cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Visitor
Visitor
197 Views
Registered: ‎11-06-2018

Zynq ZC706 EVK secure boot

Jump to solution

Hello all,

I have been working on zc706evk secure boot. I am running bare-metal software and so far I have been able to securely boot my software from QSPI with AES key programmed in the BBRAM. The next step obviously is to program the eFUSE array for production. But before I move to program eFUSE array, I want to ask a few questions:

1) I programmed BBRAM using Vivado. Can I use Xilinx secure key driver to program BBRAM?

2) Is there a Xilinx secure key driver example application available for zc706evk?

3) After storing AES keys in BBRAM, I was still able to boot non-secure images. Would I be able to do so after eFUSE programming as well?

4) After eFUSE programming, would the JTAG boot mode work? Just want to confirm if my board will be available for development using JTAG.

Thank you very much and BR,
Umair

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Moderator
Moderator
92 Views
Registered: ‎10-30-2017

Re: Zynq ZC706 EVK secure boot

Jump to solution

Hi @umair_khan 

1. If you are booting with a non secure image the JTAG is available even the eFUSE are blown. 

2. Yes, if you set boot mode to JTAG, then there is no need to configure any register, JTAG available directly.


Best Regards,
Srikanth
----------------------------------------------------------------------------------------------
Kindly note- Please mark the Answer as "Accept as solution" if information provided is helpful.

Give Kudos to a post which you think is helpful and reply oriented.

View solution in original post

4 Replies
Highlighted
Moderator
Moderator
127 Views
Registered: ‎10-30-2017

Re: Zynq ZC706 EVK secure boot

Jump to solution

Hi @umair_khan ,

Please check my inline answers:

1) I programmed BBRAM using Vivado. Can I use Xilinx secure key driver to program BBRAM?

Srikanth: Yes, you can use Xilskey driver to program the BBRAM, refer this:https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilskey/examples/xilskey_bbram_example.c

2) Is there a Xilinx secure key driver example application available for zc706evk?

Srikanth: Yes, please check here: https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilskey

3) After storing AES keys in BBRAM, I was still able to boot non-secure images. Would I be able to do so after eFUSE programming as well?

Srikanth: Yes, you can do non-secure boot even after programming the BBRAM. Yes, for eFUSE also but you should not program XSK_EFUSEPL_FORCE_USE_AES_ONLY efuse.

4) After eFUSE programming, would the JTAG boot mode work? Just want to confirm if my board will be available for development using JTAG.

Srikanth: yes, still you can use the JTAG but need to configure some registers, please refer it: https://www.xilinx.com/support/answers/64275.html


Best Regards,
Srikanth
----------------------------------------------------------------------------------------------
Kindly note- Please mark the Answer as "Accept as solution" if information provided is helpful.

Give Kudos to a post which you think is helpful and reply oriented.

Highlighted
Visitor
Visitor
97 Views
Registered: ‎11-06-2018

Re: Zynq ZC706 EVK secure boot

Jump to solution

Hi Srikanth,

Thank you. I appreciate the brief and to the point answers. However, I need some clarification regarding answer 4. Please find my additional questions below:

4.1) I believe the JTAG is disabled, by default, only when the image being booted is AES signed or, in other words, secure. What if I boot non-secure image with eFUSEs blown as I described in question 3? Will JTAG still be disabled upon boot up?

4.2) And what if I change boot mode to JTAG? I believe in this scenario, there won't be any need to configure those registers, that you referred to in your answer, and JTAG will be usable right after power-up. Can you please confirm if this understanding is correct?

Thanks and BR,
Umair Khan

0 Kudos
Highlighted
Moderator
Moderator
93 Views
Registered: ‎10-30-2017

Re: Zynq ZC706 EVK secure boot

Jump to solution

Hi @umair_khan 

1. If you are booting with a non secure image the JTAG is available even the eFUSE are blown. 

2. Yes, if you set boot mode to JTAG, then there is no need to configure any register, JTAG available directly.


Best Regards,
Srikanth
----------------------------------------------------------------------------------------------
Kindly note- Please mark the Answer as "Accept as solution" if information provided is helpful.

Give Kudos to a post which you think is helpful and reply oriented.

View solution in original post

Highlighted
Visitor
Visitor
85 Views
Registered: ‎11-06-2018

Re: Zynq ZC706 EVK secure boot

Jump to solution

Thanks for the quick response. This answered my question.

Thanks and BR,
Umair Khan

0 Kudos