UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Visitor ltn
Visitor
781 Views
Registered: ‎09-07-2017

RSA Auth Passed when hash not programmed in eFUSE

I am using SDK2017.2, ZCU102 - ES2, Boot from SD.

 

I am testing RSA authentication for the partitions in my boot.bin

Following the instructions in UG1209, I created:

 1). fsbl with FSBL_DEBUG_INFO

 2). hello-world application
 3). RSA Keys: pskfile: psk0.pem, sskfile: ssk0.pem, and pskfile: psk1.pem, sskfile: ssk1.pem

 

Then I created my boot.bin, enabling authentication for my two paritions (fsbl and hello-world application) to use the keys that I created, and **NOT** check the "Use BH Auth".

 

I expect the boot to fail authentication, since I have not programmed the hash in the eFUSE.  (eFUSE is not programmed at all)

But it passed authentication.  Why did it pass authentication if I did not enable "Use BH Auth", and no hash was programmed in the eFUSEs?

 

++++++++++++++++++My BIF File ++++++++++++++++++++++++++

//arch = zynqmp; split = false; format = BIN

the_ROM_image:

{

[pskfile]D:\Xilinx1\SDK\2017.2\data\sdk\projects\keys\psk1.pem

[sskfile]D:\Xilinx1\SDK\2017.2\data\sdk\projects\keys\ssk1.pem

[auth_params]ppk_select = 0

[fsbl_config]a53_x64

[bootloader, authentication = rsa]D:\Xilinx1\SDK\2017.2\data\sdk\projects\workspace_current\fsbl_a53\Debug\fsbl_a53.elf

[authentication = rsa, destination_cpu = a53-0]D:\Xilinx1\SDK\2017.2\data\sdk\projects\workspace_current\testapp_a53\Debug\testapp_a53.elf

}

 

+++++++++++++++++++My Terra Term Output++++++++++++++++++

Xilinx Zynq MP First Stage Boot Loader
Release 2017.2   Sep 19 2017  -  14:26:33
Reset Mode      :       System Reset
Platform: Silicon (4.0), Cluster ID 0x80000000
Running on A53-0 (64-bit) Processor, Device Name: XCZU9EG
Board Configuration successful
Processor Initialization Done
================= In Stage 2 ============
SD1 with level shifter Boot Mode
SD: rc= 0
File name is BOOT.BIN
Multiboot Reg : 0x0
Image Header Table Offset 0x8C0
*****Image Header Table Details********
Boot Gen Ver: 0x1020000
No of Partitions: 0x2
Partition Header Address: 0x440
Partition Present Device: 0x0
Initialization Success
======= In Stage 3, Partition No:1 =======
UnEncrypted data Length: 0x2812
Data word offset: 0x2812
Total Data word length: 0x2BD0
Destination Load Address: 0x0
Execution Address: 0x0
Data word offset: 0x9EA0
Partition Attributes: 0x8116
Authentication Enabled
Auth: Partition Offset 0, PartitionLen AF40, AcOffset FFFE4AB4, HashLen 30
Doing Partition Sign verification
Partition Verification done
Partition 1 Load Success
All Partitions Loaded
================= In Stage 4 ============
Protection configuration applied
Running Cpu Handoff address: 0x0, Exec State: 0
Exit from FSBL
A53-0: Hello World

 

 

0 Kudos
1 Reply
556 Views
Registered: ‎04-12-2018

Re: RSA Auth Passed when hash not programmed in eFUSE

Did you ever work out why?

0 Kudos