After successfully programming
both PPK eFUSES, the device is ready for secure-only boot and the RSA_EN eFUSE needs to
be programmed.
- Power cycle the board or ensure you are in the main menu.
- Open the main menu.
- Press s to select s = Print eFUSE Status.
- Compare the PPK0 and PPK1 hash values displayed on the serial terminal along
with the two hashes provided in Program the PPK0 and PPK1 Digest eFUSEs. The values should match. Note: The eFUSE information associated with this lab is displayed in the figure below. The PPK hash fuses are programmed. The User fuses are all zero indicating that nothing has been revoked using the enhanced revocation. The SPK revocation ID is zero indicating that no SPK's have been revoked using the standard revocation. PPK0 and 1 are showing that they are valid so neither have been revoked at this stage of the lab.Figure 1. PPK0 and PPK1 Verification
- Power cycle the board.
- Select f = RSA always authentication.
- Enter y to confirm.
- Verify the PPK hash values.
- Enter y to program the RSA_EN
eFUSE.Note: The eFUSE should be programmed successfully, as shown in the following figure.
Figure 2. RSA Enable eFUSE Write