Enhanced RSA Key Revocation Support - 2021.2 English

Zynq UltraScale+ MPSoC Software Developer Guide

Document ID
UG1137
Release Date
2021-10-27
Version
2021.2 English

The RSA key provides the ability to revoke the secondary keys of one partition without revoking them for all partitions.

Note: Primary key should be the same across all partitions.

This is achieved by using USER_FUSE0 to USER_FUSE7 eFuses (one can revoke up to 256 keys, if all are not required for their usage) with the new BIF parameter spk_select.

The following BIF file sample shows enhanced user fuse revocation:

Image header and FSBL uses different SSK's for authentication (ssk1.pem and ssk2.pem respectively) with the following bif input.

the_ROM_image: {
[auth_params]ppk_select = 0
[pskfile]psk.pem
[sskfile]ssk1.pem
[bootloader, authentication = rsa, spk_select = spk-efuse, spk_id = x00000001, sskfile = ssk2.pem]zynqmp_fsbl.elf
[destination_cpu =a53-0, authentication = rsa, spk_select = user-efuse,spk_id = 0x1, sskfile = ssk3.pem]Application1.elf
[destination_cpu =a53-0, authentication = rsa, spk_select = spk-efuse, spk_id = 0x00000001, sskfile = ssk4.pem]Application2.elf
}

Same SSK will be used for both Image header and FSBL (ssk2.pem), if separate SSK is not mentioned.

the_ROM_image: {
[auth_params]ppk_select = 0 [pskfile]psk.pem
[bootloader, authentication = rsa, spk_select = spk-efuse, spk_id = 0x00000001, sskfile = ssk2.pem]zynqmp_fsbl.elf
[destination_cpu =a53-0, authentication = rsa, spk_select = user-efuse, spk_id = 1, sskfile = ssk3.pem]Application1.elf
[destination_cpu =a53-0, authentication = rsa, spk_select = spk-efuse, spk_id = 0x00000001, sskfile = ssk4.pem]Application2.elf
}

spk_select = spk-efuse indicates that spk_id eFuse will be used for that partition.

spk_select = user-efuse indicates that user eFuse will be used for that partition. Partitions loaded by CSU ROM will always use spk_efuse.

Note: The spk_id eFuse specifies which key is valid. Hence, the ROM checks the entire field of spk_id eFuse against the SPK ID to make sure it is a bit for bit match.

Valid range of spk_id for spk_select user-efuse is 0x1 to 0x100 (in decimal 1 to 256). The user eFuse specifies which key ID is not valid (has been revoked). Hence, the firmware (non-ROM) checks to see if a given user eFuse that represents the SPK ID has been programmed.