cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
2,576 Views
Registered: ‎10-18-2018

FSBL won't boot in secure boot with HSM mode

Jump to solution

Hello community, dear Xilinx employees, random search engine visitors, and all the bots;

Zyqn 7020 successfully boots w/ encrypted and authenticated FSBL and `BOOT.BIN`. However, I don't want to give my too much private keys to the `bootgen` anymore; so I decided to use HSM mode while producing the images. In UG1283, there are somewhat complete steps to produce a `BOOT.BIN` in HSM mode. I use it to get a `BOOT.BIN` with all the partitions are encrypted and authenticated. So far so good.

 

Due to my architectural design, I wanted to produce an encrypted and authenticated seperate FSBL to place it on top of my QSPI. Steps for this is not included in the document, so I ran the same steps that I did for BOOT.BIN; except I didn't include u-boot and bitstream, and I got the final image only containing FSBL and imageheadertable.

ASCII art of my QSPI architecture

```

-------------- 0x00000000
FSBL
-------------- 0xcafebabe
BOOT.BIN  ----> (FSBL+uboot+bitstream)
-------------- 0xdeadbeef
....
................. 0xfffffffffffff

```

It didn't boot with that FSBL on top of BOOT.BIN. Both of the images were produced in HSM mode.

I tried the same with the intermediate fsbl_e_auth.bin that occurs when producing BOOT.BIN in HSM mode (according to UG1283) but it also didn't work.

How do I produce a FSBL in HSM mode that works?

PS: BTW, there are lots of error in UG1283 (2019.1). It's funny that you never ran the commands you wrote on the doc (they are not working) or you didn't publish the codes you ran.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
735 Views
Registered: ‎10-18-2018

Hello all but Xilinx documentation team,

Issue is solved. First of all, it wasn't a problem only about the FSBL. It was about the whole HSM mode process Xilinx describes. I could share the true HSM mode steps if someone needs; please just PM me - only if you are not a member of Xilinx documentation team.

Dear Xilinx documentation team,

I know probably you will not read this thread just as you don't read what you write on your documents. I suggest you to read what you write and do give importance to the feedbacks.

Regards,

Dosto

View solution in original post

0 Kudos
6 Replies
Highlighted
Xilinx Employee
Xilinx Employee
805 Views
Registered: ‎10-11-2011

MPSoC or zynq-7000?

You still need to go over att the steps inclusing the one last one that "Combine Partitions, Insert Header Table Signature". Are you doing that?

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
Highlighted
774 Views
Registered: ‎10-18-2018

Hello @denist,

Thanks for the reply.

As I stated, it's a zynq-7000 (Zynq7020). Yes I'm completing all of the steps.

The root of the issue turns out to be a different one; please see this thread: https://forums.xilinx.com/t5/ACAP-and-SoC-Boot-and/Bootgen-and-RSA-authentication-in-XAPP1175-differents-MCS-in/m-p/1030086#M3692

Thanks,

Dosto

0 Kudos
Highlighted
736 Views
Registered: ‎10-18-2018

Hello all but Xilinx documentation team,

Issue is solved. First of all, it wasn't a problem only about the FSBL. It was about the whole HSM mode process Xilinx describes. I could share the true HSM mode steps if someone needs; please just PM me - only if you are not a member of Xilinx documentation team.

Dear Xilinx documentation team,

I know probably you will not read this thread just as you don't read what you write on your documents. I suggest you to read what you write and do give importance to the feedbacks.

Regards,

Dosto

View solution in original post

0 Kudos
Highlighted
Xilinx Employee
Xilinx Employee
705 Views
Registered: ‎10-11-2011

Hi Dosto,

you should be posting your findings in this thread for the good of the community.

Thanks.

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
Highlighted
Xilinx Employee
Xilinx Employee
563 Views
Registered: ‎10-11-2011

Few issues on UG1283 regarding the HSM flow for zynq-7000 have been fixed in the 2019.2 release of the document.

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
Highlighted
325 Views
Registered: ‎10-18-2018

Yea haven't tried it yet but it seems this time docteam cought the mice

congrats

dosto

0 Kudos