



Politecnico  
di Torino



# AES Cryptocore



Lecture prepared by:  
Riccardo Carità  
Gianluca Corso  
Riccardo Fusari  
Federico Fruttero



Co-funded by  
the European Union



La Région  
Auvergne-Rhône-Alpes



Erasmus+



# Acknowledgments

- This material was developed as European Master Network on Embedded System Security (EMNESS) project is an ERASMUS+ Cooperation partnership initiative with the goal to structure an innovative academic curriculum on Reliability and Hardware Security during the academic year 2023/2024.
- Credits for the preparation of this material go to:
  - ✓ Riccardo Carità (<https://github.com/Karrick99>)
  - ✓ Gianluca Corso (<https://github.com/gianluc99>)
  - ✓ Riccardo Fusari (<https://github.com/riccardofusari>)
  - ✓ Federico Fruttero (<https://github.com/fedefruttero>)

# Goals of the project

BUILD AN AES CRYPTOCORE INTO AN  
FPGA PLATFORM WITH A REALTIMEOS  
IN 3 MAIN STEPS:

- HARDWARE DEVELOPMENT & DEPLOYMENT
- OS IMAGE CREATION
- DRIVER DEVELOPMENT

# First Part: HW Development and Deployment

We will use Vivado to instantiate our component (which is an AES cryptocore) inside the AXI4 Interface in order to communicate with the pyng-z2 board

In the following slides it is reported the workflow to obtain a working Vivado project



# How to set the core on the Pynq-z2 board

01 Download the  
core



02 Vivado IP and  
Project  
creation

03 VITIS



First figure taken from <https://emoji.gg/emoji/6031-downloadcloud>  
Second figure taken from <https://www.svgrepo.com/svg/55693/idea>





# 02 - Vivado IP and Project Creation

## Core instantiation in the interface

After having created the IP, click on the Edit IP choice.

Then from the Sources panel click on the + and add the HDL files for the core.

The core will be instantiated using these files as a component.

For interfacing properly the core through the AXI4 interface, it has to be instantiated and the ports have to be connected to the signals of the AXI4 that can be used as input/output. It can be done by writing HDL code into the Verilog file of the IP (the file which name terminates with ...SOO\_AXI.vhd/.v)

# Core instantiation in the interface

The screenshot shows the Vivado 2022.2 Project Manager window for the 'aes\_axi\_ip\_if\_v1\_0\_project'. The project summary indicates it is located at '/home/gianluca/Desktop/git/OS/aes-cryptocore-driver/vivado/hw\_platform\_300923/hw\_platform/hw\_platform.tmp/aes\_axi\_ip\_if\_v1\_0\_project/aes\_axi\_ip\_if\_v1\_0\_project.xpr'. The main pane displays the Verilog source code for 'aes\_axi\_ip\_if\_v1\_0\_S00\_AXI.v'. The code implements an AXI interface for an AES core, handling read requests and generating user logic.

```
// and the slave is ready to accept the read address.  
assign slv_reg_rden = axi_arready & S_AXI_ARVALID & ~axi_rvalid;  
always @(*)  
begin  
    // Address decoding for reading registers  
    case ( axi_araddr[ADDR_LSB+OPT_MEM_ADDR_BITS:ADDR_LSB] )  
        4'h0 : reg_data_out <= slv_reg0;  
        4'h1 : reg_data_out <= slv_reg1;  
        4'h2 : reg_data_out <= slv_reg2;  
        4'h3 : reg_data_out <= slv_reg3;  
        4'h4 : reg_data_out <= slv_reg4;  
        4'h5 : reg_data_out <= slv_reg5;  
        4'h6 : reg_data_out <= slv_reg6;  
        4'h7 : reg_data_out <= slv_reg7;  
        4'h8 : reg_data_out <= crypto_out[31:0];  
        4'h9 : reg_data_out <= crypto_out[63:32];  
        4'hA : reg_data_out <= crypto_out[95:64];  
        4'hB : reg_data_out <= crypto_out[127:96];  
        default : reg_data_out <= 0;  
    endcase  
end  
  
// Output register or memory read data  
always @(posedge S_AXI_ACLK)  
begin  
    if ( S_AXI_ARESETN == 1'b0 )  
        begin  
            axi_rdata <= 0;  
        end  
    else  
        begin  
            // When there is a valid read address (S_AXI_ARVALID) with  
            // acceptance of read address by the slave (axi_arready),  
            // output the read data  
            if (slv_reg_rden)  
                begin  
                    axi_rdata <= reg_data_out; // register read data  
                end  
        end  
end  
  
// Add user logic here  
assign plain_in = {slv_reg0, slv_reg1, slv_reg2, slv_reg3};  
assign key = {slv_reg4, slv_reg5, slv_reg6, slv_reg7};  
aes_128 aesl (S_AXI_ACLK, plain_in, key, crypto_out);  
// User logic ends  
endmodule
```









