manualshive.com logo in svg

Xilinx Zynq-7000, Примечание к применению

Xilinx Zynq-7000 - мощный программируемый микропроцессорный комплекс, объединяющий процессор ARM с логикой программируемых вентилей. Чтобы узнать больше о возможностях этого устройства, загрузите бесплатный руководство пользователя с manualshive.com. В нем содержится вся необходимая информация для работы с Xilinx Zynq-7000.

Поделиться
Скачать
background image

Zynq 7000 SoC-TPM Interface

XAPP1309 (v1.0) March 7, 2017

 11

www.xilinx.com

Zynq 7000 SoC-TPM Interface

The Zynq-7000 SoC-TPM interface provides the communication between the Zynq-7000 device 

and the Infineon OPTIGA SLB9670 TPM. The interface uses commands from a tpm_toolbox. The 

tpm_toolbox supports the following categories of commands:

• PCR  reset
• Physical presence
• Get capability
• TPM startup/activate/physical enable
• PCR read/PCR extend

There are multiple commands in each category. A subset of the commands is used in the 

reference design. The Zynq-7000 AP SoC connects to the SLB9670 TPM using the SPI bus. The 

Zynq-7000 AP SoC contains a hardened SPI IP in the PS and a soft AXI SPI IP in the 

programmable logic (PL). The PS SPI is used in the reference design because it saves PL 

resources.

Figure 9

 shows SPI-TPM functions implemented in the FSBL for the reference design.

In the measured boot reference design, the FSBL is modified to calculate the SHA-1 of the 

BootROM and the FSBL, and then extend the SHA-1 digests into the TPM’s PCRs. The SHA-1 

values are calculated in 

sha1.c

. Code to take ownership and activate the TPM is in 

slb9670_tpm_spi.c

. The PCRs are extended in 

slb9670_spi_tpm.c

. Other files added to 

fsbl/src

 include 

tpm_tools.h

tpm_tools.c

tpm_spi.c

tpm_spi_tis.c

, and 

tpm.h

Because BootROM code is not accessible by the FSBL, the SHA-1 calculated for the BootROM is 

calculated on the cyclic redundancy check (CRC) written by the BootROM code.

The FSBL TPM driver can be encrypted when stored in NVM and then decrypted and run from 

OCM. The reason for the FSBL extending the TPM PCRs with early load measurements is to limit 

the malicious attacker’s time to change the code.

In the Avnet Starter IIoT board, the PS SPI interfaces to the SLB9670 Pmod using an MIO 

connection. To drive the pin reset of the TPM, the Zynq-7000 AP SoC hardware design includes 

a PS GPIO which is used to drive the TPM reset pin. The ResetTPM function is in 

main.c

.

X-Ref Target - Figure 9

Figure 9:

FSBL TPM SPI Driver Functional Diagram

Calculate 

SHA-1

BootROM 

CRC

Calculate 

SHA-1

FSBL

Extend PCR0

SHA-1 

BootROM

CRC

Extend 

PCR4

SHA-1 

FSBL

TPM

Take

Ownership

TPM

Activate

TPM

Startup

X18733-020317

Содержание Zynq-7000

Страница 1: ...ation note from the Xilinx website Introduction In most current applications Xilinx FPGAs and SoCs are programmed once at the factory and often not reconfigured for the life cycle of the device A meth...

Страница 2: ...etwork update the software re run remote attestation and allow the client to connect to the network if the software can be trusted Isolating a corrupted embedded system from the network limits its abi...

Страница 3: ...ts are transmitted to the server for remote attestation The TPM cryptographically signs the SHA 1 values in PCRs so that partition measurements are not transmitted from the embedded system in plain te...

Страница 4: ...rd Two USB type A to USB mini B cables for UART and JTAG communication Micro Secure Digital microSD memory card 16 GB Ethernet cable Xilinx Software Development Kit 2017 1 Xilinx Vivado Design Suite 2...

Страница 5: ...p for the single client system used in the reference design The client in the Avnet IIoT drives a communication terminal The strongSwan attestation server runs from VirtualBox A browser is used to vie...

