Encryption Flow: Black Key Stored in Boot Header - 2021.2 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
UG1400
Release Date
2021-12-15
Version
2021.2 English

This example shows how to create a boot image with encryption enabled for FSBL and the application with the bh_blk_key stored in the Boot Header. Authentication is also enabled for FSBL.

the_ROM_image: 
{ 
	[pskfile] PSK.pem
	[sskfile] SSK.pem
	[fsbl_config] shutter=0x0100005E
	[auth_params] ppk_select=0
	[bh_keyfile] blackkey.txt
	[bh_key_iv] black_key_iv.txt
	[puf_file]helperdata4k.txt
	[keysrc_encryption] bh_blk_key 
	[
	  bootloader,
	  encryption=aes,
	  aeskeyfile=aes0.nky,
	  authentication=rsa,
	  destination_cpu=a53-0
	] ZynqMP_Fsbl.elf 

	[
	  destination_cpu = a53-0,
	  encryption=aes,
	  aeskeyfile=aes1.nky
	] App_A53_0.elf 
}
Note: Boot image Authentication is required when using black key Encryption.