cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Observer
Observer
534 Views
Registered: ‎10-24-2019

Secure Key Driver - Key String to Hex conversion fails

Jump to solution

Dear Community

I am trying to load the hash of a RSA PPK into the PS eFUSE. I followed the document XAPP1175 and was able to calculate the hash, modify xilskey_efuse_example.c, xilskey_input.h and to build the secure key driver.

I generated a bootimage containing the fsbl and the secure key driver elf file. I copied it onto my SD Card and I am able to boot it. But after the FSBL Handoff i get the following error:

PS Data Initialization failed.

I started to debug the xilskey_efuse_example.c file and realized the following:

- My key does get validated successfully (correct length and characters)

- It fails to convert the string to the Hex buffer

To create the hex buffer following function is used:

PsStatus = XilSKey_Efuse_ConvertStringToHexBE(
					XSK_EFUSEPS_RSA_KEY_HASH_VALUE,
					&(PsInstancePtr->RsaKeyHashValue[0]), 64);
if(PsStatus != XST_SUCCESS) {
      return PsStatus;
}

In this function it fails at this particular part:

u32 XilSKey_Efuse_ConvertStringToHexBE(const char * Str, u8 * Buf, u32 Len)
{
.
.
.
if(Len != (strlen(Str)*4U)) { Status=(u32)XSK_EFUSEPS_ERROR_PARAMETER_NULL; goto END; }

Len is a hardcoded 64 and Str is the ppk hash (string containing 64 chars)...

So it actually executes:

if(64 != (64*4U)) {
		Status=(u32)XSK_EFUSEPS_ERROR_PARAMETER_NULL;
		goto END;
}

This obviously fails... why is there a multiplication *4U? I mean this code is provided by Xilinx and not by me.. I am pretty confused now. Is it save to delete this multiplication or should the size of my rsa ppk hash somehow be smaller? (I generated this hash by running the bootgen -image gen_hash_ppk.bif -efuseppkbits hash_ppk.txt command) it yielded a txt document containing 64 chars.

I would really appreciate your help on this one.. thanks!

0 Kudos
Reply
1 Solution

Accepted Solutions
Observer
Observer
459 Views
Registered: ‎10-24-2019

Instead of the hardcoded 64, 256 should get passed. This represents the length of the ppk hash in bits.

View solution in original post

0 Kudos
Reply
1 Reply
Observer
Observer
460 Views
Registered: ‎10-24-2019

Instead of the hardcoded 64, 256 should get passed. This represents the length of the ppk hash in bits.

View solution in original post

0 Kudos
Reply