Страница 6: ...icroZed and includes the strongSwan client software Prior to booting WRPL the Zynq 7000 AP SoC runs the FSBL The FSBL runs pre boot authentication on the BootROM and FSBL The FSBL then executes PCR ex...

Страница 7: ...rust In Zynq 7000 AP SoCs the HROT is based on the first code executed by the ARM CPU0 at power on The code is stored in on chip metal masked ROM and is referred to as BootROM code BootROM code is imm...

Страница 8: ...tems which use measured boot Secure boot and measured boot functionality are complementary Connecting embedded systems to a network provides a method for firmware updates Embedded systems connected to...

Страница 9: ...ents RIMs and acts according to a predefined policy In the reference design this is referred to as the policy decision point PDP After running measured boot a server website provides a summary of meas...

Страница 10: ...remote attestation of a client is based on a quote A quote is measurement or evidence on the partitions booted In TPM 1 2 an SHA 1 digest is used as the measurement for partitions loaded In TPM 2 0 a...

Страница 11: ...n extend the SHA 1 digests into the TPM s PCRs The SHA 1 values are calculated in sha1 c Code to take ownership and activate the TPM is in slb9670_tpm_spi c The PCRs are extended in slb9670_spi_tpm c...

Страница 12: ...rd PTS formats for interoperability between applications and vendors The policy decision point PDP defines the action taken by the server after measurement verification A typical policy action is to l...

Страница 13: ...nager The process is defined on the strongSwan website Conclusion Zynq 7000 AP SoCs provide significant advantages in their ability to program both hardware and software on the same device Cost effect...

Страница 14: ...You may not reproduce modify distribute or publicly display the Materials without prior written consent Certain products are subject to the terms and conditions of Xilinx s limited warranty please re...

Отзывы:

Нет отзывов

Похожие инструкции для Zynq-7000

Atmel ATA8510-EK1 Application Note preview
ATA8510-EK1
Бренд: Atmel Страницы: 22
DIEBOLD NIXDORF P1.0-APL-AIO User Manual preview
P1.0-APL-AIO
Бренд: DIEBOLD NIXDORF Страницы: 96
National Semiconductor LP3972 User Manual preview
LP3972
Бренд: National Semiconductor Страницы: 13
MSI K7D Master-L User Manual preview
K7D Master-L
Бренд: MSI Страницы: 112
MSI K8N Neo3 MS-7135 User Manual preview
K8N Neo3 MS-7135
Бренд: MSI Страницы: 124
Gigabyte GA-Q270M-D3H User Manual preview
GA-Q270M-D3H
Бренд: Gigabyte Страницы: 40
Sanela SLZA 30 Instructions For Use Manual preview
SLZA 30
Бренд: Sanela Страницы: 30
MSI 970A-G46 Series Manual preview
970A-G46 Series
Бренд: MSI Страницы: 78
Arbor Technology EmETXe-i91M0 User Manual preview
EmETXe-i91M0
Бренд: Arbor Technology Страницы: 68
ASROCK 775Twins-HDTV User Manual preview
775Twins-HDTV
Бренд: ASROCK Страницы: 43
Texas Instruments DEM-DSD1796 User Manual preview
DEM-DSD1796
Бренд: Texas Instruments Страницы: 24
Infineon TLE9012AQU User Manual preview
TLE9012AQU
Бренд: Infineon Страницы: 14
MSI MS-6380 LE User Manual preview
MS-6380 LE
Бренд: MSI Страницы: 6
MSI A320M gaming pro Manual preview
A320M gaming pro
Бренд: MSI Страницы: 20
DFI SU171 User Manual preview
SU171
Бренд: DFI Страницы: 79
Brother BAS H series Instruction Manual preview
BAS H series
Бренд: Brother Страницы: 141
Acorp 6A815EPQ User Manual preview
6A815EPQ
Бренд: Acorp Страницы: 68
Acorp 4D845AP User Manual preview
4D845AP
Бренд: Acorp Страницы: 74

Бренды по названию

Популярные бренды

Загрузить еще бренды