cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
liwenz
Explorer
Explorer
1,549 Views
Registered: ‎10-09-2017

bootgen always stop working

Jump to solution

I follow the xapp1175_zynq_secure_boot.pdf page 29

My pc is windows7 and vivado 2015.4

the command is  bootgen -image generate_aeskey.bif -o temp.mcs -encrypt bbram
 It tells me to have -p, "Partname must be specified with -p ..."

I change command to :

bootgen -image generate_aeskey.bif -o temp.mcs -encrypt bbram  -p xc7z010

It shows bootgen stop working 

I change to -p xc7z010clg400  and lots of trying, but always stop working

I have tried for 3 days and the gui way in sdk.  

Who could help me ? or tell me other way to get bbram.nky

 

0 Kudos
1 Solution

Accepted Solutions
pmallad
Xilinx Employee
Xilinx Employee
1,839 Views
Registered: ‎01-15-2014

This issue of generating an AES key file and then encrypting using the same key got fixed in 2016.1 release. Can you please upgrade to new version of Bootgen and try.

If you are bound to continue using 2015.4 only, you can give your own nky file and use 2015.4 Bootgen.

Alternatively, you can use Bootgen from 2016.1 release to generate nky file and use it with 2015.4 Bootgen.

 

Here are the steps:

1. Generate bbram.nky file using 2016.1 Bootgen

Xilinx/SDK/2016.1/bin/bootgen -image generate_aeskey.bif -o temp.mcs -encrypt bbram -p xc7z010

 

2. Now use 2015.4 Bootgen to create the boot images - temp.mcs will be overwritten

Xilinx/SDK/2015.4/bin/bootgen -image generate_aeskey.bif -w -o temp.mcs -encrypt bbram -p xc7z010

View solution in original post

5 Replies
liwenz
Explorer
Explorer
1,493 Views
Registered: ‎10-09-2017

I also tried on linux, but also failed. Now I am blocked at step 10 on page 29 of xapp1175.

I attach the result:

linuxbootgen.png
0 Kudos
pmallad
Xilinx Employee
Xilinx Employee
1,840 Views
Registered: ‎01-15-2014

This issue of generating an AES key file and then encrypting using the same key got fixed in 2016.1 release. Can you please upgrade to new version of Bootgen and try.

If you are bound to continue using 2015.4 only, you can give your own nky file and use 2015.4 Bootgen.

Alternatively, you can use Bootgen from 2016.1 release to generate nky file and use it with 2015.4 Bootgen.

 

Here are the steps:

1. Generate bbram.nky file using 2016.1 Bootgen

Xilinx/SDK/2016.1/bin/bootgen -image generate_aeskey.bif -o temp.mcs -encrypt bbram -p xc7z010

 

2. Now use 2015.4 Bootgen to create the boot images - temp.mcs will be overwritten

Xilinx/SDK/2015.4/bin/bootgen -image generate_aeskey.bif -w -o temp.mcs -encrypt bbram -p xc7z010

View solution in original post

liwenz
Explorer
Explorer
1,426 Views
Registered: ‎10-09-2017

Thanks for your reply.

I check the page 62 of ug821-zynq-7000-swdev.pdf

 

-encrypt [bbram | efuse] [StartCBC=] [Key0=] [HMAC=] [[.nky]] Specifies how to do encryption. Arguments in italics are not recommended for new designs, as the key information is now specified in the BIF file, as follows: °

Key0: Is a Hexidecimal string that allows AES key to be specified. Allowed characters are: 1-9, A, a, B, b, C, c, D, d, E, e, F, f.  StartCBC: Is a hexidecimal string that allows the initial vector to be specified. Allowed characters are: 1-9, A, a, B, b, C,c, D, d, E, e, F, f. 

HMAC: Is a hexidecimal string that allows the specification of the HMAC key. Allowed characters are: 1-9, A, a, B, b, C, c, D, d, E, e, F, f.

I think I could make the .nky myself.

I wonder if there is a rule for string lenth. For example, the lenth for key0 and HMAC is 64 and startCBC is 32.

 

key file (not the real key)

Device       xc7z020;
Key 0        4873D45DAA2773FFE37E54A3AAA286D6A64355E0EE568539AAA453C73CCD4AC0;
Key StartCBC 1B0A2E6B4202AAAAD7955E5CB2558247;
Key HMAC     5103B5259082CAAAAAA8B263B395D20BCEE1B2E6F14BEF10E2D24EDD3204F1;

0 Kudos
pmallad
Xilinx Employee
Xilinx Employee
1,414 Views
Registered: ‎01-15-2014

You are right. The lengths are fixed.

Key 0 & Key HMAC  are 256-bit values, so the length of the key string in key file would be 64 characters. Similarly Key CBC is 128-bit value, which is represented by 32 characters in the key file.

0 Kudos
liwenz
Explorer
Explorer
1,355 Views
Registered: ‎10-09-2017

Thanks, but I do not know how to give you a kudo, even I do not know how to mark my post .

I have to search to come here every time. I'm a new one in forums.

0 Kudos