We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

Showing results for 
Search instead for 
Did you mean: 
Visitor anotter
Registered: ‎09-08-2015

Usage of an HSM for signing boot images



In ug1025-zynq-secure-boot-gsg.pdf it is written that a Hardware Security Module (HSM) can be used to sign partitions of a boot image:

The Infosec staff may use a Hardware Security Module (HSM) for digital signatures and a separate secure server for encryption. The HSM and secure server typically reside in a secure area. The HSM is a secure key/signature generation device which generates private keys, encrypts partitions using the private key, and provides the public part of the RSA key to Bootgen.


Instead of providing the secret key to the bootgen tool (which would then be used to sign the partitions), the signatures are given to the bootgen tool.


Has anyone ever tried to do this with a Hardware Security Module (HSM)?

If yes, what HSM was used?

Would it be possible to use an Gemalto iKey 4000?



Tags (4)
0 Kudos