Encryption Key Storage
The Zynq UltraScale+ supports design security using AES decryption logic and provides two methods for encryption key memory storage. The first is a volatile memory storage supported by an external battery backup supply voltage (VCC_PSBATT). The second is a one-time programmable eFUSE register. The ECM1900 design supports both types of key storage with user-modification required for PSBATT support.
For quantity purchases of 50 or more units, please contact Opal Kelly ([email protected]) to discuss factory installation of these components.
Volatile Encryption Key Storage (Vbatt)
A small lithium rechargeable battery and several support components can be installed to provide PSBATT to the FPGA when the ECM1900 is unpowered. This will preserve the contents of the FPGA’s volatile key storage so long as PSBATT remains over the threshold specified in the Zynq UltraScale+ documentation. Please see the Xilinx UltraScale Architecture Configuration User Guide (UG570) for more details.
The applicable schematic section and components required to support this functionality are shown below.
| REFDES | MANUFACTURER | MANUFACTURER P/N | COMMENT |
|---|---|---|---|
| BT1 | Seiko Instruments | MS412FE-FL26E | 3V, 1mAh lithium battery |
| C243 | Generic | 1 μF, 10%, 10V, 0402 | |
| C245 | Generic | 2.2 μF, 10%, 6.3V, 0402 | |
| D12 | Micro Commercial | BAS40-04-TP | Schottky Diode, SOT23 |
| R123 | Generic | 2.0 kΩ, 1%, 0402 | |
| R126 | Generic | 0 Ω, 0402 | Connects VBATT to DGND(Required only if battery/LDO circuit is not used) |
| U23 | Texas Instruments | LDO, 150 mA, 1.8V output, SOT23-5 | Optional NoLoad feedback components allow substitution of P/N TPS79901 (adjustable feedback) |
Non-Volatile Encryption Key Storage (eFUSE)
Non-volatile storage of the encryption key is also possible by programming the Zynq UltraScale+ eFUSE register via JTAG. Please see the Xilinx UltraScale Architecture Configuration User Guide (UG570) for more details.