《Xilinx ZYNQ7000系列安全配置策略.docx》由会员分享,可在线阅读,更多相关《Xilinx ZYNQ7000系列安全配置策略.docx(11页珍藏版)》请在三一办公上搜索。
1、Xilinx ZYNQ7000系列安全配置策略ZYNQ7000与传统FPGA有着巨大的差异,它将自己定位为一款All Programmable Soc (软硬件 可编程片上系统),视其为以FPGA作为外设的双核ARM A9处理器更加准切。它的启动过程体现 了以处理器为核心这一特点,以往植入处理器硬核的FPGA的启动过程是先启动逻辑部分,再启 动处理器,ZYNQ7000相反,先启动处理器再启动逻辑部分。一、ZYNQ7000 配置过程ZYNQ7000的配置按先后顺序分为3个阶段:stage。、stage1、stage2 (可选)。表1:配置步骤阶段操作stage0(图1为BOOTROM 的配置 f
2、low)在主CPU中运行BootRom中厂家定义的codes (不可修改):1、根据表2中pin设置使能外部NVM驱动设备;_2、 读取NVM的boot Image header,确定NVM位宽、是否采用 安全配置模式及key存储位置(efuse/bbram)等,表3为header 映射表;3、根据2读取信息确定是否采用安全配置模式,安全配置模式下则启动PL侧的AES/HMAC安全组件;4、根据2读取信息确定是否对读入code做RSA用户认证;5、继续读入flash中的数据:header和FSBL;6、根据3/4的配置对读入数据做相关安全校验,通过后存入OCM,非安全模式下直接导入OCM;7、
3、CPU执行导入OCM内的FSBL,转入下一 stage;PS:安全模式下无法读取内部ROM内容,连接jtag的DAP被禁止;stagel(图 2 为 First Stage BootLoader flow,图 3 为 安全模 式 下 Boot image format)此时FSBL存储在OCM:1、根据读入的header块数据(图3)初始化MIO/CLK/DDR等PS系统设备;2、根据分区信息继续读取flash中的数据:配置PL (如果有 bitstream);导入应用程序到DDR;3、移交给stage2,执行DDR中的命令;stage2导入操作系统(可选): 略。表2: boot模式引脚映射
4、VMODE1VMODE0BOOT MODE4BOOT MODE0BOOT.MODE2BOOT MODE(11BOOT_MODE 51MIO8MIO7MIO6MIO5MIO4MIO3MIO2Cascaded JTAG0Independent JTAG1Boot DevicesJTAG0000NOR001NAND010Reserved011Quad-SPI100Reserved101SD Card110Reserved111PLL ModeVMODE1VMODE0BOOT_MODE RBOOT.MODE0BOOT.MODE R1BOOT_MODEiBOOT_MODE3MIO8MIO7MIOMIO5
5、MIO4MIO3MIO2PLL Used0PLL Bypassed1MIO Bank 0 Voltage2.5 V, 3.3 V01.8 V1MIO Bank 1 Voltage2.5 V, 3.3 V01.8 V1表3Table 6-3: BootROM Header FormatFieldsHeader Byte Address OffsetReserved for Interrupts0x000 - OxOlFWidth Detection0x020Image Identification0x024Encryption Status0x028User Defined0x02CSource
6、 Offset0x030Length of Image0x034Reserved0x038Stiart of Execution0x03CTotal Image Length0x040Reserved0x044Header Checksum0x048UnusedOx04C - Ox09CRegister InitializationOxOAO - Ox09CUnused0x8A0-0x8BFFSBL ImageOx8COPUBYPASS?Non Secure Sei叩PLL Initial 调 Ion HSWRSTinline OuiNon Secure SetupImage Encrypte
7、d?r TlmeOLtXlP_Bool?XIP_Boot?Do ine rsa AuinerticQUon.iSAEnaUfR8S8l-M,AC?Exit from this state is POR ONLY,CPUO & CPU1、 are in WFE state.JTAG acess is enabled. SystHn Is Uncter 函的Exit to U ser Code in QSPl/ k NOR FlashhnaltzelTB Ixct 询皿 pending cnti BootExit to User Code in OCM RAMExit to User Code i
8、n OCM RAMFSBL SnatueVSrricallai.RSAfSPK, FSBL SlgnaHrei Pa由询 II SHA256(FsaLC4iricai)& mag ?SvBletn In Seen?SPK SlgnaLreVedlfcaUcn SAiPPK, SPK Slgrelurei Pa:吨 II SHA25fSPKiBwiSirap J1AG?BISTCIaar.由M Oul-OT-Reestand starts execut 也 ccdelrom ROM.PPKWnicaUcn eFuse PPK Hash SHA26&:PPK) ?CPUO & CPU1 are I
9、n WFE state.JTAG acess .is enabled.Figure 6-1: BootROM Configuration FlowUG585_C6_01_051513OU7-OPSOFTW/*fi-RESET-STAT (Rwe* by WDT. SW, JTAG etc)1. AI DAPDetModee are dlsabM ISPIDEN, SPNIDEN.DBGEN. NIDENi2. ROM DodeAjQcesslB DisabledNole: QAPCcrtrdferls Dlsabd in a Sdt re sei.OUT-OF-POWER-ON-AESET-S
10、TATE1. AI DAP Deco; Mcd&S are Dtsatd (SPIDEN. SPNIDBJ. D6GEN. NID6I)2. ROM Code Access Is DsabE3. Beet Mo免 Pina are Lalcted in PCTer-on-Fteeel Ont/.Default Merniiy Map 郊 ROM Code ExitWan PLL LockError Lock Down1GBRSAAulhenUcallonSedp System State as Nor-Secure.Dlsab ROM CwfeAooBSSEhabfe1 DAP and TAP
11、 ftx JTAG access.192K CKMPeflpheralempty84K OCMPS Decfypdcn CRJiEinTpai pss kroae mnouji pcaf mgracc vnaga u wten Mck ocu ram.Non Secure Sed叩NonSeaieSelupBranch toUteerCodeBrarJn to Eilernal Flash (QSPl or NORROM Cote access 岭 dsatd. DAP JTAG access Is dIsabel Branch 1o User Code.Ima第 Is RSA .Mtentb
12、atad now and can fce used for lulhec stepe h We Boot Row.PSEoat Ceria Loadl Lud PS ca rruga inm as tt |T Cable Setup and set the TCK Speed/Baud Rate option in the Cable Communication Setup dialog box. The target FPGA isnot currently programmed. No bitstream information has been downloaded into the F
