UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
199 Views
Registered: ‎11-05-2018

Apparent contradiction between Xilinx documents ug1209 and xapp1333 regarding PUF and RSA authentication in boot header

Jump to solution

Page 2 of xapp1333(https://www.xilinx.com/content/dam/xilinx/support/documentation/application_notes/xapp1333-external-storage-puf.pdf) says "The RSA authentication settings cannot be stored in the boot header when using the PUF to encrypt and decrypt user data."

However...

Page 116 of ug1209(https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_3/ug1209-embedded-design-tutorial.pdf) seems to do just that. `[keysrc_encryption]` is set to `bh_blk_key` while `bh_auth_enable` is set in `[fsbl_config]`


I'm inclined to believe the first document, because I was unable to get black key encryption to work with `bh_auth_enable` 

Though, looking more closely, the first document says authentication settings. But what are these settings? 

Can somebody clarify the meaning of the first document and correct my understanding?

0 Kudos
1 Solution

Accepted Solutions
Xilinx Employee
Xilinx Employee
88 Views
Registered: ‎08-03-2018

Re: Apparent contradiction between Xilinx documents ug1209 and xapp1333 regarding PUF and RSA authentication in boot header

Jump to solution

The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:

XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH

Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.

0 Kudos
1 Reply
Xilinx Employee
Xilinx Employee
89 Views
Registered: ‎08-03-2018

Re: Apparent contradiction between Xilinx documents ug1209 and xapp1333 regarding PUF and RSA authentication in boot header

Jump to solution

The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:

XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH

Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.

0 Kudos