MicroZed Chronicles: Spartan UltraScale+ Security

The Spartan UltraScale+ is a very interesting device. Not only does the UltraScale+ fabric enable us to leverage performance to implement more functionality in a smaller device, for example see my recent FPGA Horizons journal article on logic folding, but it also offers a wide range of powerful built-in features.

It is not just the capability of the logic that makes the Spartan UltraScale+ so useful. It is also the many integrated features, including its enhanced security capabilities.

Security features in the Spartan UltraScale+ have been updated and include a range of support for bitstream security, encryption, and authentication using techniques such as AES-GCM, SHA-3, and post-quantum cryptography methods such as Hierarchical Signature System (HSS) and Leighton-Micali Signatures (LMS).

These are complemented by a hardware root of trust and support for DPA countermeasures to protect the AES key.

The security solution provided in the Spartan UltraScale+ also includes physically unclonable functions (PUFs) and true random number generators (TRNGs).

In a future blog, we will examine how we can create secure boot solutions. However, in this blog we are going to examine how we are able to access some of these features at run time, as they can be very useful in our applications as well.

To implement the security and error-management features, the Spartan UltraScale+ device includes a Platform Management Controller (PMC). This is similar to the PMC used in AMD Versal families, which is why the Spartan UltraScale+ is configured using a PDI.

To access security features such as SHA-3, the TRNG, or the ECC multiplier within the PMC, we need to use the PMC IP Bridge. This bridge can be instantiated within IP Integrator or in RTL designs using the XPM_PMC_BRIDGE. Using the PMC Bridge, we can also access configuration memory for post-configuration reconfiguration.

The bridge provides AXI-mapped access to features within the PMC. Let us take a simple look at how we can use the bridge in a Spartan UltraScale+ design.

To get started, we are going to create a MicroBlaze design that contains the PMC Bridge. The final design can be seen below.

We can then build the design and export the XSA into Vitis to create a software application that accesses the PMC using this bridge.

When creating a new platform, we can see under the drivers the supported PMC features such as DMA, OSPI, and the TRNG. For OSPI and the TRNG, there are example applications available.

Opening the examples, you will see three different options, DRNG, PRNG, and HRNG.

But what do they mean? These terms are based on concepts defined within NIST SP 800-90.

HRNG is a hardware random number generator that derives its randomness from a physical entropy source. This is unpredictable and non-repeatable, which is exactly what we want when using true random numbers. However, it can be slow to generate values, and the output may be biased. Typical use cases for the HRNG include serving as an entropy source and supporting health tests.

DRNG is a deterministic random number generator that is seeded by the HRNG. It is cryptographically secure, fast to generate, and repeatable if seeded correctly. This is commonly used for session keys, nonces, and initialization vectors.

PRNG is a pseudo-random number generator derived from a combination of the HRNG and DRNG, and it is typically used for generating secure random numbers.

Importing and running the examples will show sample outputs of the generated numbers. Two values are generated so you can clearly see the differences between the number generation methods.

If you wish, you could also perform some interesting tests to evaluate the randomness of the output.

I thought this was a nice way to introduce the Platform Management Controller in the Spartan UltraScale+. We will no doubt be returning to the PMC in Spartan UltraScale+ in future blogs.

FPGA Conference

FPGA Horizons US East - April 28th, 29th 2026 - THE FPGA Conference, find out more here.

FPGA Journal

Read about cutting edge FPGA developments, in the FPGA Horizons Journal or contribute an article.

Workshops and Webinars:

If you enjoyed the blog why not take a look at the free webinars, workshops and training courses we have created over the years. Highlights include:

• Upcoming Webinars Timing, RTL Creation, FPGA Math and Mixed Signal

• Professional PYNQ Learn how to use PYNQ in your developments

• Introduction to Vivado learn how to use AMD Vivado

• Ultra96, MiniZed & ZU1 three day course looking at HW, SW and PetaLinux

• Arty Z7-20 Class looking at HW, SW and PetaLinux

• Mastering MicroBlaze  learn how to create MicroBlaze solutions

• HLS Hero Workshop  learn how to create High Level Synthesis based solutions

• Perfecting Petalinux  learn how to create and work with PetaLinux OS

Boards

Get an Adiuvo development board:

• Adiuvo Embedded System Development board - Embedded System Development Board

• Adiuvo Embedded System Tile - Low Risk way to add a FPGA to your design.

• SpaceWire CODEC - SpaceWire CODEC, digital download, AXIS Interfaces

• SpaceWire RMAP Initiator - SpaceWire RMAP Initiator,  digital download, AXIS & AXI4 Interfaces

• SpaceWire RMAP Target - SpaceWire Target, digital download, AXI4 and AXIS Interfaces

• Other Adiuvo Boards & Projects.

Embedded System Book   

Do you want to know more about designing embedded systems from scratch? Check out our book on creating embedded systems. This book will walk you through all the stages of requirements, architecture, component selection, schematics, layout, and FPGA / software design. We designed and manufactured the board at the heart of the book! The schematics and layout are available in Altium here.  Learn more about the board (see previous blogs on Bring up, DDR validation, USB, Sensors) and view the schematics here.

Sponsored by AMD