Zynq®-7000 SoC devices use the embedded, Progammable Logic (PL), hash-based message authentication code (HMAC) and an advanced encryption standard (AES) module with a cipher block chaining (CBC) mode.
Example BIF File
To create a boot image with encrypted partitions, the AES key file is
specified in the BIF using the aeskeyfile attribute. Specify an
encryption=aes attribute for each image file listed in the BIF file to be encrypted. The example BIF file
(secure.bif) is shown
the command line, use the following command to generate a boot image with encrypted
fsbl.elf and uboot.elf.
[bootloader, encryption=aes] fsbl.elf
bootgen -arch zynq -image secure.bif -w -o BOOT.bin
Bootgen can generate AES-CBC keys. Bootgen uses the AES key file specified in the BIF for encrypting the partitions. If the key file is empty or non-existent, Bootgen generates the keys in the file specified in the BIF file. If the key file is not specified in the BIF, and encryption is requested for any of the partitions, then Bootgen generates a key file with the name of the BIF file with extension .nky in the same directory as of BIF. The following is a sample key file.