Program the PPK0 eFUSE

Key Revocation Lab (XAPP1344)
Document ID
XAPP1344
Release Date
2022-03-14
Revision
v1.1 English

Programming the PPK eFUSEs is the first step in securing the ZCU102 device (also referred to as device provisioning). In the Zynq UltraScale+ MPSoC, there are two PPK eFUSEs – PPK0 and PPK1. In this section both the PPK eFUSEs are programmed with SHA3-384 hashes of pre-generated Privacy Enhanced Mail (PEM) files. See Reference Design for the PEM file.

For this task, the non-secure BI generated are used in Generate Boot Image.

  1. Power cycle the board.
  2. Select p = PPK Hash Programming from the main menu.

    A summary of eFUSEs is printed for reference.

  3. Enter y to confirm PPK programming.
  4. Enter 0 to program PPK0.
  5. Copy and paste the following PPK0 hash value into the prompt:
    79F08C4EB1AAF60CB5A655445657C03CF76022444364F490822E87474764FE892AD8FBB38CB486536CB3151C3D45B040
    Note: The corresponding pem file for the hash in step 4 is named psk0.pem. It is provided with this application note and required to generate the secure BI in later sections.
    Note: Bootgen can be used to create a PEM file using unique keys. Refer to the Bootgen User Guide (UG1283) for detailed information.
    Note: It is recommended to copy the provided PPK0 hash value to a text editor first to make sure there are no line breaks and ensure the value copied to clipboard is correct before pasting it to the application prompt.
  6. Enter y to confirm PPK0 programming.
    Figure 1. PPK0 eFUSE Programming
  7. Enter any key to return to the main menu.