13、PGA.The VCCAUX and VFS (Virtex-6 and Spartan-6 only) voltages supplied to the FPGA are set to the required reading and writing are described in the following user guides.registers, the VCCAUX voltage supplied to the FPGA must be set to the recommended registers, the VFS voltage suppliedlevels. Volta
14、ges necessary for For readingleFUSElleFUSEloperating condition. For programming Virtex-6 and Spartan-6 to the FPGA must also be set to its recommended operating condition. See the following data sheets for the recommended operating conditions of each power supply.leFUSEl(3)、JTAG DebugJTAG的存在方便了调试,但却
15、留下了安全隐患,下面是如何禁止JTAG port的三种方法。In Zynq-7000 AP SoC, the JTAG port is used to load software and the bitstream, load the AES key, control information, and for debug. If not disabled, JTAG ports can be used by an adversary to insert malware, and read configuration memory and registers. The JTAG ports mu
16、st be disabled whenever it is not used in a legitimate debug operation.The device can be debugged using a DAP controller and/or a JTAG controller. The DAP JTAG chain and PL JTAG chain can be concatenated or used independently. When used independently, the full SoC/FPGA does not need to be exposed to
17、 an adversary. For example, if debug only requires access to the PL, the user can select that only PL JTAG chain is used. This prevents access to the PS.Zynq provides hierarchical control of the JTAG port. This allows different methods to control access to the debug ports based on security requireme
18、nts. Security requirements may change over the life cycle the embedded device. There are three methods to disable the JTAG debug ports. Prior to fielding an embedded device with Zynq, a one-time programmable eFUSE bit can permanently disable access to the debug ports. Programming this eFUSE bit is i
19、rreversible, and debug ports remain disabled after powering down and recycling power.The second method, which can be used only if the debug port disable eFUSE is not blown,disables/enables debug access port using the JTAG_CHAIN_DISABLE,DAP_EN,SPINDEN, SPIDEN, NIDEN, DBGEN bits in the Control registe
20、r at 0xF 8 007000 (see Table指).The debug access control is provided independently for the two JTAG chains or the concatenated chain.In the third method, a lock register provides semi-permanent disabling of access to the debug ports. In this method, the debug port access disable remains in effect unt
21、il a power cycle.In a secure boot, the JTAG port is disabled early by the BootROM code. Users who will not use the debug port after product release can disable the JTAG port permanently by writing the eFUSE Disable JTAG register. The disable is done using iMPACT or the Secure Key Driver.Any attempte
22、d read or write access to the BBRAM via JTAG causes the BBRAM contents to be cleared and the entire configuration of the FPGA to be erased prior to access being enabled (i.e., being able to enter “key access) mode”(4)、加密策略最高级别的加密时RSA校验与AES加密合并使用,目前我们仅选择AES加密方式。AES加密的关键是key的保护,ZYNQ提供2种保密方式,BBRAM和eFUS
23、E,BBRAM保密更安全, 但维护稍显复杂,efuse熔丝保存方式可能会被物理破解,但这也需要相当的技术背景及专门设 备才可以。因此,考虑各方面因素,选择EFUSE方式保存AES的key文件。同时,因为JTAG 口存在一定的安全隐患,可能被精通器件和相关背景知识的人员调用,进而读 取KEY文件,因此在产品定型后永久性关闭J TAG 口。另一方面需要注意的是,由于ZYNQ产品即使烧写了 KEY文件,但如果image启动文件为非加 密方式,器件仍然能启动,对于了解这一特性的专业人员,他们可以加载一份非加密文件启动 设备,然后在自己的代码里打开key的读取接口,窃取key文件后,再将加密文件破解。因此 为防止此类窃取事件,我们设定只能从efuse加密方式启动(另一种方式是用RSA验证启动文 件)。总结我们的加密策略,EFUSE保存,JTAG关闭,仅从efuse加密启动。
