted software over a secure network. The method uses a 

trusted platform module (TPM) to enhance the HROT functionality. The TPM provides 

cryptographic functions in a cost-effective, tamper-resistant device which are an effective 

complement to Zynq-7000 SoC security functions.

Download the 

reference design files

 for this application note from the Xilinx website.

Introduction

In most current applications, Xilinx FPGAs and SoCs are programmed once at the factory and 

often not reconfigured for the life cycle of the device. A method to add functionality and/or 

reduce the total cost of ownership (TCO) of an embedded system is to support field updates. In 

Zynq-7000 AP SoCs, the SoC and programmable logic can be updated, so field updates can be 

very effective. Field updates are typically done over the Internet, which opens up attacks on an 

embedded system to anyone with network access. Measured boot and network security are 

critical in firmware updates.

Figure 1

 shows an example system environment that uses measured boot. A server manages 

the software load, update, and validation of fielded, embedded systems based on the 

Zynq-7000 AP SoC. The embedded systems connect to the server using Ethernet. In addition to 

updating software on the embedded systems, the server verifies that the correct, trusted 

software is loaded. This verification by the server, done at boot and run time, is remote 

attestation.

Application Note: Zynq-7000 AP SoC

XAPP1309 (v1.0) March 7, 2017

Measured Boot of Zynq-7000 All 
Programmable SoCs

Author: Lester Sanders

Summary of Contents for Zynq-7000

Page 1: ...ation note from the Xilinx website Introduction In most current applications Xilinx FPGAs and SoCs are programmed once at the factory and often not reconfigured for the life cycle of the device A meth...

Page 2: ...etwork update the software re run remote attestation and allow the client to connect to the network if the software can be trusted Isolating a corrupted embedded system from the network limits its abi...

Page 3: ...ts are transmitted to the server for remote attestation The TPM cryptographically signs the SHA 1 values in PCRs so that partition measurements are not transmitted from the embedded system in plain te...

Page 4: ...rd Two USB type A to USB mini B cables for UART and JTAG communication Micro Secure Digital microSD memory card 16 GB Ethernet cable Xilinx Software Development Kit 2017 1 Xilinx Vivado Design Suite 2...

Page 5: ...p for the single client system used in the reference design The client in the Avnet IIoT drives a communication terminal The strongSwan attestation server runs from VirtualBox A browser is used to vie...

Page 6: ...icroZed and includes the strongSwan client software Prior to booting WRPL the Zynq 7000 AP SoC runs the FSBL The FSBL runs pre boot authentication on the BootROM and FSBL The FSBL then executes PCR ex...

Page 7: ...rust In Zynq 7000 AP SoCs the HROT is based on the first code executed by the ARM CPU0 at power on The code is stored in on chip metal masked ROM and is referred to as BootROM code BootROM code is imm...

Page 8: ...tems which use measured boot Secure boot and measured boot functionality are complementary Connecting embedded systems to a network provides a method for firmware updates Embedded systems connected to...

Page 9: ...ents RIMs and acts according to a predefined policy In the reference design this is referred to as the policy decision point PDP After running measured boot a server website provides a summary of meas...

Page 10: ...remote attestation of a client is based on a quote A quote is measurement or evidence on the partitions booted In TPM 1 2 an SHA 1 digest is used as the measurement for partitions loaded In TPM 2 0 a...

Page 11: ...n extend the SHA 1 digests into the TPM s PCRs The SHA 1 values are calculated in sha1 c Code to take ownership and activate the TPM is in slb9670_tpm_spi c The PCRs are extended in slb9670_spi_tpm c...

Page 12: ...rd PTS formats for interoperability between applications and vendors The policy decision point PDP defines the action taken by the server after measurement verification A typical policy action is to l...

Page 13: ...nager The process is defined on the strongSwan website Conclusion Zynq 7000 AP SoCs provide significant advantages in their ability to program both hardware and software on the same device Cost effect...

Page 14: ...You may not reproduce modify distribute or publicly display the Materials without prior written consent Certain products are subject to the terms and conditions of Xilinx s limited warranty please re...

Reviews:

No comments

Related manuals for Zynq-7000

Texas Instruments AFE4500EVM User Manual preview
AFE4500EVM
Brand: Texas Instruments Pages: 52
Texas Instruments TLV320AIC3111 EVM User Manual preview
TLV320AIC3111 EVM
Brand: Texas Instruments Pages: 39
MSI MS-6135 User Manual preview
MS-6135
Brand: MSI Pages: 69
Gigabyte GA-E3000N User Manual preview
GA-E3000N
Brand: Gigabyte Pages: 31
JETWAY S445R1A User Manual preview
S445R1A
Brand: JETWAY Pages: 48
ST STEVAL-ISB042V1 User Manual preview
STEVAL-ISB042V1
Brand: ST Pages: 26
Gigabyte GA-8VM800M User Manual preview
GA-8VM800M
Brand: Gigabyte Pages: 80
IDT Tsi84 User Manual preview
Tsi84
Brand: IDT Pages: 43
Linear Technology DC1923A Manual preview
DC1923A
Brand: Linear Technology Pages: 8
Texas Instruments bq2083EVM-001 User Manual preview
bq2083EVM-001
Brand: Texas Instruments Pages: 33
Toshiba MCU FLASH WRITER Instruction Manual preview
MCU FLASH WRITER
Brand: Toshiba Pages: 5
Toshiba SAPPHIRE-67CFSG User Manual preview
SAPPHIRE-67CFSG
Brand: Toshiba Pages: 14
Toshiba TMPM330 User Manual preview
TMPM330
Brand: Toshiba Pages: 31
Infineon TLD2252-2EP User Manual preview
TLD2252-2EP
Brand: Infineon Pages: 14
Infineon XMC4800 Getting Started preview
XMC4800
Brand: Infineon Pages: 31
Infineon TLE4966 MS2GO Quick Start Manual preview
TLE4966 MS2GO
Brand: Infineon Pages: 38
Infineon TriBoard TC3 6 Series Manual preview
TriBoard TC3 6 Series
Brand: Infineon Pages: 55
DTK PRM-68I User Manual preview
PRM-68I
Brand: DTK Pages: 38

Brands by name

Popular brands

Load more brands