xapp1222-idf-for-7s-or-zynq-vivado_中英文对照版

14 浏览量 2025-09-08 18:43:03 上传评论收藏 15.89MB PDF 举报

资源推荐

资源详情

资源评论

XAPP1222 (v1.4) December 17, 2020 1

www.xilinx.com

Summary

This application note describes how to implement security- or safety-critical designs using the

Xilinx® Isolation Design Flow (IDF) with the Xilinx Vivado® Design Suite. Design applications

include information assurance (single chip cryptography), avionics, automotive, and industrial.

This document explains how to:

• Implement isolated functions in a single Xilinx 7 series FPGA or Zynq®-7000 SoCs

(1)

commercial, defense, industrial, and automotive grades using IDF.

For example, implementation might include red/black logic, redundant Type-I

encryption modules, or logic processing multiple levels of security. Or for safety

applications, implementation might include 1oo2, 1oo2D, and 2oo3 modules.

• Verify the isolation using the Xilinx Vivado Isolation Verifier (VIV).

With this application note, designers can develop a fail-safe single chip solution using the Xilinx

IDF that meets fail-safe and physical security requirements for high-assurance applications. If

you wish to add additional security to your design, the Security Monitor IP, developed by Xilinx,

can be purchased. If you embed this IP, modifications to the steps in this document must be

made as described in Integration and Verification of Security Monitor 3.0 for 7 Series FPGAs and

Zynq-7000 All Programmable SoC (XAPP796). Refer to the Aerospace and Defense Security

Monitor IP Core Product Marketing Brief

[Ref 1] or contact your local Xilinx representative for

more information. If the target application requires mask control, a defense-grade (XQ) device

might be needed.

This application note is similar to the application note Isolation Design Flow for Xilinx 7 Series

FPGAs or Zynq-7000 AP SoCs (ISE Tools) (XAPP1086)

[Ref 2] with the primary difference being

this document is specific to using the Xilinx Vivado Design Suite, whereas XAPP1086 is specific

to using the Xilinx ISE® Design Suite for developing IDF designs for the 7 series FPGA devices

and Zynq-7000 SoC devices. The rules for IDF defined in this application note do not differ from

those defined in XAPP1086, but the methodology for implementation using Vivado tools does.

Application Note: 7 Series and Zynq-7000 SoC Devices

XAPP1222 (v1.4) December 17, 2020

Isolation Design Flow for Xilinx 7 Series

FPGAs or Zynq-7000 SoCs

(Vivado Tools)

