For a Versal adaptive SoC, Bootgen encrypts the meta header when encryption is specifically mentioned under the "metaheader" attribute. The aeskeyfile to be used can be specified in the bif using the parameters under "metaheader." A snippet of the usage is shown below.
encryption = aes,
keysrc = bbram_red_key,
aeskeyfile = headerkey.nky,
The following conditions apply.
- If a specific aeskeyfile is not specified for the meta header, Bootgen generates a file named meta_header.nky, and uses it during encryption.
- If a boot loader is present in the bif, it is mandatory to encrypt boot loader to encrypt meta header. For a partial PDI, meta header can be optionally chosen to be encrypted.
- To ensure the correctness of Image Header Table, it is added as additional authenticated data when encrypting the meta header.