XAPP1222 (v1.3) September 23, 2016 1

www.xilinx.com

Summary

This application note describes how to implement security- or safety-critical designs using the

Xilinx® Isolation Design Flow (IDF) with the Xilinx Vivado® Design Suite. Design applications

include information assurance (single chip cryptography), avionics, automotive, and industrial.

This document explains how to:

• Implement isolated functions in a single Xilinx 7 series FPGA or Zynq®-7000

All Programmable SoC (AP SoC)

(1)

in commercial, defense, industrial, and automotive

grades using IDF.

For example, implementation might include red/black logic, redundant Type-I

encryption modules, or logic processing multiple levels of security. Or for safety

applications, implementation might include 1oo2, 1oo2D, and 2oo3 modules (1 out of

2, 2 out of 3, and so on).

• Verify the isolation using the Xilinx Vivado Isolation Verifier (VIV).

With this application note, designers can develop a fail-safe single chip solution using the Xilinx

IDF that meets fail-safe and physical security requirements for high-assurance applications. If

you wish to add additional security to your design, the Security Monitor IP, developed by Xilinx,

can be purchased. If you embed this IP, modifications to the steps in this document must be

made as described in Integration and Verification of Security Monitor 3.0 for 7 Series FPGAs and

Zynq-7000 All Programmable SoC (XAPP796). Refer to the Aerospace and Defense Security

Monitor IP Core Product Marketing Brief [Ref 1] or contact your local Xilinx representative for

more information. If the target application requires mask control, a defense-grade (XQ) device

might be needed.

This application note is similar to the application note Isolation Design Flow for Xilinx 7 Series

FPGAs or Zynq-7000 AP SoCs (ISE Tools) (XAPP1086) [Ref 2] with the primary difference being

this document is specific to using the Xilinx Vivado Design Suite, whereas XAPP1086 is specific

to using the Xilinx ISE® Design Suite for developing IDF designs for the 7 series FPGA devices

and Zynq-7000 AP SoC devices. The rules for IDF defined in this application note do not differ

from those defined in XAPP1086, but the methodology for implementation using Vivado tools

does.

All 7 series FPGA and Zynq-7000 AP SoC devices are supported for the IDF. This application

note is accessible from the Xilinx Isolation Design Flow website [Ref 3].

Application Note: 7 Series and Zynq-7000 AP SoC Devices

XAPP1222 (v1.3) September 23, 2016

Isolation Design Flow for Xilinx 7 Series

FPGAs or Zynq-7000 AP SoCs

(Vivado Tools)

Author: Ed Hallett

1. The FPGAs and SoC are called FPGA/SoC in the rest of the document.

Introduction

XAPP1222 (v1.3) September 23, 2016 2

www.xilinx.com

You can download the Reference Design Files for this application note from the Xilinx website.

For detailed information about the design files, see Reference Design Files.

Introduction

The flexibility of programmable logic affords security- and safety-critical industries many

advantages. However, before IDF, in applications such as information assurance, government

contractors and agencies could not realize the full capability of programmable logic due to

isolation, reliability, and security concerns, and were therefore forced to use multichip solutions.

To address these concerns, the Isolation Design Flow was developed to allow independent

functions to operate on a single chip. Examples of such single chip applications include, but are

not limited to, redundant Type-I cryptographic modules or resident safety- and non

safety-critical functions. The successful completion of the Xilinx Isolation Design Flow has

allowed Xilinx to provide new technology for the information assurance (IA) industry as well as

provide safety-critical functions in avionics, automotive, and industrial applications.

Isolation Design Flow

Developing a safe and secure single chip solution containing multiple isolated functions in a

single FPGA is made possible through Xilinx isolation technology. Special attributes such as

HD.ISOLATED and the features it enables are necessary to provide controls to achieve the

isolation needed to meet certifying agency requirements. To better understand the details of

the IDF, the designer should have a solid understanding of the hierarchical design flow. Many of

the terms and processes in the partition flow are utilized in the IDF. Areas that are different

supersede the partition design flow and are identified in this application note.

Common Terminology

Throughout this document the terms ownership, function, logic, region, and fence are used

extensively. These terms are defined as follows:

Ownership (physical/logical)—The concept of physical versus logical ownership is an

important concept to understand when using the IDF. This concept is covered in detail in the

section Trusted Routing Design Guidelines.

Function—A collection of logic that performs a specific operation (that is, an AES

encryptor).

Logic—Circuits used to implement a specific function (that is, flip-flop, look up table, RAM,

and so on).

Isolated Region/Pblock—A physical area to implement logic.

Fence—A set of unused tiles in which no routing or logic is present.