# 02 - Vivado IP and Project Creation

## Review, package, block design, wrapper

At this point, if everything corresponds to what is expected, click on the Package IP - <name> panel, and proceed clicking on File Groups -> Merge changes from File Groups Wizard.

Now click on Review and Package -> Re-Package IP

After having confirmed to close the project by clicking on Yes, next step is to create the block design

On the left menu: Create block design, the specify a name and click OK.

Now add the board processing system by clicking on the + symbol in the Diagram panel, and then selecting the board.

Click on Run Block Automation, then confirm with OK.

# 02 - Vivado IP and Project Creation

## Review, package, block design, wrapper

Then add the custom IP made in the previous steps by clicking again on the + symbol, then Run Connection Automation and OK in the window that will appear.

Now validate by clicking on the blue check mark ✓ in Diagram panel, click OK.

Now it's time to create the wrapper that will be exported:

right click on the core name under the Design Sources section -> Create HDL Wrapper -> Let Vivado manage wrapper and auto-update.

Now the wrapper should appear in the Design Sources in the Sources panel.

Then on the left menu: Generate Bitstream, and OK in "Launch Runs" window.

Now File > Export > Export Hardware

In the window "Export Hardware Platform" :

Include bitstream, give the file name for the XSA and a path where to be exported.

Finish.

- EXERCISE 1: IP generation

Now it's time to try to build your own HW description file!

Try to modify by yourself the hw description files of your system in order to communicate through the AXI4 interface. Instantiate your hw, the processor and the communication needed.

A solution for this exercise is inside the repository.



# 03 - VITIS - bare-metal test on the HW platform

- On the left menu, in src, then helloworld.c, read the code generated by Vitis.
- On the left menu, in hw, drivers, <your ip name>, src open the <your ip name>.h file and verify the generation of the correct offset constants for the address management. By scrolling down in the code, there are the methods for writing registers and reading registers, that can be used for our purposes.
- Be sure to have included libraries:

```
#include "platform.h"
#include "xil_io.h"
#include "<your ipname>.h"
#include "xparameters.h"
```

# 03 - VITIS - bare-metal test on the HW platform

Now we can use the `_mWriteReg` and `_mReadReg` methods to properly write and read data to/from the core.

Once finished, we can click on the build icon:



## IMPORTANT

From now on, the board should be properly connected to the PC. Check if the jumper that allows to choose between JTAG and SD is in the correct position. Verify the correct behavior from the status LED on the board.

# 03 - VITIS - bare-metal test on the HW platform

The next step is to click on this icon in the upper toolbar:



This opens the menu Target connections, then in Hardware Server section you can click on Local [default] In the window that wil appear, click on OK with default values.

Now click on the Debug key on the upper toolbar:



This will program the FPGA and allow you to use the Vitis Serial Terminal (in the lower part of the screen), and add the correct port by clicking on the + symbol.

With the serial terminal, you can verify the output from the board, and see if it's the correct response to the data applied through the C program.

- EXERCISE 2: Test your HW

Now it's time to try to test your own HW description file!

