Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dagan.martinez
Observer
Observer

‎01-17-2019 06:05 AM

725 Views
Registered: ‎11-05-2018

Apparent contradiction between Xilinx documents ug1209 and xapp1333 regarding PUF and RSA authentication in boot header

Jump to solution

Page 2 of xapp1333(https://www.xilinx.com/content/dam/xilinx/support/documentation/application_notes/xapp1333-external-storage-puf.pdf) says "The RSA authentication settings cannot be stored in the boot header when using the PUF to encrypt and decrypt user data."

However...

Page 116 of ug1209(https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_3/ug1209-embedded-design-tutorial.pdf) seems to do just that. `[keysrc_encryption]` is set to `bh_blk_key` while `bh_auth_enable` is set in `[fsbl_config]`


I'm inclined to believe the first document, because I was unable to get black key encryption to work with `bh_auth_enable` 

Though, looking more closely, the first document says authentication settings. But what are these settings? 

Can somebody clarify the meaning of the first document and correct my understanding?

0 Kudos
1 Solution

Accepted Solutions
nmenhorn
Xilinx Employee
Xilinx Employee

‎02-25-2019 03:04 PM

614 Views
Registered: ‎08-03-2018

Jump to solution

The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:

XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH

Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.

View solution in original post

0 Kudos
1 Reply
nmenhorn
Xilinx Employee
Xilinx Employee

‎02-25-2019 03:04 PM

615 Views
Registered: ‎08-03-2018

Jump to solution

The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:

XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH

Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.

View solution in original post

0 Kudos