Black/PUF Keys - 2020.2 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2020-12-15
Version
2020.2 English

The black key storage solution uses a cryptographically strong key encryption key (KEK), which is generated from a PUF, to encrypt the user key. The resulting black key can then be stored either in the eFUSE or as a part of the authenticated boot header. Example:

test:
{
  bh_kek_iv = black_iv.txt
  bh_keyfile = black_key.txt
  puf_file = pufdata.txt
  boot_config {puf4kmode}
  image
  { 
    {type=bootloader, encryption = aes, keysrc=bh_blk_key, pufhd_bh, aeskeyfile = red_grey.nky, file=plm.elf}
    {type=pmcdata,load=0xf2000000, aeskeyfile = pmcdata.nky, file=pmc_data.cdo}
    {core=psm, file=psm.elf}
    {type=cdo, file=ps_data.cdo}
    {type=cdo, file=subsystem.cdo}
    {core=a72-0, exception_level = el-3, file=hello_world.elf}
  }
}