System Board 6156

MAXREFDES44#: Secure Authentication Design with 1-Wire ECDSA and Xilinx Zynq SoC



The MAXREFDES44# is a 1-Wire®-based authentication reference design, built to protect IP and authenticate peripherals to Xilinx Zynq FPGAs. Using the provided example code, the system executes an asymmetric challenge-response sequence with the DS28E35 to ensure the authenticity of a module, peripheral, or subsystem. The DS28E35 communicates on Maxim Integrated’s 1-Wire bus. The MAXREFDES44# is equipped with a Pmod connector for immediate testing using an Avnet MicroZed board. The simplicity of this design enables rapid adoption into any peripheral requiring the heightened security provided by the asymmetric ECDSA algorithm.

Refer to the Details tab for more information. Design files including schematic, PCB files, and bill of materials (BOM) can be downloaded from the Design Resources tab. Firmware is available upon request, following the execution of a nondisclosure agreement.

Note: Programming the MAXREFDES44# requires a separate purchase of the DS28E35EVKIT#.

Features

  • ECDSA authentication
  • 1-Wire interface
  • Example source code
  • Pmod-compatible form factor

Competitive Advantages

  • Crypto-strong authentication
  • Fast performance with hardware acceleration
  • No VCC pin required for peripheral authentication

Applications

  • Authentication of network-attached devices (IoT)
  • Counterfeit protection
  • Peripheral authentication
  • IP protection
  • License and feature management
MAXREFDES44# System Board Enlarge+


MAXREFDES44# Reference Design Block Diagram Enlarge+

Introduction

Smart factories and applications for industrial and medical employ the flexibility and high performance of modern SoCs. As these systems become increasingly connected, security emerges as a paramount feature to protect IP, track product lifetime, and prevent counterfeiting. The MAXREFDES44# is a 1-Wire based asymmetric authentication reference design, built to authenticate peripherals to Xilinx SoCs. The public keys are stored on the Xilinx SoC, relieving the need for a secure secret memory location, while the private key is stored on the DS28E35 using DeepCover® technology. Using the provided example code, the SoC executes a challenge response sequence with the DS28E35 to ensure the authenticity of a module, peripheral, or subsystem. The DS28E35 communicates on a 1-Wire bus, providing a standard communication interface. The MAXREFDES44# hardware, shown in Figure 1, is equipped with a Pmod-compatible connector for immediate testing using an Avnet MicroZed evaluation kit. The simplicity of this design enables rapid adoption into any peripheral requiring the heightened security provided by the asymmetric ECDSA algorithm.


MAXREFDES44# System Board Enlarge+

MAXREFDES44 DS28E35 peripheral module (top and bottom). Figure 1. MAXREFDES44 DS28E35 peripheral module (top and bottom).

Detailed Description of Hardware

The system shown in Figure 2 shows the high-level implementation of the design. The system requires:

  • Cheyenne ‘C’ code running on the ARM® Cortex® A9 processor in the Processing System (PS)
  • Cryptographically Secure Pseudo Random Number Generator (CSPRNG) running in the Programmable Logic (PL)
  • PC connected to a RS-232 port (USB UART)
  • MAXREFDES44# with the DS28E35 and a 680Ω pullup resistor

System design block diagram.Figure 2. System design block diagram.

Hardware
The hardware setup for this reference design is:

  • PC with 1GB RAM
    • www.xilinx.com/design-tools/vivado/memory.htm
  • Avnet MicroZed (available by Avnet for purchase separately)
  • Maxim DS28E35 peripheral module (MAXREFDES44# available for purchase)
    • Available for immediate download on the Design Resources tab is the schematic, BOM, and PCB Gerber
  • USB-A to USB-micro B cable
  • Xilinx platform cable USB
  • DS28E35EVKIT# (2nd generation with DS2475 available for purchase separately) used for programming only

Software
The software requirements for this reference design are:

Detailed Description of Firmware

The archived Vivado project, “MAXREFDES44.xpr.zip”, contains all the details of the PS and PL. The archive has a basic Zynq configuration that contains Avnet’s MicroZed Board Definition for 2014.2 and additional modifications to add a CSPRNG needed for security. Avnet’s MicroZed Board Definition for 2014.2 can be found on their MicroZed website under documentation. Figure 3 shows the block diagram for the design found under the “\MAXREFDES44.xpr\MZ_Zynq_HW” path and called “MZ_Zynq_HW.xpr”.