Author: Satya Pitaka

1. The FPGAs and SoC are called FPGA/SoC in the rest of the document.

XAPP1222 (v1.4) December 17, 2020 1

www.xilinx.com

Summary

•

XAPP1222 (v1.4) December 17, 2020

本应用笔记介绍如何使用Xilinx®隔离设计流程(IDF)和XilinxVivado®设计套件实现安全关键型设计

。设计应用包括信息保障（单芯片加密）、航空电子、汽车和工业应用。本文档介绍如何：

使用IDF在商业、国防、工业和汽车级的单个Xilinx7系列FPGA或Zynq®-7000SoC(1)中实

现隔离功能。

例如，具体实现可能包含红/黑逻辑、冗余I型加密模块或处理多级安全的逻辑。对于

安全应用，具体实现可能包含1oo2、1oo2D和2oo3模块。

使用XilinxVivado隔离验证器(VIV)验证隔离。

借助本应用笔记，设计人员可以使用XilinxIDF开发故障安全单芯片解决方案，以满足高可靠性应用

的故障安全和物理安全要求。如果您希望为设计添加额外的安全性，可以购买Xilinx开发的安全监控

IP。如果您嵌入此IP，则必须按照“7系列FPGA和Zynq-7000AllProgrammableSoC的安全监控3.0

集成与验证(XAPP796)”中的说明修改本文档中的步骤。请参阅航空航天和国防安全

监控IP核产品营销简介[参考文献1]或联系您当地的赛灵思代表了解更多信息。如果目标应用需要掩

模控制，则可能需要使用国防级(XQ)器件。

本应用笔记与应用笔记《Xilinx7系列FPGA或Zynq-7000APSoC隔离设计流程（ISE工具）(XAPP1

086)》[参考文献2]类似，主要区别在于本文档专门针对使用XilinxVivado设计套件的情况，而XAP

P1086则专门针对使用XilinxISE®设计套件为7系列FPGA器件和Zynq-7000SoC器件开发IDF设

计的情况。本应用笔记中定义的IDF规则与XAPP1086中定义的规则相同，但使用Vivado工具实现

的方法有所不同。

应用说明：7系列和Zynq-7000SoC设备

Xilinx7系列隔离设计流程

FPGA或Zynq-7000SoC（Vi

vado工具）作者：SatyaPita

1.在本文的其余部分，FPGA和SoC被称为FPGA/SoC。

Introduction
XAPP1222 (v1.4) December 17, 2020  2
www.xilinx.com
Note: Not all 7 series FPGA devices are supported by IDF. For the supported devices list, see Table 1. 
This application note is accessible from the Xilinx Isolation Design Flow website [Ref 3]. You can 
download the 
Reference Design Files for this application note from the Xilinx website. For 
detailed information about the design files, see 
Reference Design Files.
Introduction
The flexibility of programmable logic affords security- and safety-critical industries many 
advantages. However, before IDF, in applications such as information assurance, government 
contractors and agencies could not realize the full capability of programmable logic due to 
isolation, reliability, and security concerns, and were therefore forced to use multichip solutions. 
To address these concerns, the isolation design flow (IDF) was developed to allow independent 
functions to operate on a single chip. Examples of such single chip applications include, but are 
not limited to, redundant Type-I cryptographic modules or resident safety- and non 
safety-critical functions. The successful completion of the Xilinx Isolation Design Flow has 
allowed Xilinx to provide new technology for the information assurance (IA) industry as well as 
provide safety-critical functions in avionics, automotive, and industrial applications.
Isolation Design Flow
Developing a safe and secure single chip solution containing multiple isolated functions in a 
single FPGA is made possible through Xilinx isolation technology. Special attributes such as 
HD.ISOLATED and the features it enables are necessary to provide controls to achieve the 
isolation needed to meet certifying agency requirements. To better understand the details of 
the IDF, the designer should have a solid understanding of the hierarchical design flow. Many of 
the terms and processes in the partition flow are utilized in the IDF. Areas that are different 
supersede the partition design flow and are identified in this application note.
Common Terminology
Throughout this document the terms ownership, function, logic, region, and fence are used 
extensively. These terms are defined as follows:
Table  1:  IDF Supported Devices
Xilinx Device IDF Support Status
Zynq®-7000 SoC family Supported
Spartan®-7 FPGA Only XC7S50 device is supported
Artix®-7 FPGAs All devices are supported except XC7A12T and 
XC7A25T
Kintex®-7 FPGAs Supported
Virtex®-7 FPGAs Supported
Send Feedback
Introduction
XAPP1222 (v1.4) December 17, 2020  2
www.xilinx.com
Introduction
Table  1:
Xilinx Device
Supported
Spartan®-7 FPGA
Artix®-7 FPGAs
XC7A25T
Kintex®-7 FPGAs Supported
Virtex®-7 FPGAs Supported
注意：IDF并非支持所有7系列FPGA器件。支持器件列表请参见表1。
本应用笔记可从赛灵思隔离设计流程网站[参考3]获取。您可以从赛灵思网站下载本应用笔记的参考
设计文件。有关设计文件的详细信息，请参阅参考设计文件。
可编程逻辑的灵活性为安全关键型行业带来了诸多优势。然而，在IDF之前，在信息保障等应用中，
政府承包商和机构由于隔离、可靠性和安全性方面的考虑，无法充分发挥可编程逻辑的全部功能，因
此被迫使用多芯片解决方案。为了解决这些问题，开发了隔离设计流程(IDF)，允许独立功能在单芯片
上运行。此类单芯片应用的示例包括但不限于冗余I型加密模块或驻留安全关键型和非安全关键型功能
。赛灵思隔离设计流程的成功完成，使赛灵思能够为信息保障(IA)行业提供新技术，并在航空电子、
汽车和工业应用中提供安全关键型功能。
隔离设计流程
Xilinx隔离技术使得开发一个安全可靠的单芯片解决方案成为可能，该解决方案在单个FPGA中包含
多个隔离功能。诸如HD.ISOLATED之类的特殊属性及其支持的功能对于提供控制以实现符合认证机
构要求的隔离至关重要。为了更好地理解IDF的细节，设计人员应该对分层设计流程有深入的了解。
分区流程中的许多术语和流程在IDF中都有使用。与分区设计流程不同的领域将取代分区设计流程，
并在本应用笔记中进行了说明。
常用术语
本文档中广泛使用了“所有权”、“功能”、“逻辑”、“区域”和“围栏”等术语。这些术语的定义如下：
IDF支持的设备
IDF支持状态
Zynq®-7000SoC系列
仅支持XC7S50设备
除XC7A12T和
发送反馈

