FPGA Support
As described in the Boot Time Security, FPGA-only devices also need to maintain security while deploying them in the field. Xilinx® tools provide embedded IP modules to achieve the Encryption and Authentication, is part of programming logic. Bootgen extends the secure image creation (Encrypted and/or Authenticated) support for FPGA family devices from 7 series and beyond. This chapter details some of the examples of how Bootgen can be used to encrypt and authenticate a bitstream. Bootgen support for FPGAs is available in the standalone Bootgen install.
Encryption and Authentication
Xilinx® 7 series FPGAs use the embedded, PL-based, hash-based message authentication code (HMAC) and an advanced encryption standard (AES) module with a cipher block chaining (CBC) mode. For UltraScale devices and beyond, AES-256/Galois Counter Mode (GCM) are used, and HMAC is not required.
Encryption Example
To create an encrypted bitstream, the AES key file is specified in the BIF
using the attribute aeskeyfile. The attribute encryption=aes
should be specified against the bitstream
listed in the BIF file that needs to be
encrypted.
bootgen -arch fpga -image secure.bif -w -o securetop.bit
The BIF file looks like the following:
the_ROM_image:
{
[aeskeyfile] encrypt.nky
[encryption=aes] top.bit
}
Authentication Example
A Bootgen command to authenticate an FPGA bitstream is as follows:
bootgen -arch fpga -image all.bif -o rsa.bit -w on -log error
The BIF file is as follows:
the_ROM_image:
{
[sskfile] rsaPrivKeyInfo.pem
[authentication=rsa] plain.bit
}
Family or Obfuscated Key
To support obfuscated key encryption, you must register with Xilinx support and request the family key file for the target device family. The path to where this file is stored must be passed as a bif option before attempting obfuscated encryption. Contact secure.solutions@xilinx.com to obtain the Family Key.
image:
{
[aeskeyfile] key_file.nky
[familykey] familyKey.cfg
[encryption=aes] top.bit
}
HSM Mode
For production, FPGAs use the HSM mode, and can also be used in Standard mode.
Standard Mode
Standard mode generates a bitstream which has the authentication signature embedded. In this mode, the secret keys are supposed to be available to the user for generating the authenticated bitstream. Run Bootgen as follows:
bootgen -arch fpga -image all.bif -o rsa_ref.bit -w on -log error
The following steps listed below describe how to generate an authenticated bitstream in HSM mode, where the secret keys are maintained by secure team and not available with the user. The following figure shows the HSM mode flow:
Stage 0: Authenticate with dummy key
This is a one time task for a given bit stream. For stage 0, Bootgen generates the stage0.bif file.
bootgen -arch fpga -image stage0.bif -w -o dummy.bit -log error
The content of stage0.bif
is as follows. Refer to the next stages
for format.
the_ROM_image:
{
[sskfile] dummykey.pem
[authentication=rsa] plain.bit
}
Stage 1: Generate hashes
bootgen -arch fpga
-image stage1.bif -generate_hashes -log error
Stage1.bif is as follows:
the_ROM_image:
{
[authentication=rsa] dummy.bit
}
Stage 2: Sign the hash HSM
Here, OpenSSL is used for demonstration.
openssl rsautl -sign
-inkey rsaPrivKeyInfo.pem -in dummy.sha384 > dummy.sha384.sig
Stage 3: Update the RSA certificate with Actual Signature
The Stage3.bif is as follows:
bootgen -arch fpga -image stage3.bif -w -o rsa_rel.bit -log error
the_ROM_image:
{
[spkfile] rsaPubKeyInfo.pem
[authentication=rsa, presign=dummy.sha384.sig]dummy.bit
}
HSM Flow with Both Authentication and Encryption
Stage 0: Encrypt and authenticate the plain bitstream with dummy key. Add the keylife parameter if keyrolling is required.
You can provide the .nky file, or Bootgen can generate .nky file that contains the keys for encryption.
Obfuscated AES key generation is not supported by Bootgen. The keylife
parameter is necessary for the keyrolling
feature.
the_ROM_image:
{
[aeskeyfile] encrypt.nky
[sskfile] dummykey.pem
[encryption=aes, authentication=rsa,keylife =32] plain-system.bit
}
bootgen -arch fpga -image stage0.bif -w -o auth-encrypt-system.bit -log info
After
this step, the .nky file is generated if encryption
is enabled. This file contains all the keys. Stage 1: Generate hashes
See the following code for an example.
the_ROM_image:
{
[authentication=rsa] auth-encrypt-system.bit
}
bootgen -arch fpga -image stage1.bif -generate_hashes -log info
Stage 2: Sign the hash HSM
Here, OpenSSL is used for demonstration.
openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.sha384 > auth-encrypt-system.sha384.sig
You can use the HSM server to sign the hashes. For SSI technology devices, generate the signatures for each super logic region (SLR). The following example shows the code to generate the signatures for a device with four SLRs.
openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.0.sha384 > auth-encrypt-system.0.sha384.sig
openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.1.sha384 > auth-encrypt-system.1.sha384.sig
openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.2.sha384 > auth-encrypt-system.2.sha384.sig
openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.3.sha384 > auth-encrypt-system.3.sha384.sig
Stage 3: Update the RSA certificate with the actual signature
See the following code for an example.
the_ROM_image:
{
[spkfile] rsaPubKeyInfo.pem
[authentication=rsa, presign=auth-encrypt-system.sha384.sig] auth-encrypt-system.bit
}
Command:bootgen -arch fpga -image stage3.bif -w -o rsa_encrypt.bit -log info
presign=<first presign
filename>:<number of total presigns>
. For example, a device
with four SLRs should have <first presign
filename:4>
.