Jacob, N.N.JacobWittmann, J.J.WittmannHeyszl, J.J.HeyszlHesselbarth, R.R.HesselbarthWilde, F.F.WildePehl, M.M.PehlSigl, G.G.SiglFischer, K.K.Fischer2022-03-142022-03-142017https://publica.fraunhofer.de/handle/publica/40205410.1109/SOCC.2017.82260192-s2.0-85044275768System-on-Chips which include FPGAs are important platforms for critical applications since they provide significant software performance through multi-core CPUs as well as high versatility through integrated FPGAs. Those integrated FP-GAs allow to update the programmable hardware functionality, e.g. to include new communication interfaces or to update cryptographic accelerators during the life-time of devices. Updating software as well as hardware configuration is required for critical applications such as e.g. industrial control devices or vehicles with long life-times. Such updates must be authenticated and possibly encrypted. One way to achieve this is to rely on static FPGA manufacturer-provided cryptography and respective master keys. However, in this contribution, we show how to retrofit Xilinx Zynq FPGAs with an alternative cryptographic accelerator and how to establish device-individual keys using Physical Unclonable Function (PUF) technology. These two key aspects reduce the required trust in manufacturer-provided security features while increasing the security by binding configurations to a specific device.en003005006518conference paper