Isolation Design Flow
XAPP1222 (v1.4) December 17, 2020  3
www.xilinx.com
Ownership (physical/logical)—The concept of physical versus logical ownership is an 
important concept to understand when using the IDF. This concept is covered in detail in the 
section 
Trusted Routing Design Guidelines.
Function—A collection of logic that performs a specific operation (example: an AES 
encryptor).
Logic—Circuits used to implement a specific function (examples are: flip-flop, look up table, 
RAM, to name a few).
Isolated Region/Pblock—A physical area to implement logic.
Fence—A set of unused tiles in which no routing or logic is present.
Trusted Routing—Trusted routing is automatically enabled after the HD.ISOLATED attribute 
is set to “true” on at least one isolated module. These routes are a subset of existing routing 
resources that meet the following restrictions:
- No entry or exit point in the fence between isolated regions
- One source and one destination region
- Its entirety stays contained in the source/destina
tion regions
- It does not come within one fence tile from another unintended isolation region
These rules act as a filter to all available routes in a given design. An example of routes that 
will be filtered is shown in 
Figure 1. Example routes excluded for programmable 
interconnect points (PIPs) outside the intended isolation regions or proximity to unintended 
isolation regions are shown.
Note:
Routes depicted are for demonstration purposes only.
Send Feedback
XAPP1222 (v1.4) December 17, 2020  3
www.xilinx.com
-
-
-
-
隔离设计流程
所有权（物理/逻辑）——使用IDF时，理解物理所有权与逻辑所有权的概念非常重要。“可信路由
设计指南”部分详细介绍了此概念。
函数——执行特定操作的逻辑集合（例如：AES加密器）。
逻辑——用于实现特定功能的电路（例如：触发器、查找表、
RAM，仅举几例）。
隔离区域/Pblock——实现逻辑的物理区域。
栅栏——一组未使用的瓷砖，其中不存在任何路线或逻辑。
可信路由-在至少一个隔离模块上将HD.ISOLATED属性设置为“true”后，可信路由将自动启用。
这些路由是现有路由资源的子集，且满足以下限制：
隔离区域之间的围栏没有出入口
一个源区域和一个目标区域
其全部内容保留在源/目标区域中
它不位于另一个非预期隔离区域的一个栅栏砖块内
这些规则充当给定设计中所有可用路由的过滤器。图1显示了将被过滤的路由示例。图中显示了
针对位于预期隔离区域之外或靠近非预期隔离区域的可编程互连点(PIP)排除的路由示例。
注意：所示路线仅用于演示目的。
发送反馈

Isolation Design Flow

XAPP1222 (v1.4) December 17, 2020 4

www.xilinx.com

Rules

A secure or safety-critical solution can be achieved while using FPGA design techniques and

coding styles with only moderate modifications to the development flow. IDF development

requires the designer to consider floorplanning much earlier in the design process to ensure

that proper isolation is achieved in logic, routing, and I/O buffers (IOBs). In addition to early

floorplanning, the development flow is based on hierarchy, that is, each function you wish to

isolate must be at its own level of hierarchy. Although this flow requires additional steps, the

hierarchical approach has certain advantages.

There are a few unique design details that must be adhered to in order to achieve an

FPGA-based IDF solution. Carefully consider all aspects of the design details explained in

subsequent sections of this application note. These considerations include:

• Each function to be isolated must be in its own level of hierarchy.