Modify the helloworld.c template in Vitis in order to write and read on the registers you settled up in the previous exercise.

A solution for this exercise is inside the repository.

# Second Part: OS IMAGE CREATION

In the second phase of our project, we utilize PetaLinux to create a customized Linux operating system image for our embedded system. This involves configuring the Linux kernel, building a root filesystem, and generating a bootable image specifically designed for our FPGA platform.



First figure taken from <https://it.emcelettronica.com/wp-content/uploads/2018/10/fpga.jpg>

Second figure taken from <https://www.zachpfeffer.com/single-post/xilinx-20182-software-tool-installation-overview-and-assessment>

Third figure taken from <https://www.mouser.mx/new/xilinx/xilinx-zynq-7000-socs/>



# PETALINUX

- Optimized for FPGA and Zynq SoC
- Widely Adopted in Automotive,Aerospace,Telecommunications and Industrial Automation for Robust Embedded Systems.
- Seamless integration into hardware designs



First figure taken from <https://it.emcelettronica.com/wp-content/uploads/2018/10/fpga.jpg>  
Second figure taken from <https://discuss.pynq.io/t/deploying-pynq-and-jupyter-with-petalinux/677>

# Embedded Linux Installation Guide

- **Download PetaLinux:**
- Visit the following link to download the PetaLinux installer: [PetaLinux Download](#)
- **Installation Steps:**

First of all, make sure you have the latest version of the OS.

```
sudo apt update  
sudo apt upgrade
```

# Embedded Linux Installation Guide

- Then, after downloading, move the .run file to the desired installation folder.
- Open your terminal and navigate to the installation folder.
- Run the installer using the following command:

```
bash petalinux-v2023.1-05012318-installer.run
```

If an Error comes out saying you are missing some dependencies, run the following command:

```
sudo apt install gawk zlib1g-dev net-tools xterm autoconf libtool  
texinfo gcc-multilib
```

# Embedded Linux Installation Guide

Maybe they aren't all the packages and dependencies missing.

You can go at that [link](#). By scrolling down, you can see a script called "plnx-evn-setup.sh". Download that script and run it. It should install all the packages needed. If is that not the case, check the error messages and search on google how to download that specific library by terminal. You will easily find a command to do it.

- Follow the on-screen prompts to accept the license agreements and complete the installation.
- Run the settings.sh script source `./settings.sh` (ignore the warning)

# Embedded Linux Installation Guide

## Create the project

Go to your terminal and change directory to where you would like to create your new PetaLinux project directory

Run:

```
petalinux-create -t project --template zynq --name aes-petalinux
```

Here '-t' is equivalent to '--type'. You can see that there is a new folder created and you can enter inside it.

```
cd aes-petalinux
```



# Embedded Linux Installation Guide

## Configure using XSA file

You have previously created a XSA file as output of VIVADO that describes your hardware platform. You will need this file now for configure petalinux build and tell to petalinux what devices are available for it and it will create a Device Tree based on this hw definition file.

Write this command into the project directory

```
petalinux-config --get-hw-description <PATH-TO-XSA DIRECTORY>
```

This will open the first configuration screen of the petalinux tool. In this you can navigate and check what is inside, but there is no need to change anything here. You can exit by pressing double time the . Save it. This can needs some time.

# Embedded Linux Installation Guide

## Configure the Kernel

```
petalinux-config -c kernel
```

This will need some time. After that, a similar window to the previous one should open. As before, there are many options, you can browser it for checking if you have to change something. Also here, there is no need to change anything for the purpose of this Lab.

# Embedded Linux Installation Guide

## Configure U-Boot

Another configuration command we have to run

```
petalinux-config -c u-boot
```

In the configuration window, you have to enable the boot options --> boot media --> "Support for booting from QSPI flash" and "Support for booting from SD/EMMC".

Save and exit.

Now there will be another configuration command needed, the one for the RootFS. But first, in order to compile it correctly for this lab, you want to create an application and a module.

