Building a secure FPGA-based SoC
As already introduced, the Zynq-7000 SoC FPGA adopts the ARM TrustZone framework and provides a secure boot mechanism with a root of trust using the BootROM. It can store its public encryption and authentication keys in the eFuse provided by the FPGA, as well as use the AES and HMAC hardware engines available within the PL to be used by the PS as hard macros before the FPGA logic is even configured. The PS can securely communicate with these hard macros through the PCAP interface to accelerate the boot time process. Through the PCAP interface, the PS can decrypt, authenticate, and load the FSBL and the FPGA bitstream. These protected images are stored externally. Then, they are loaded, decrypted, and authenticated by the PS through the PCAP and then stored within the PS OCM memory to be used by the FSBL to configure the FPGA logic and continue loading the necessary firmware images needed by the SoC software. The Xilinx AXI IP peripherals also adopt...
