Design And Implementation Of Trusted Cryptosystem Based On ZYNQ Platform

In today’s society,information technology is highly developed,and the importance of data security is increasingly valued.The protection of data confidentiality involves the production,transmission,processing,storage and other aspects of data.In order to solve the security problem of terminal network equipment hardware,trusted computing technology came into being.By verifying the credibility of the hardware equipment,the whole system can be ensured not to be tampered with and damaged,so as to ensure the security of information in production and processing.The main work of this paper is to use the ZYNQ-7000 all programmable So C of Xilinx company to implement a trusted encryption device,and make a series of designs around it.Because ZYNQ chip has the advantages of high integration and low power consumption,compared with the current common cryptographic device CPU + FPGA architecture,this design is more flexible and efficient.The implementation of this device includes two aspects.In the aspect of trusted implementation,this paper refers to the trust chain principle of TCG,designs the trusted startup mechanism of bare metal program based on ZYNQ platform,takes the Boot ROM code in the hardware as the origin of trust,and verifies step by step from Boot ROM to FSBL program and then to application program.On the other hand,this research applies the Trust Zone security component provided by ARM core,divides the whole system into non security world and security world,and physically isolates the two worlds.In the operation of the system,the process involving sensitive information processing is carried out in the secure world,and the part interacting with the outside world is processed in the non secure world.This ensures the safety and credibility of the device in the process of startup and operation.In terms of program architecture,asymmetric multiprocessing(AMP)mode is adopted in this design.Two ARM cores run programs in secure world and non secure world respectively,and they transmit information through shared DDR storage.Among them,CPU1 in the non secure world is responsible for ciphertext exchange with the outside world,while CPU0 in the secure world is responsible for user’s operation terminal and controlling SM4 algorithm module in FPGA for encryption and decryption.