01-17-2019 06:05 AM
Page 2 of xapp1333(https://www.xilinx.com/content/dam/xilinx/support/documentation/application_notes/xapp1333-external-storage-puf.pdf) says "The RSA authentication settings cannot be stored in the boot header when using the PUF to encrypt and decrypt user data."
However...
Page 116 of ug1209(https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_3/ug1209-embedded-design-tutorial.pdf) seems to do just that. `[keysrc_encryption]` is set to `bh_blk_key` while `bh_auth_enable` is set in `[fsbl_config]`
I'm inclined to believe the first document, because I was unable to get black key encryption to work with `bh_auth_enable`
Though, looking more closely, the first document says authentication settings. But what are these settings?
Can somebody clarify the meaning of the first document and correct my understanding?
02-25-2019 03:04 PM
The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:
XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH
Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.
02-25-2019 03:04 PM
The RSA settings referred to in XAPP1333 are referring to the RSA eFUSE settings and are required in order to use the PUF in the way the application note describes. The settings are described in the RSA eFUSE Configuration section of the document and refer to:
XSK_EFUSEPS_RSA_ENABLE, XSK_EFUSEPS_PPK0_WR_LOCK, XSK_EFUSEPS_WRITE_PPK0_HASH, and XSK_EFUSEPS_PPK0_HASH
Keep in mind the application note only programs and uses PPK0. However, it is highly recommended to also program the eFUSEs associated with PPK1 for security reasons.