AR# 75250


Design Advisory for Zynq UltraScale+ MPSoC/RFSoC: 2020.1 Bootgen from GitHub exposes part of the AES Key in the IV


GitHub commit 6bea30996979f085701542d8905966240545cd8e (on April 20th, 2020) for Bootgen introduces a security vulnerability by exposing part of the AES Key in the IV when generating Key/IV pairs.

For more information on how to sign up to receive notifications for new Design Advisories, see (Xilinx Answer 18683).


The issue has been address with GitHub commit bb38995468d8c830cbbfc5062e903961444c0a3c (on May 14th, 2020).

The official 2020.1 release TAG of Bootgen is NOT impacted.

Note: Xilinx continues to recommend the use of the official TAG (for example 2019.2 or 2020.1) from GitHub when deploying a product.

AR# 75250
日期 09/17/2020
状态 Active
Type 设计咨询
People Also Viewed