Key Revocation - 2023.2 English

Versal Adaptive SoC System Software Developers Guide (UG1304)

Document ID
UG1304
Release Date
2023-10-18
Version
2023.2 English

In eFUSEs, you have three or five PPK choices to store the hash value of the primary public key and up to two of those values can be revoked. If another revocation occurs, the device is no longer bootable. If a PPK is compromised, you can revoke the public key by setting the corresponding PPK revocation bit in eFUSEs. See the Versal Adaptive SoC Security Manual (UG1508) for more information.

To revoke an SPK, you program the corresponding eFUSE bit in the revocation ID. There are 256-bits [0-255] in total, so you can revoke up to 255 SPKs. Another revocation will result in a device that will no longer be bootable. The 0-bit of the revocation ID represents SPK 0, the 32nd bit of the revocation ID represents SPK 32, etc.