# Create and compile the driver

The skeleton of the driver that will contain your custom code can be created by terminal with this command.

```
petalinux-create -t modules --name aes-core-driver --enable
```

You can check that a new file it is created. The file is in

```
$(PETAPROJECT)/project-spec/meta-user/recipes-modules/aes-coredriver/files/aes-core-driver.c
```

There you can customize the init, write, read, open, close functions to your needs.  
Once you are done you can build it with petalinux (cross-compile it)

```
petalinux-build -c aes-core-driver
```

Thanks to that command and to nexts that we will see, the driver will be already mounted on the device (i.e. the \*.ko file).

# Creating and Compiling the test- driver

You can also create an application that tests your driver using the petalinux tools and avoiding also here to crosscompile it by yourself.

```
petalinux-create -t apps --template c --name aes-core-test --enable
```

The new file created is in

```
$(PETAPROJECT)/project-spec/meta-user/recipes-apps/aes-core-test  
/files/aes-core-test.c
```

There you can customize the C file to your testing needs. Once you are done you can build it with petalinux

```
petalinux-build -c aes-core-test
```

# How do we interface with the OS ?



Figure taken from [https://mir-s3-cdn-cf.behance.net/project\\_modules/max\\_1200/53d9ae70251739.5b9d484cde8a2.jpg](https://mir-s3-cdn-cf.behance.net/project_modules/max_1200/53d9ae70251739.5b9d484cde8a2.jpg)  
Second figure taken from [https://d1nxzqpcg2bym0.cloudfront.net/google\\_play/com.firewall.sshclient/a883ca02-9f9f-11e9-8461-2d7545ccf52c/128x128](https://d1nxzqpcg2bym0.cloudfront.net/google_play/com.firewall.sshclient/a883ca02-9f9f-11e9-8461-2d7545ccf52c/128x128)

- EXERCISE 3: Build your linux system!

Now it's time to try to test what you learned in the previous steps.

Try to follow the guide in the repository and build your linux system.

Flash the system through JTAG and then SD card

# Third Part: Driver development

The main goal of this LAB is to write a crypto-core driver in C language. Now, you can do it from scratch and try to cross-compile this driver for the system that you are building. This is not easy. Fortunately, Petalinux comes to help us. Indeed, in order to cross-compile the driver for the cripto-core easily, we will use the petalinux's recipes and buildtools.



First figure taken from <https://www.shutterstock.com/it/image-vector/monitor-coding-vector-programming-illustration-2244063857>

Second figure taken from <https://www.vecteezy.com/vector-art/6816978-code-icon-coding-symbol-coding-programming-sign>

# Structure of the driver

## #define

Here there are the constant values used in our IP to access registers, according to the right addresses

```
#define BASE_ADDR          (0x43C00000U)

#define OFFSET_STATUS_0      (0x00000000U)
#define OFFSET_STATUS_1      (0x00000004U)
#define OFFSET_STATUS_2      (0x00000008U)
#define OFFSET_STATUS_3      (0x0000000CU)

#define OFFSET_KEY_0          (0x00000010U)
#define OFFSET_KEY_1          (0x00000014U)
#define OFFSET_KEY_2          (0x00000018U)
#define OFFSET_KEY_3          (0x0000001CU)

#define OFFSET_OUTPUT_0        (0x00000020U)
#define OFFSET_OUTPUT_1        (0x00000024U)
#define OFFSET_OUTPUT_2        (0x00000028U)
#define OFFSET_OUTPUT_3        (0x0000002CU)

#define DEST_ADDR(x,y)         (uint8_t*)((uint8_t)(x) + (uint8_t)(y))
```

