Encryption Flow: Black Key Stored in eFUSE - 2022.1 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
UG1400
Release Date
2022-04-26
Version
2022.1 English

This example shows how to create a boot image with the encryption enabled for FSBL and an application with the efuse_blk_key stored in eFUSE. Authentication is also enabled for FSBL.

the_ROM_image: 
{ 
	[fsbl_config] puf4kmode, shutter=0x0100005E
	[auth_params] ppk_select=0; spk_id=0x5
	[pskfile] primary_4096.pem
	[sskfile] secondary_4096.pem
	[keysrc_encryption] efuse_blk_key 
	[bh_key_iv] bhkeyiv.txt
	[
	  bootloader,
	  encryption=aes,
	  aeskeyfile=aes0.nky,
	  authentication=rsa
	] fsbl.elf 
}
Note: Boot image authentication is compulsory for using black key encryption.