X-Ref Target - Figure 1

Figure 1: Available Routes after Applying Trusted Routing Rules

,VRODWHG0RGXOH

7UXVWHG

5RXWH

7UXVWHG

5RXWH

([FOXGHG

3URJUDPPDEOH,QWHUFRQQHFW3RLQW3,3

$VZLWFKRUHQWU\H[LWSRLQW

7UXVWHG

5RXWH

7UXVWHG

5RXWH

7UXVWHG

5RXWH

7UXVWHG

5RXWH

([FOXGHG

;

Send Feedback

XAPP1222 (v1.4) December 17, 2020 4

www.xilinx.com

Rules

•

Figure 1:

,VRODWHG0RGXOH

7UXVWHG

5RXWH

7UXVWHG

5RXWH

([FOXGHG

3URJUDPPDEOH,QWHUFRQQHFW3RLQW3,3

$VZLWFKRUHQWU\H[LWSRLQW

7UXVWHG

5RXWH

7UXVWHG

5RXWH

7UXVWHG

5RXWH

7UXVWHG

5RXWH

([FOXGHG

;

隔离设计流程

只需对开发流程进行少量修改，即可使用FPGA设计技术和编码风格实现安全或安全关键型解决方

案。IDF开发要求设计人员在设计过程的早期阶段就考虑布局规划，以确保在逻辑、布线和I/O缓冲

器(IOB)中实现适当的隔离。除了早期布局规划之外，开发流程还基于层次结构，也就是说，每个需

要隔离的功能都必须位于其自身的层次结构层级。虽然此流程需要额外的步骤，但分层方法具有一

定的优势。

为了实现

基于FPGA的IDF解决方案。请仔细考虑本应用笔记后续章节中解释的所有设计细节。这些考虑

因素包括：

每个要隔离的功能都必须位于其自己的层次结构级别中。

X-Ref目标图1

应用可信路由规则后的可用路由

发送反馈

Isolation Design Flow

XAPP1222 (v1.4) December 17, 2020 5

www.xilinx.com

• A fence must be used to separate isolated functions within a single chip.

• IOBs must be instantiated inside isolated modules for proper isolation of the IOB. This can

be achieved by manual user instantiation or automatically by the tools.

Note:

Automatic logical inferencing by the tools is unique to the Vivado Design Suite.

• On-chip communication between isolated functions is achieved through the use of trusted

routing (Tools automatically choose trusted routes along coincident physical borders).

Top Level Logic

Isolated designs must take care to keep the amount of top level logic to a minimum. In a typical

IDF design, the only logic at the top should be Clock logic. Any component that is not part of

an isolated module in the design hierarchy is optimized to the top level. Because isolation is

defined by the HD.ISOLATED attribute being set on a hierarchical module, all top logic is, by

default, NOT isolated. This has the following implications:

• There are no placement constraints on top level logic other than it will not be placed in the

fence.

Top level logic can be placed in any isolated region.

• There are no routing restrictions on top level logic other than it will not violate the fence

with used PIPs.

Top level routes can route to, from, and through any isolated region.

While IDF states top level logic should be very minimal (clocks), there are cases where it cannot

be avoided. To prevent top level logic from being placed in the fence, it is necessary to add

prohibits to all sites not ranged by a Pblock. A prohibit is a directive to the placer that disallows

(prohibits) any placement in that site. This should be done after initial floorplanning and IOB pin

placement using the following Tcl commands.

TIP: Copying and pasting from PDF files does not always work. Retyping is advised.

#First, select all sites:

set_property prohibit 1 [get_sites]

#Now, subtract the ones that have been ranged by a pblock

set_property prohibit 0 [get_sites -of_objects [get_pblocks]]

#Now, subtract out the BUFH and BUFG tiles (IDF rules state not to add BUFH and BUFG tiles

to pblock).

set_property prohibit 0 [get_sites -filter {SITE_TYPE =~ "*BUFH*"

|| SITE_TYPE =~ "*BUFG*"}]

For cases where you need some top level sites not ranged in a Pblock, those sites can have their

prohibits cleared as per the above syntax.

