cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
seorasray
Visitor
Visitor
816 Views
Registered: ‎01-10-2019

Setting RSA_ENABLE eFUSE stops device booting

I am having a problem with RSA Authentication that I don't understand.

I have enabled Encryption and Authentication in my boot image bif file. I have burned an AES key and RSA Public Key SHA3 hashes to the PPK eFUSES. I can boot with ENC_ONLY set, but when I set RSA_ENABLE I don't even get to the FSBL.

If I set bh_auth_enable I can boot successfully and I see authentication is successful for each partition. If I do not have bh_auth_enable set and I do not have RSA_ENABLE set then the FSBL is authenticated and loads, but fails to verify the remaining partitions with an XFSBL_ERROR_SPK_RSA_DECRYPT error.

I am confused that when setting the RSA_ENABLE eFUSE I don't even get to the FSBL. I would have thought that if the PPK Hashes were incorrect somehow that I would have seen this behaviour in the previous tests with RSA_ENABLE unset and bh_auth_enable unset, basically I would not have expected to see the XFSBL_ERROR_SPK_RSA_DECRYPT error and for the FSBL to load if the PPK hash was bad.

Any thoughts on what I am doing wrong? Thanks!

 

0 Kudos
3 Replies
denist
Xilinx Employee
Xilinx Employee
738 Views
Registered: ‎10-11-2011

RSA_EN and bh_auth_enable are mutually exclusive. One or the other.

Are you sure you have the RSA_EN eFUSE programmed?

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos
seorasray
Visitor
Visitor
736 Views
Registered: ‎01-10-2019

Thanks for responding.

It looks like I programmed the wrong SHA3 hash into PPK0, I think I got PPK0 and PPK1 backwards. Either way, I started from scratch with new keys on a new board and it worked fine. The failure mode wasn't super obvious so that is why I was confused.

0 Kudos
denist
Xilinx Employee
Xilinx Employee
615 Views
Registered: ‎10-11-2011

I am glad you sorted this out.

Please, mark your post with the solution.

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos