cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vanderglas
Visitor
Visitor
965 Views
Registered: ‎12-12-2018

RSA Authentification

We have a Zynq-7045 desing and we want to sign the FSLB and the FPGA-Bitstream by using the RSA authentication.

The PSK Hash was written into the PS eFuse of the Zynq by means of the Secure_Driver application.

The settings are:

#define XSK_EFUSEPS_ENABLE_WRITE_PROTECT    FALSE

#define XSK_EFUSEPS_ENABLE_RSA_AUTH              TRUE

#define XSK_EFUSEPS_ENABLE_ROM_128K_CRC                 FALSE

#define XSK_EFUSEPS_ENABLE_RSA_KEY_HASH                 TRUE

#define XSK_EFUSEPS_RSA_KEY_HASH_VALUE "D9D76F6BAA10CA6328735E175861C301FF57CB048979C66065D1BBE441163BA3"

"RSA_SUPPORT" and "FSBL_DEBUG_RSA" is set in the FSLB code.

The PSK signed FSLB was successfully loaded from the SD-Card - there are FSLB outputs at the terminal...

But there are problems with the SSK, nervertheless if the second partition (FPGA Bitstream) is signed or not (refer to the output of the FSBL below).

Does anybody have an idea what's wrong? Thank you very much!

Best

------------------------------------------------------------------

FSLB output:

Xilinx First Stage Boot Loader
Release 2015.2  Dec 11 2018-17:00:58
Devcfg driver initialized
Silicon Version 3.1
Boot mode is SD
SD: rc= 0
SD Init Done
Flash Base Address: 0x.........
Reboot status register: 0x..............
Multiboot Register: 0x..........
Image Start Address: 0x............
Partition Header Offset:0x.........
Partition Count: 2
RSA enabled for Chip
SPK Hash Calculated START
8F16DDC56E07FBB64F0457BF1322B2EE
89F8FC85B345D33FCEB615F2A315BC5E

 SPK Hash Calculated END
SPK Decrypted Hash START
9CF286D5B43D9DED7E233FA253F4B886
EF17CE5ABCA96740AFD71D501BDDF3EA
2CD59396AF5837F650E51468F46FFA94
4B9D1F4F5F9B8495340E063F021C994D
180D0B8FB87405076672863C89323BDB
8D8A9CED7854360A6DB52395EB51C3CD
EC2DA9A90502F968F4D9E119E8C3D09F
806D4B2A85202DAC1463AEF91934B816
6AEB69CD1BA0BB0C00336A9162C96D38
AA699587521F8B7D5CA6D9035A606812
F50E9829FE8C31F71353AF665A013731
BF9C93C64076C321239EA3E5C449796E
D1202B164242D27BD1DC0BAF98FB5EDB
6687602D7347A6A1ACEA713BF7FA03E0
75E0C00AAC203D8EE1FE77DD64EE1692
2CEED4FB4A881CD2DEC4E796C4DC803F

 SPK Decrypted Hash END
Partition SPK Signature Authentication failed
Partition Header signature Failed
FSBL Status = 0xA00E

This Boot Mode Doesn't Support Fallback
In FsblHookFallback function

0 Kudos
4 Replies
denist
Xilinx Employee
Xilinx Employee
834 Views
Registered: ‎10-11-2011

May I see your .bif file? I see you are using 2015.2: id you look for known issues in the Xilinx Answer Record database?

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
vanderglas
Visitor
Visitor
809 Views
Registered: ‎12-12-2018

Hi denist,

thank you very much for your reply. Here is the content of the .bif file:

------------------------------------------------------

trd_image: {
[pskfile]        psk.pem
[sskfile]       ssk.pem
[bootloader, authentication=rsa]  ../SecureBoot/V13/zynq_fsbl_with_rsa_debug.elf
   ../SecureBoot/V13/bitstream.bit
}

------------------------------------------------------

We checked a lot of XILINX- and other WEB-pages, but currently we don't know how to proceed.

0 Kudos
denist
Xilinx Employee
Xilinx Employee
795 Views
Registered: ‎10-11-2011

What if you use a simple hello world instead of the bitstream?

My suggestion would be to try the same bootgen steps in a more recent version of the tools and see if the output is the same.

Do you know you can use a command line tool called bootgen_utility to see the BOOT.bin ina text format?

That should make the comparison easier.

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
vanderglas
Visitor
Visitor
780 Views
Registered: ‎12-12-2018

Hi denist,

thank you very much for your hints. It takes some times to do some additional tests, then I let you know.

0 Kudos