Send Feedback

XAPP1222 (v1.4) December 17, 2020 5

www.xilinx.com

•

set_property prohibit 1 [get_sites]

set_property prohibit 0 [get_sites -of_objects [get_pblocks]]

set_property prohibit 0 [get_sites -filter {SITE_TYPE =~ "*BUFH*"

|| SITE_TYPE =~ "*BUFG*"}]

隔离设计流程

必须使用隔离栅来隔离单个芯片内的孤立功能。

为了正确隔离IOB，必须在隔离模块内实例化IOB。这可以通过用户手动实例化或工具自动实例

化来实现。

注意：工具的自动逻辑推理是VivadoDesignSuite独有的。

通过使用可信路由（工具自动沿着重合的物理边界选择可信路由）实现隔离功能之间的片上通信

。

顶层逻辑

隔离设计必须注意将顶层逻辑的数量保持在最低限度。在典型的IDF设计中，顶层逻辑应该只有时钟

逻辑。设计层级中不属于隔离模块的任何组件都会被优化到顶层。由于隔离是通过在层级模块上设置

的HD.ISOLATED属性来定义的，因此默认情况下，所有顶层逻辑都不是隔离的。这具有以下含义：

除了不会被放置在围栏中之外，顶层逻辑没有任何放置限制。

顶层逻辑可以放置在任何隔离区域中。

除了不会违反使用PIP的围栏之外，顶层逻辑上没有路由限制。

顶级路线可以往返于或穿过任何孤立区域。

虽然IDF规定顶层逻辑应该非常少（时钟），但在某些情况下这是不可避免的。为了防止顶层逻辑被

放置在栅栏内，需要对所有不在Pblock范围内的站点添加禁止指令。禁止指令是向布局器发出的指

令，用于禁止（禁止）在该站点进行任何布局。这应该在初始布局规划和IOB引脚布局之后使用以下

Tcl命令完成。

提示：从PDF文件复制粘贴并不总是有效。建议重新输入。

#首先，选择所有站点：

#现在，减去那些已被pblock排列好的

#现在，减去BUFH和BUFG图块（IDF规则规定不要将BUFH和BUFG图块添加到pblock）。

如果您需要一些不在Pblock范围内的顶级站点，则可以按照上述语法清除这些站点的禁止。

发送反馈

剩余64页未读，继续阅读

评论收藏

内容反馈

唐传林

粉丝: 601

xapp1222-idf-for-7s-or-zynq-vivado_中英文对照版_2025年.pdf

最新资源

xapp1222-idf-for-7s-or-zynq-vivado_中英文对照版_2025年.pdf

xapp1256-idf-for-zynq-vivado_中英文对照版_2025年.pdf

xapp1086-secure-single-fpga-using-7s-idf_中英文对照版_2025年.pdf

esp-idf-extension.vsix.zip

wp404_Zynq_Flex_Waveform_中英文对照版_2025年.pdf

ESP-IDF环境安装文件

esp-idf-tools-setup-offline-5.3.1

esp-idf-v4.4.3

esp-idf-tools-setup-offline-4.4.exe

Windows下两个ESP-IDF版本切换

esp-idf-v3.2.zip

DNESP32S3使用指南-IDF版_V1.4.pdf

TF-IDF.py.zip_TF-IDF WEIGHT_tf-idf_tf_idf_特征提取

TF-IDF.zip_TF-IDF java_java tf idf_tf idf_tf-idf

tf-idf.zip_Information Retrival_python IR_python TF-IDF_tf-idf

ESP8266-IDF-AT_V2.2.1.0.zip ESP8266 官方AT固件 WiFi功能固件下载 2022 最新版

IF-IDF算法(Python实现)

ESP-IDF5.1+VSCODE+串口调试助手安装包

esp-idf-tools-setup-2.3安装包.zip

espressif-ide-setup-espressif-ide-2.4.0-with-esp-idf-4.4

ESP固件esp32-idf3-20210202-v1.14.bin

TF-IDF.zip_tf-idf_tfidf

案例TF-IDF.pdf

ESP8266-IDF-AT_V2.1.0.0.zip ESP8266 官方AT固件 WiFi功能固件下载 2021 最新版

esp-idf-master.zip

ti-idf算法，实现对英文文档的检索，把多篇文档中的词（英文单词），按照权值从小到大进行排列...

tf-idf_tf-idf_

DeepSeek从入门到精通(20250204)-清华团队.pdf

相关实用应用程序（Windows可用）

Visio2013 安装包及破解方法

Java开发实战精要

最新资源