cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Observer
Observer
4,042 Views
Registered: ‎11-14-2016

Reading RSA Hash From PS eFUSE

Jump to solution

I asked this as a followup in this thread, but I'm guessing that no one will see it because it's marked as answered.

 

Is there any way for the Zynq itself to read the RSA PPK Hash from its PS eFUSE array? 

 

I'd like for our system to support firmware updates from an untrusted source such as an Ethernet network. It would be great if an application validate an image received over the network using the same algorithm as the BootROM. I understand that there's nothing unsafe about writing an invalid image into flash, but the whole update process becomes more complex and less user-friendly if the only validation mechanism is rebooting the system. 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Scholar
Scholar
7,133 Views
Registered: ‎02-27-2008

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Correct,

 

I haven't performed an exhaustive search on-line, but you are most likely correct.

 

If you have any difficulty, let me know, as I have access to internal documents that can be checked.  The team that designed it is also nearby, so they are available if required.

 

As these features were added by Xilinx, and are not part of the ARM IP licenses for the PS, it is something we did, and documented in the user's guide.  We prefer to place this sort of information in one document, so it may be maintained without confusion.

Austin Lesea
Principal Engineer
Xilinx San Jose

View solution in original post

0 Kudos
7 Replies
Highlighted
Scholar
Scholar
4,034 Views
Registered: ‎02-27-2008

Re: Reading RSA Hash From PS eFUSE

Jump to solution

"...if it is already programmed, the xilskey_efuse_example.c file can be edited to only read the hash of the PPK"

 

UG1025

Austin Lesea
Principal Engineer
Xilinx San Jose
0 Kudos
Highlighted
Observer
Observer
4,030 Views
Registered: ‎11-14-2016

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Thanks Austin. Looking through the LibXil SKey docs/source is definitely helping. 

 

Is there any detailed documentation for the PS eFUSE registers? Looking through the source, there's a bunch of functionality (PS eFUSE control register?) that I don't see documented in the Zynq TRM. 

0 Kudos
Highlighted
Scholar
Scholar
4,024 Views
Registered: ‎02-27-2008

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Just the documents I referenced,

 

 

Austin Lesea
Principal Engineer
Xilinx San Jose
0 Kudos
Highlighted
Observer
Observer
4,009 Views
Registered: ‎11-14-2016

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Okay, so just to confirm...

 

in xilskey_eps.c, there's a function, XilSKey_EfusePs_Read(), which:

 

  1. Initializes some timer
  2. Initializes the XADC
  3. Unlocks the eFUSE controller
  4. Configures the eFUSE controller
  5. Enables eFUSE reading
  6. Reads the eFUSE register
  7. Disables eFUSE reading
  8. Locks the eFUSE controller

Is there no documentation for why this is necessary and what it actually does? I have documentation for tools (UG1025, UG1191) and for the Zynq itself (UG585), but I don't think either of them cover anything from these steps. Sure, UG1191 tells you that LibXil SKey performs those steps, but it doesn't provide them with any context.

 

Let's say I want to read the PS eFUSE from a Linux application. If I port in some code in from the libskey project, how can I be confident that the code will work? I can assume that all of the register definitions in the project are correct and that everything will work in my use-case, but I'm not very comfortable with this if there's no hardware documentation backing it up.

0 Kudos
Highlighted
Scholar
Scholar
4,007 Views
Registered: ‎02-27-2008

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Those steps pertaining to the efuses are required.

 

It was what we used to characterize the part (prove it works).

 

 

Austin Lesea
Principal Engineer
Xilinx San Jose
0 Kudos
Highlighted
Observer
Observer
4,005 Views
Registered: ‎11-14-2016

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Okay. Before closing this I want to give an example to make sure I'm following you.

 

In that xilskey project, there is a header file, xilskey_epshw.h. In it, there are a variety of register definitions pertaining to the eFUSE. Here's a snippet:

 

/**< XSK_EFUSEPS_STATUS_REG (Status Register)*/
/** Status Register containing BISR Controller status, trim value,
*  and security debug info.
*/

/**
 *  Build in self test finished at boot time
 */
#define XSK_EFUSEPS_STATUS_BISR_DONE		(0x80000000)
/**
 *  Build in self test finished successfully
 */
#define XSK_EFUSEPS_STATUS_BISR_GO			(0x40000000)
/**
 *  eFuse box is blank, i.e., not yet been written to, if set
 */
#define XSK_EFUSEPS_STATUS_BISR_BLANK		(0x00100000)
/** Security debug status, with authentication
*  0  security debug enabled
*  1  security debug disabled
*/
#define XSK_EFUSEPS_STATUS_SDEBUG_DIS		(0x00010000)
/** eFuse write protection, if either bit is set,
 * writes to the eFuse box are disabled
 */
#define XSK_EFUSEPS_STATUS_WR_PROTECT		(0x00003000)
/**
 *  Analog trim value
 */
#define XSK_EFUSEPS_STATUS_TRIM			(0x000000FC)


/**
 *  XSK_EFUSEPS_CONTROL_REG (Control register for eFuse program,
 *  read and write control)
 *  eFuse ps control, enable programming if set.
 */
#define XSK_EFUSEPS_CONTROL_PS_EN		(0x00000010)
/**
 *  eFuse write disable, if set.
 */
#define XSK_EFUSEPS_CONTROL_WR_DIS		(0x00000002)
/**
 *  eFuse read disable, if set
 */
#define XSK_EFUSEPS_CONTROL_RD_DIS		(0x00000001)

If I'm understanding you correctly, these definitions are not documented anywhere outside of this code snippet. This code snippet is the documentation. 

 

Is that correct?

0 Kudos
Highlighted
Scholar
Scholar
7,134 Views
Registered: ‎02-27-2008

Re: Reading RSA Hash From PS eFUSE

Jump to solution

Correct,

 

I haven't performed an exhaustive search on-line, but you are most likely correct.

 

If you have any difficulty, let me know, as I have access to internal documents that can be checked.  The team that designed it is also nearby, so they are available if required.

 

As these features were added by Xilinx, and are not part of the ARM IP licenses for the PS, it is something we did, and documented in the user's guide.  We prefer to place this sort of information in one document, so it may be maintained without confusion.

Austin Lesea
Principal Engineer
Xilinx San Jose

View solution in original post

0 Kudos