cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Visitor
Visitor
1,905 Views
Registered: ‎05-15-2017

Decode encrypted bistream problem

Hello,

Two weeks ago, i started to encrypt my bitstream and load it in my fpga (Zynq).

In the beggining, i used an u-boot 2015.2 but i had "DMA timeout error". I saw in u-boot-xlnx github history that some fix have been add for this tools. So I download a latter version (2016.4) for use "zynqaes load" command. After installation of Petalinux 2016.4 i generated an u-boot for my custom board. U-boot starts well but the zynqaes command do nothing (no error, no fpga done led on).

I added "#define DEBUG" in my platform_top.h to enable DEBUG for u-boot but when I do this, u-boot print nothing (i have only the end print of my FSBL). So I patched zynqpl.c file in petalinux to replace all debug print to printf function.I join you a log file of my serial console.

So it transfers some datas to 0xFFFFFFFF. I don't find some information about the signification of this address. I read u-boot source and don't understand how it can load the fpga bitstream after the transfer (no dma_align or validate bitstream function like fpga_load).

Do you have some information about the <srclen> parameter ? Because for the moment, i send the totally partition, maybe it's bigger and should be just the bitstream file size (for HMAC error) but my PCFG_HMAC_ERR_INT flag is low.

Do I something wrong with this part ?

------------------------------------------------------------------------------------------------------------------------------

I tried two ways to encrypt my bitstream :
             _ first with vivado and this option in my constraint file :

set_property BITSTREAM.ENCRYPTION.ENCRYPT YES [current_design]
set_property BITSTREAM.ENCRYPTION.ENCRYPTKEYSELECT eFUSE [current_design] 
set_property BITSTREAM.ENCRYPTION.KEY0 256'hXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [current_design]
set_property BITSTREAM.ENCRYPTION.STARTCBC 32'hXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [current_design]

            _second without the previous option but encrypt with bootgen in sdk. I create a single partition with only my un-encrypt bitstream. I check encryption cases ("Use encryption" and encryption : "none" -> "aes").

Do I something wrong with this other part ?

Thanks for help.

Regards,
Guillaume BLOINO.

0 Kudos
0 Replies