FPGA Support

As described in the Boot Time Security, FPGA-only devices also need to maintain security while deploying them in the field. Xilinx® tools provide embedded IP modules to achieve the Encryption and Authentication, is part of programming logic. Bootgen extends the secure image creation (Encrypted and/or Authenticated) support for FPGA family devices from 7 series and beyond. This chapter details some of the examples of how Bootgen can be used to encrypt and authenticate a bitstream. Bootgen support for FPGAs is available in the standalone Bootgen install.

Note: Only bitstreams from 7 series devices and beyond are supported.

Encryption and Authentication

Xilinx® 7 series FPGAs use the embedded, PL-based, hash-based message authentication code (HMAC) and an advanced encryption standard (AES) module with a cipher block chaining (CBC) mode. For UltraScale devices and beyond, AES-256/Galois Counter Mode (GCM) are used, and HMAC is not required.

Encryption Example

To create an encrypted bitstream, the AES key file is specified in the BIF using the attribute aeskeyfile. The attribute encryption=aes should be specified against the bitstream listed in the BIF file that needs to be encrypted.

bootgen -arch fpga -image secure.bif -w -o securetop.bit

The BIF file looks like the following:

the_ROM_image:
{
	[aeskeyfile] encrypt.nky
	[encryption=aes] top.bit
}

Authentication Example

A Bootgen command to authenticate an FPGA bitstream is as follows:

bootgen -arch fpga -image all.bif -o rsa.bit -w on -log error

The BIF file is as follows:

the_ROM_image:
{
	[sskfile] rsaPrivKeyInfo.pem
	[authentication=rsa] plain.bit
}

Family or Obfuscated Key

To support obfuscated key encryption, you must register with Xilinx support and request the family key file for the target device family. The path to where this file is stored must be passed as a bif option before attempting obfuscated encryption. Contact secure.solutions@xilinx.com to obtain the Family Key.

image:
{
	[aeskeyfile] key_file.nky
	[familykey] familyKey.cfg
	[encryption=aes] top.bit
}
A sample aeskey file is shown in the following image.
Figure 1: AES Key Sample

HSM Mode

For production, FPGAs use the HSM mode, and can also be used in Standard mode.

Standard Mode

Standard mode generates a bitstream which has the authentication signature embedded. In this mode, the secret keys are supposed to be available to the user for generating the authenticated bitstream. Run Bootgen as follows:

bootgen -arch fpga -image all.bif -o rsa_ref.bit -w on -log error

The following steps listed below describe how to generate an authenticated bitstream in HSM mode, where the secret keys are maintained by secure team and not available with the user. The following figure shows the HSM mode flow:

Figure 2: HSM Mode Flow

Stage 0: Authenticate with dummy key

This is a one time task for a given bit stream. For stage 0, Bootgen generates the stage0.bif file.

bootgen -arch fpga -image stage0.bif -w -o dummy.bit -log error

The content of stage0.bif is as follows. Refer to the next stages for format.

the_ROM_image:
{
	[sskfile] dummykey.pem
	[authentication=rsa] plain.bit
}
Note: The authenticated bitstream has a header, an actual bitstream, a signature and a footer. This dummy.bit is created to get a bitstream in the format of authenticated bitstream, with a dummy signature. Now, when the dummy bit file is given to Bootgen, it calculates the signature and inserts at the offset to give an authenticated bitstream.

Stage 1: Generate hashes

bootgen -arch fpga
          -image stage1.bif -generate_hashes -log error

Stage1.bif is as follows:

the_ROM_image:
{
	[authentication=rsa] dummy.bit
}

Stage 2: Sign the hash HSM

Here, OpenSSL is used for demonstration.

openssl rsautl -sign
  -inkey rsaPrivKeyInfo.pem -in dummy.sha384 > dummy.sha384.sig

Stage 3: Update the RSA certificate with Actual Signature

The Stage3.bif is as follows:

bootgen -arch fpga -image stage3.bif -w -o rsa_rel.bit -log error
the_ROM_image:
{
	 [spkfile] rsaPubKeyInfo.pem
	 [authentication=rsa, presign=dummy.sha384.sig]dummy.bit
}
Note: The public key digest, which must be burnt into eFUSEs, can be found in the generated rsaPubKeyInfo.pem.nky file in Stage3 of HSM mode.

HSM Flow with Both Authentication and Encryption

Stage 0: Encrypt and authenticate the plain bitstream with dummy key. Add the keylife parameter if keyrolling is required.

You can provide the .nky file, or Bootgen can generate .nky file that contains the keys for encryption. Obfuscated AES key generation is not supported by Bootgen. The keylife parameter is necessary for the keyrolling feature.

the_ROM_image:

{

[aeskeyfile] encrypt.nky

[sskfile] dummykey.pem

[encryption=aes, authentication=rsa,keylife =32] plain-system.bit

}

bootgen -arch fpga -image stage0.bif -w -o auth-encrypt-system.bit -log info
After this step, the .nky file is generated if encryption is enabled. This file contains all the keys.

Stage 1: Generate hashes

See the following code for an example.

the_ROM_image:

{

[authentication=rsa] auth-encrypt-system.bit

}

 

bootgen -arch fpga -image stage1.bif -generate_hashes -log info

Stage 2: Sign the hash HSM

Here, OpenSSL is used for demonstration.

openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.sha384 > auth-encrypt-system.sha384.sig

You can use the HSM server to sign the hashes. For SSI technology devices, generate the signatures for each super logic region (SLR). The following example shows the code to generate the signatures for a device with four SLRs.

openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.0.sha384 > auth-encrypt-system.0.sha384.sig

openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.1.sha384 > auth-encrypt-system.1.sha384.sig

openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.2.sha384 > auth-encrypt-system.2.sha384.sig

openssl rsautl -sign -inkey rsaPrivKeyInfo.pem -in auth-encrypt-system.3.sha384 > auth-encrypt-system.3.sha384.sig

Stage 3: Update the RSA certificate with the actual signature

See the following code for an example.

the_ROM_image:

{

[spkfile] rsaPubKeyInfo.pem

[authentication=rsa, presign=auth-encrypt-system.sha384.sig] auth-encrypt-system.bit

}

Command:bootgen -arch fpga -image stage3.bif -w -o rsa_encrypt.bit -log info
Note: For SSI technology devices, use presign=<first presign filename>:<number of total presigns>. For example, a device with four SLRs should have <first presign filename:4>.