# System Board 6156 # MAXREFDES44#: SECURE AUTHENTICATION DESIGN WITH 1-WIRE ECDSA AND XILINX ZYNQ SOC #### **Details** ## Introduction Smart factories and applications for industrial and medical employ the flexibility and high performance of modern SoCs. As these systems become increasingly connected, security emerges as a paramount feature to protect IP, track product lifetime, and prevent counterfeiting. The MAXREFDES44# is a 1-Wire based asymmetric authentication reference design, built to authenticate peripherals to Xilinx SoCs. The public keys are stored on the Xilinx SoC, relieving the need for a secure secret memory location, while the private key is stored on the DS28E35 using DeepCover® technology. Using the provided example code, the SoC executes a challenge response sequence with the DS28E35 to ensure the authenticity of a module, peripheral, or subsystem. The DS28E35 communicates on a 1-Wire bus, providing a standard communication interface. The MAXREFDES44# hardware, shown in Figure 1, is equipped with a Pmod-compatible connector for immediate testing using an Avnet MicroZed evaluation kit. The simplicity of this design enables rapid adoption into any peripheral requiring the heightened security provided by the asymmetric ECDSA algorithm. MAXREFDES44# System Board ## Enlarge+ Figure 1. MAXREFDES44 DS28E35 peripheral module (top and bottom). # **Detailed Description of Hardware** The system shown in **Figure 2** shows the high-level implementation of the design. The system requires: - Cheyenne 'C' code running on the ARM® Cortex® A9 processor in the Processing System (PS) - Cryptographically Secure Pseudo Random Number Generator (CSPRNG) running in the Programmable Logic (PL) - PC connected to a RS-232 port (USB UART) - MAXREFDES44# with the DS28E35 and a $680\Omega$ pullup resistor Figure 2. System design block diagram. ### **Hardware** The hardware setup for this reference design is: - PC with 1GB RAM - www.xilinx.com/design-tools/vivado/memory.htm - Avnet MicroZed (available by Avnet for purchase separately) - http://microzed.org/ - Maxim DS28E35 peripheral module (MAXREFDES44# available for purchase) - Available for immediate download on the Design Resources tab is the schematic, BOM, and PCB Gerber - USB-A to USB-micro B cable - Xilinx platform cable USB - DS28E35EVKIT# (2nd generation with DS2475 available for purchase separately) used for programming only ### **Software** The software requirements for this reference design are: - Windows 7 OS or newer - A terminal program such as Tera Term or HyperTerminal<sup>®</sup> - Vivado<sup>®</sup> Design Tools (Vivado 2014.2) - www.xilinx.com/support/download/index.htm - Embedded Design Tools (Xilinx SDK 2014.2) - www.xilinx.com/support/download/index.htm - Firmware Files - Available by request on the MAXREFDES44# webpage landing under Design Resources tab with a nondisclosure agreement (NDA): MAXREFDES44\_NDA\_FW.zip # **Detailed Description of Firmware** The archived Vivado project, "MAXREFDES44.xpr.zip", contains all the details of the PS and PL. The archive has a basic Zynq configuration that contains Avnet's MicroZed Board Definition for 2014.2 and additional modifications to add a CSPRNG needed for security. Avnet's MicroZed Board Definition for 2014.2 can be found on their MicroZed website under documentation. **Figure 3** shows the block diagram for the design found under the "\MAXREFDES44.xpr\MZ\_Zynq\_HW" path and called "MZ\_Zynq\_HW.xpr". Figure 3. Block diagram of Zynq. The PS and PL configuration block diagram is shown in **Figure 4**. Figure 4. PS-PL configuration block diagram. The essential MIO configurations used in this reference design are the UART and GPIO interfaces shown in **Figure 5**. UART 1 is used to communicate to a terminal program for external print statements to be outputted on MIO48(tx) and MIO49(rx). GPIO has connections to MIO15 (1-Wire) and the EMIO GPIO with a width of one used for an internal connection to the CSPRNG (rng\_top\_0). All the other MIO configurations are the default settings from the Avnet's MicroZed Board Definition, which are not used for this reference design. Figure 5. Block diagram of the Zyng MIO configuration. The clock configuration is set to use Avnet's MicroZed board definition defaults with the exception being that the FCLK\_CLKO signal is enabled and used to source the CSPRNG as shown in **Figure 6**. Figure 6. Block diagram of the Zyng clock configuration. The CSPRNG is an exclusive-or of the outputs of two ring oscillators with two different periods and is sampled by the FCLK\_CLKO signal to make random numbers. Because of the two ring oscillators, this creates a combinatorial loop in the PL which usually creates an error when building the design. To overcome the error and make it a warning, the tcl file "project\_setup.tcl" is to be run in the tcl console before running the full build. The file can be found under the "/MAXREFDES44/MZ\_Zynq\_HW" path. ## **Quick Start** Required Equipment: - Windows® PC with two USB ports - MAXREFDES44# board - MAXREFDES44# supported platform (i.e., the MicroZed kit) - Programming cable (i.e., the platform cable USB II or equivalent) - DS28E35EVKIT# (2nd generation with DS2475) Download, read, and carefully follow each step in the appropriate MAXREFDES44# Quick Start Guide. 1-Wire and DeepCover are registered trademarks of Maxim Integrated Products, Inc. ARM is a registered trademark and registered service mark of ARM Limited. Cortex is a registered trademark of ARM Limited. Eclipse is a trademark of Eclipse Foundation, Inc. HyperTerminal is a registered trademark of Hilgraeve, Incorporated. MicroZed is a trademark of Avnet, Inc. Pmod is a trademark of Digilent Inc. Vivado and Zynq are registered trademarks of Xilinx, Inc. Windows is a registered trademark and registered service mark of Microsoft Corporation. Xilinx is a registered trademark and registered service mark of Xilinx, Inc.