cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
366 Views
Registered: ‎09-09-2019

AR# 72588 Unauthenticated Boot and Partition Headers

Dear Xilinx-Community,

According to AR# 72588 (Zynq UltraScale+ MPSoC/RFSoC, Encrypt Only Boot Mode - Unauthenticated Boot and Partition Headers) see https://www.xilinx.com/support/answers/72588.html,

I have the following questions:

First, I would like to get confirmed that this flaw is not only affecting UltraScale+ as reported in https://raw.githubusercontent.com/inversepath/advisories/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU%2B-Encrypt_Only_Secure_Boot_bypass.txt, but also the entire Zynq family?

I investigated this on both a Zynq XC7Z010 and XC7Z020 with XSDK 2018.1, when generating a boot image in encryption only mode.

Second, will there be an updated FSBL template by Xilinx, which shows how to authenticate the partition headers in SW with acceptable performance/memory overhead?

 

Thanks in advance.

Tags (2)
0 Kudos
1 Reply
Highlighted
Xilinx Employee
Xilinx Employee
284 Views
Registered: ‎10-11-2011

The Design Advisoty is only related to MPSoC mainly because in zynq-7000 Xilinx doesn't offer an ENCRYPTION ONLY out-of-box solution.

I am not sure what you mean about "how to authenticate the partition headers in SW with acceptable performance/memory overhead".

"

Xilinx continues to recommend the use of the Hardware Root of Trust (HWRoT) boot mode when possible. The HWRoT boot mode does authenticate the boot and partition headers.

"

 

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos