UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Adventurer
Adventurer
559 Views
Registered: ‎02-12-2016

Authentication at U-boot - clarification

Jump to solution

What is the difference between authentication and decryption at u-boot, compared with standard secure boot? I.e. how is U-boot auth+decr similar/different from using the CSU on the complete image file as specified in the rom_image bif file?

1. Authentication and decryption at u-boot

2. Zynq UltraScale+ MPSoC: Embedded Design Tutorial - CH.5/Secure Boot Sequence page 101.

Example from 2:

the_ROM_image:
{
[pskfile]psk0.pem
[sskfile]ssk0.pem
[auth_params]spk_id = 0; ppk_select = 0
[fsbl_config]a53_x64
[bootloader, authentication = rsa]fsbl_a53.elf
[destination_cpu = pmu, authentication = rsa]pmu_fw.elf
Send Feedback
Zynq UltraScale+ MPSoC: Embedded Design Tutorial 110
UG1209 (v2018.2) July 31, 2018 www.xilinx.com
Chapter 5: Boot and Configuration
[destination_device = pl, authentication = rsa]edt_zcu102_wrapper.bit
[destination_cpu = a53-0, exception_level = el-3, trustzone, authentication =
rsa]bl31.elf
[destination_cpu = r5-0, authentication = rsa]tmr_psled_r5.elf
[destination_cpu = a53-0, exception_level = el-2, authentication = rsa]u-boot.elf
[load = 0x1000000, destination_cpu = a53-0, authentication = rsa]image.ub

Any clarification is very much appreciated, thanks!

0 Kudos
1 Solution

Accepted Solutions
Xilinx Employee
Xilinx Employee
528 Views
Registered: ‎02-01-2008

Re: Authentication at U-boot - clarification

Jump to solution

By using uboot to download PL and/or image.ub (or the pieces within image.ub separately), the location of these files can be pulled from a different media that is not supported by the CSU. For example scsi, tftp, ext4, different partitions, etc.

And uboot can me customized to select between multiple PL downloads or multiple image.ub files.

And to be a bit more specific, the CSU looks after loading FSBL from the boot device. Once the FSBL is loaded and running, FSBL is responsible for parsing the rest of the partitions in BOOT.BIN. If BOOT.BIN was located on SD, FSBL only knows how to read FAT file systems. But UBOOT knows many more file systems.

0 Kudos
1 Reply
Xilinx Employee
Xilinx Employee
529 Views
Registered: ‎02-01-2008

Re: Authentication at U-boot - clarification

Jump to solution

By using uboot to download PL and/or image.ub (or the pieces within image.ub separately), the location of these files can be pulled from a different media that is not supported by the CSU. For example scsi, tftp, ext4, different partitions, etc.

And uboot can me customized to select between multiple PL downloads or multiple image.ub files.

And to be a bit more specific, the CSU looks after loading FSBL from the boot device. Once the FSBL is loaded and running, FSBL is responsible for parsing the rest of the partitions in BOOT.BIN. If BOOT.BIN was located on SD, FSBL only knows how to read FAT file systems. But UBOOT knows many more file systems.

0 Kudos