Block diagram of Zynq.Figure 3. Block diagram of Zynq.

The PS and PL configuration block diagram is shown in Figure 4.

PS-PL configuration block diagram.Figure 4. PS-PL configuration block diagram.

The essential MIO configurations used in this reference design are the UART and GPIO interfaces shown in Figure 5. UART 1 is used to communicate to a terminal program for external print statements to be outputted on MIO48(tx) and MIO49(rx). GPIO has connections to MIO15 (1-Wire) and the EMIO GPIO with a width of one used for an internal connection to the CSPRNG (rng_top_0). All the other MIO configurations are the default settings from the Avnet’s MicroZed Board Definition, which are not used for this reference design.

Block diagram of the Zynq MIO configuration.Figure 5. Block diagram of the Zynq MIO configuration.

The clock configuration is set to use Avnet’s MicroZed board definition defaults with the exception being that the FCLK_CLK0 signal is enabled and used to source the CSPRNG as shown in Figure 6.

Block diagram of the Zynq clock configuration.Figure 6. Block diagram of the Zynq clock configuration.

The CSPRNG is an exclusive-or of the outputs of two ring oscillators with two different periods and is sampled by the FCLK_CLK0 signal to make random numbers. Because of the two ring oscillators, this creates a combinatorial loop in the PL which usually creates an error when building the design. To overcome the error and make it a warning, the tcl file “project_setup.tcl” is to be run in the tcl console before running the full build. The file can be found under the “/MAXREFDES44/MZ_Zynq_HW” path.

Quick Start

Required Equipment:

  • Windows® PC with two USB ports
  • MAXREFDES44# board
  • MAXREFDES44# supported platform (i.e., the MicroZed kit)
  • Programming cable (i.e., the platform cable USB II or equivalent)
  • DS28E35EVKIT# (2nd generation with DS2475)

Download, read, and carefully follow each step in the appropriate MAXREFDES44# Quick Start Guide.


1-Wire and DeepCover are registered trademarks of Maxim Integrated Products, Inc.
ARM is a registered trademark and registered service mark of ARM Limited.
Cortex is a registered trademark of ARM Limited.
Eclipse is a trademark of Eclipse Foundation, Inc.
HyperTerminal is a registered trademark of Hilgraeve, Incorporated.
MicroZed is a trademark of Avnet, Inc.
Pmod is a trademark of Digilent Inc.
Vivado and Zynq are registered trademarks of Xilinx, Inc.
Windows is a registered trademark and registered service mark of Microsoft Corporation.
Xilinx is a registered trademark and registered service mark of Xilinx, Inc.

Quick Start

Required Equipment:

  • Windows® PC with two USB ports
  • MAXREFDES44# board
  • MAXREFDES44# supported platform (i.e., the MicroZed kit)
  • Programming cable (i.e., the platform cable USB II or equivalent)
  • DS28E35EVKIT# (2nd generation with DS2475)

Download, read, and carefully follow each step in the appropriate MAXREFDES44# Quick Start Guide.

Firmware Files
The associated firmware files for the MicroZed Platform (Zynq-7010) are available upon request. Please contact us.

Resources

DS28E35
DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

  • ECDSA Engine for Public-Key Signature Using a Defined SEC Domain Parameter Set
  • On-Chip Hardware Random Number Generator
  • Private and Public Key Can Be Computed by the Device or Loaded from Outside with Optional Automatic Locking