UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor
Contributor
332 Views
Registered: ‎05-11-2018

Unknown ZYNQ MPSoC bootROM error code

Hello,

I'm attempting to boot from QSPI using an image that wasauthenticated with a PPK burned into eFuse, and encrypted using a RED key whose PUF-protected BLACK version is stored in eFuse. The boot fails and the error code given is 0x3949. The 0x49 error code is described in Table 11-9 of UG1085, but the 0x39 error code is not listed (it conveniently skips from 0x38 to 0x3A...). Does anyone have any idea what 0x39 represents?  If so, can you please let me know?  Thanks!

Take care.

  Jim

0 Kudos
3 Replies
Xilinx Employee
Xilinx Employee
260 Views
Registered: ‎10-11-2011

Re: Unknown ZYNQ MPSoC bootROM error code

Can I see your .bif? The error tells you there's no authentication in the image while using the PUF.

0 Kudos
Contributor
Contributor
244 Views
Registered: ‎05-11-2018

Re: Unknown ZYNQ MPSoC bootROM error code

Hello dentist,

Here is my BIF:

//arch = zynqmp; split = false; format = BIN
the_ROM_image:
{
	[pskfile] C:\Xilinx\workspace\foobar\foobar.sdk\foobar_puf\bootimage\keys\psk0.pem
	[sskfile] C:\Xilinx\workspace\foobar\foobar.sdk\foobar_puf\bootimage\keys\ssk0.pem
	[auth_params] spk_id = 0; ppk_select = 0
	[aeskeyfile] C:\Xilinx\workspace\foobar\foobar.sdk\foobar_puf\bootimage\keys\multiple_keys.nky
	[keysrc_encryption] efuse_blk_key
	[bh_key_iv]  C:\Xilinx\workspace\foobar\foobar.sdk\foobar_puf\bootimage\keys\puf_iv.txt
	[fsbl_config] puf4kmode, shutter = 0x0100005E, opt_key
	[bootloader, destination_cpu=a53-0, encryption = aes, authentication = rsa] C:\Xilinx\workspace\foobar\foobar.sdk\foobar_fsbl\Debug\foobar_fsbl.elf
	[encryption = aes, authentication = rsa, destination_device = pl] C:\Xilinx\workspace\foobar\foobar.sdk\top_level_hw_platform_0\top_level.bit
	[encryption = aes, authentication = rsa, destination_cpu = a53-0] C:\Xilinx\workspace\foobar\foobar.sdk\foobar\Debug\foobar.elf
}

I noticed that the above failure occurs (with bootROM error code 0x80003949) when I do NOT have RSA_EN blown (both the PPK0 efuse hash and BLACK efuse value are programmed). If I program RSA_EN then it boots. I had thought that programming the PPK0 efuse hash and using RSA authentication on the image would be sufficient to enable the PUF KEK to decrypt the BLACK key and decrypt the image, but apparently RSA_EN needs to be set as well.

Is there a more complete list of BootROM error codes somewhere that includes error code 0x39 (or 0x3C, 0x3F, or others missing from Table 11-9 in the current UG1085)?

Take care.

  Jim

0 Kudos
Xilinx Employee
Xilinx Employee
230 Views
Registered: ‎10-11-2011

Re: Unknown ZYNQ MPSoC bootROM error code

Yes RSA_EN must be programmed to enforced authentication OR you can try the attribute bh_auth_enable in the header. See bootgen guide for more details.

Sorry the public error codes are in UG1085 and I don't have any other list I can share.

0 Kudos