cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor
Contributor
468 Views
Registered: ‎04-03-2018

zynqmp secure command

Jump to solution

I am trying to get a feeling how "zynqmp secure" uboot command works to authenticate image.

I created an auth image via bootgen bif and gave it a go. The uboot came back to me with:

###############

Failed: secure op status:0x11

###############

which I think is XSECURE_ONLY_BHDR_AUTH_ALLOWED... Ok.. I have no efuses burned but since I am manually loading image from uboot prompt, I am not doing with fsbl so I dont THINK I need eFuses. My bif file is somewhat simple.. based on bootgen doc:

data_img:
{
[auth_params] ppk_select = 0;spk_id=0
[pskfile] psk0.pem
[sskfile] ssk0.pem
[destination_cpu=a53-0,authentication=rsa] system.dtb
}

I wonder what do I need to add here to get an image which can get authenticated from "zynqmp secure" ?

 

Thanks

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Contributor
Contributor
427 Views
Registered: ‎04-03-2018

Re: zynqmp secure command

Jump to solution
ok.. I think I figured it out .. needed:

[fsbl_config] bh_auth_enable

since I have no efuses programmed ...I thought I did not needed since I was not under fsbl boot sequence ...

View solution in original post

3 Replies
Highlighted
Contributor
Contributor
428 Views
Registered: ‎04-03-2018

Re: zynqmp secure command

Jump to solution
ok.. I think I figured it out .. needed:

[fsbl_config] bh_auth_enable

since I have no efuses programmed ...I thought I did not needed since I was not under fsbl boot sequence ...

View solution in original post

Visitor
Visitor
193 Views
Registered: ‎09-19-2018

Re: zynqmp secure command

Jump to solution

Hi, BTW, how did you figure out status:0x11 means XSECURE_ONLY_BHDR_AUTH_ALLOWED? Where did you find that information?

Thanks a lot!

0 Kudos
Highlighted
Contributor
Contributor
127 Views
Registered: ‎04-03-2018

Re: zynqmp secure command

Jump to solution

#define XSECURE_ONLY_BHDR_AUTH_ALLOWED 0x11

 

in xsecure.h

0 Kudos