cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Observer
Observer
535 Views
Registered: ‎11-05-2018

Apparent contradiction between Xilinx documents ug1209 and xapp1333 regarding PUF and RSA authentication in boot header

Jump to solution

Page 2 of xapp1333(https://www.xilinx.com/content/dam/xilinx/support/documentation/application_notes/xapp1333-external-storage-puf.pdf) says "The RSA authentication settings cannot be stored in the boot header when using the PUF to encrypt and decrypt user data."

However...

Page 116 of ug1209(https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_3/ug1209-embedded-design-tutorial.pdf) seems to do just that. `[keysrc_encryption]` is set to `bh_blk_key` while `bh_auth_enable` is set in `[fsbl_config]`


I'm inclined to believe the first document, because I was unable to get black key encryption to work with `bh_auth_enable` 

Though, looking more closely, the first document says authentication settings. But what are these settings? 

Can somebody clarify the meaning of the first document and correct my understanding?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Xilinx Employee
Xilinx Employee
424 Views
Registered: ‎08-03-2018

The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:

XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH

Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.

View solution in original post

0 Kudos
1 Reply
Highlighted
Xilinx Employee
Xilinx Employee
425 Views
Registered: ‎08-03-2018

The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:

XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH

Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.

View solution in original post

0 Kudos