We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

Showing results for 
Search instead for 
Did you mean: 
Visitor ltn
Registered: ‎09-07-2017

RSA Auth Passed when hash not programmed in eFUSE

I am using SDK2017.2, ZCU102 - ES2, Boot from SD.


I am testing RSA authentication for the partitions in my boot.bin

Following the instructions in UG1209, I created:

 1). fsbl with FSBL_DEBUG_INFO

 2). hello-world application
 3). RSA Keys: pskfile: psk0.pem, sskfile: ssk0.pem, and pskfile: psk1.pem, sskfile: ssk1.pem


Then I created my boot.bin, enabling authentication for my two paritions (fsbl and hello-world application) to use the keys that I created, and **NOT** check the "Use BH Auth".


I expect the boot to fail authentication, since I have not programmed the hash in the eFUSE.  (eFUSE is not programmed at all)

But it passed authentication.  Why did it pass authentication if I did not enable "Use BH Auth", and no hash was programmed in the eFUSEs?


++++++++++++++++++My BIF File ++++++++++++++++++++++++++

//arch = zynqmp; split = false; format = BIN





[auth_params]ppk_select = 0


[bootloader, authentication = rsa]D:\Xilinx1\SDK\2017.2\data\sdk\projects\workspace_current\fsbl_a53\Debug\fsbl_a53.elf

[authentication = rsa, destination_cpu = a53-0]D:\Xilinx1\SDK\2017.2\data\sdk\projects\workspace_current\testapp_a53\Debug\testapp_a53.elf



+++++++++++++++++++My Terra Term Output++++++++++++++++++

Xilinx Zynq MP First Stage Boot Loader
Release 2017.2   Sep 19 2017  -  14:26:33
Reset Mode      :       System Reset
Platform: Silicon (4.0), Cluster ID 0x80000000
Running on A53-0 (64-bit) Processor, Device Name: XCZU9EG
Board Configuration successful
Processor Initialization Done
================= In Stage 2 ============
SD1 with level shifter Boot Mode
SD: rc= 0
File name is BOOT.BIN
Multiboot Reg : 0x0
Image Header Table Offset 0x8C0
*****Image Header Table Details********
Boot Gen Ver: 0x1020000
No of Partitions: 0x2
Partition Header Address: 0x440
Partition Present Device: 0x0
Initialization Success
======= In Stage 3, Partition No:1 =======
UnEncrypted data Length: 0x2812
Data word offset: 0x2812
Total Data word length: 0x2BD0
Destination Load Address: 0x0
Execution Address: 0x0
Data word offset: 0x9EA0
Partition Attributes: 0x8116
Authentication Enabled
Auth: Partition Offset 0, PartitionLen AF40, AcOffset FFFE4AB4, HashLen 30
Doing Partition Sign verification
Partition Verification done
Partition 1 Load Success
All Partitions Loaded
================= In Stage 4 ============
Protection configuration applied
Running Cpu Handoff address: 0x0, Exec State: 0
Exit from FSBL
A53-0: Hello World



0 Kudos
1 Reply
Registered: ‎04-12-2018

Re: RSA Auth Passed when hash not programmed in eFUSE

Did you ever work out why?

0 Kudos