Programming the PPK eFUSEs is the first step in securing the ZCU102 device (also referred to as device provisioning). In the Zynq UltraScale+ MPSoC, there are two PPK eFUSEs – PPK0 and PPK1. In this section both the PPK eFUSEs are programmed with SHA3-384 hashes of pre-generated Privacy Enhanced Mail (PEM) files. See Reference Design for the PEM file.
For this task, the non-secure BI generated are used in Generate Boot Image.
- Power cycle the board.
- Select p = PPK Hash
Programming from the main menu.
A summary of eFUSEs is printed for reference.
- Enter y to confirm PPK programming.
- Enter 0 to program PPK0.
- Copy and paste the following PPK0 hash value into the
prompt:
79F08C4EB1AAF60CB5A655445657C03CF76022444364F490822E87474764FE892AD8FBB38CB486536CB3151C3D45B040
Note: The corresponding pem file for the hash in step 4 is named psk0.pem. It is provided with this application note and required to generate the secure BI in later sections.Note: Bootgen can be used to create a PEM file using unique keys. Refer to the Bootgen User Guide (UG1283) for detailed information.Note: It is recommended to copy the provided PPK0 hash value to a text editor first to make sure there are no line breaks and ensure the value copied to clipboard is correct before pasting it to the application prompt. - Enter y to confirm PPK0 programming.
Figure 1. PPK0 eFUSE Programming
- Enter any key to return to the main menu.