# Structure of the driver

## aes\_core\_driver\_probe():

This function is responsible of mapping the memory according to our hardware, thus checking possible incorrect addresses

```
static int aes_core_driver_probe(struct platform_device *pdev)
{
    struct resource *r_irq; /* Interrupt resources */
    struct resource *r_mem; /* IO mem resources */
    struct device *dev = &pdev->dev;
    struct aes_core_driver_local *lp = NULL;

    int rc = 0;
    dev_info(dev, "Device Tree Probing\n");
    /* Get iospace for the device */
    r_mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
    if (!r_mem) {
        dev_err(dev, "invalid address\n");
        return -ENODEV;
    }
    lp = (struct aes_core_driver_local *) kmalloc(sizeof(struct aes_core_driver_local), GFP_KERNEL);
    if (!lp) {
        dev_err(dev, "Cound not allocate aes-core-driver device\n");
        return -ENOMEM;
    }
    dev_set_drvdata(dev, lp);
    lp->mem_start = r_mem->start;
    lp->mem_end = r_mem->end;

    if (!request_mem_region(lp->mem_start,
                           lp->mem_end - lp->mem_start + 1,
                           DRIVER_NAME)) {
        dev_err(dev, "Couldn't lock memory region at %p\n",
               (void *)lp->mem_start);
```

# Structure of the driver

## dev\_read():

This function is responsible of reading the buffer using the appropriate offset, thus reporting cases of error or success

```
static ssize_t dev_read
(
    struct file *fil,
    char *buf,
    size_t len,
    loff_t *off
)
{
    uint8_t err = 0U;

    printk(KERN_ALERT "Device starting to read");

    local_buf = readl(DEST_ADDR(vi_baddr, *off));

    err = copy_to_user(buf, &local_buf, sizeof(buf));
    if (err != 0U)
    {
        printk(KERN_ALERT "ERROR_R: impossible to copy to user space");
    }

    printk(KERN_ALERT "Successfully read: data %0X", local_buf);

    return 0;
}
```

# Structure of the driver

## dev\_write():

This function is responsible of writing the buffer, provided the correct offset, thus it is checking for possible offsets out of the correct range

```
static ssize_t dev_write
(
    struct file *fp,
    const char *user_buf,
    size_t len,
    loff_t *off
)
{
    uint8_t err = 0U;

    printk(KERN_ALERT "device starting to write");
    printk(KERN_ALERT "Write function.\nVirtual address = %08X\n local_buf = %08X\n", *vi_baddr, local_buf);
    printk(KERN_ALERT "user_buf = %08X\n", *user_buf);

    if((*off % 4) != 0 || *off > 16)
    {
        printk(KERN_INFO"Offset out of range\n");
        return -1;
    }

    err = copy_from_user(&local_buf, user_buf, sizeof(user_buf));
    if (err != 0U)
    {
        printk(KERN_ALERT "ERROR_W: impossible to copy from user space");
    }

    writel(local_buf,DEST_ADDR(vi_baddr,*off));

    printk(KERN_ALERT "Successfully write: data %s", local_buf);
```

# Structure of the driver

## Open, close and exit functions

```
static int dev_close(struct inode *inod, struct file *fil){
    printk(KERN_ALERT "device closed\n");
    return 0;
}

static void __exit aes_core_driver_exit(void)
{
    platform_driver_unregister(&aes_core_driver_driver);
    printk(KERN_ALERT "Goodbye module world.\n");
}

static int dev_open(struct inode *inod, struct file *fil){
    printk(KERN_ALERT "device opened");

    printk(KERN_ALERT "Open function.\nVirtual address = %08X\n local_buf = %08X\n", *vi_baddr, local_buf);
    return 0;
}
```

# Final exercise: The driver

<https://github.com/EMNESS-project-group2>

Inside the above GIT repo, you can find all the reference code, with more technical detail



Now it's up to you to develop a working driver with a c test file to check its functionality



Figures modified from <https://www.image-search.org/tempimgs/842460061717747700.png> and [https://widget-club.com/icons/t/yahoo/pastel\\_blue](https://widget-club.com/icons/t/yahoo/pastel_blue)

# Lecture credits to

Riccardo Carità

Gianluca Corso

Riccardo Fusari

Federico Fruttero



This work is licensed under a  
Creative Commons Attribution  
4.0 International License