We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

Showing results for 
Search instead for 
Did you mean: 
Newbie pietr
Registered: ‎01-05-2018

ZynqMP Device Key Source

There appear to be some inconsistencies in the ZynqMP Technical Reference Manual (UG1085 v1.7) and the ZynqMP Software Developers Guide (UG1137 v5.0) regarding the selection of the Device Key source.


According to the Key Management section in UG1085, the following device key sources are available (see e.g. Table 12-8):

- eFuse red

- eFuse gray (obfuscated)

- eFuse black

- BBRAM red

- Boot header black

- Boot header gray (obfuscated)



However,  the Boot Image Format described in UG1085 (Table 11-4) only lists the following options for device key source selection:

- No key (0x00000000)

- eFuse (0xA5C3C5A3) -> is this red, black or gray?

- eFuse obfuscated (0xA5C3C5A7) -> if terminology is used consistently this is gray

- BBRAM (0x3A5C3C5A) -> this must be red

- Boot header obfuscated (0xA35C7CA5) -> if terminology is used consistently this is gray


Furthermore, the BIF File Parameters table in UG1137 (Table 16-1) lists the following options for device key source selection using the Bootgen tool:

- eFuse red

- eFuse black

- BBRAM red

- Boot header black


None of the documentation sections appear to be consistent with each other. What I suspect is that where Table 11-4 in UG1085 reads "obfuscated" (gray), it should actually read "encrypted" (black). But even with this assumption, the documentation does not describe how to configure an eFuse obfuscated (gray) or Boot header obfuscated (gray) device key.


Can Xilinx please clarify the available options for device key source selection and how to configure these options in the boot header using the Bootgen tool?

0 Kudos
1 Reply
Registered: ‎05-11-2018

Re: ZynqMP Device Key Source

Hello Pietr,

I'd suggest you check out v1.8 of the ZYNQ Ultrascale+ TRM as it has an updated Table 11-4 that defines all of the different encryption options.

Furthermore, you might also want to checkout UG 1283 (Bootgen User Guide) for some sample .bif files that do various things with BLACK/RED/GREY keying configurations. Be careful though as there are bugs in their samples which I was only able to decipher by running bootgen with the "-log trace" option (the SDK's create boot image GUI also has some peculiarities when you load up some of the samples - for example, their BLACK eFuse key .bif file inexplicably created an additional data partition containing the BLACK key IV value when I loaded it into the GUI).  Nothing's ever easy with Xilinx! ;->

Lastly, the bootgen_utility utility ("...allow myself to introduce myself.") in the SDK is also useful for parsing the generated BIN files to see what was generated by bootgen.

Take care and best of luck!


0 Kudos