Verification of Device Provisioning

Key Revocation Lab (XAPP1344)

Document ID
XAPP1344
Release Date
2022-03-14
Revision
v1.1 English

After successfully programming the PPK eFUSEs and the RSA_EN eFUSE, verify that secure only boot and device provisioning have been enabled successfully, i.e., non-secured BI does not load on the programmed board.

  1. Push the POR_B button on the board or power cycle the board.
    Note: Pushing POR_B or power cycling resets the board, forcing a reload of the BI. However, it is expected that the FSBL and lab application in the BI will fail to load.

    When the board comes online there is no output on the serial terminal, and both the FSBL and the lab application fail to load. In addition, the PS_ERR_OUT LED glows red, as shown in the following image.

    Note: It takes up to 30 seconds for the LED light to turn on.
    Figure 1. PS_ERR_OUT LED
    Note: This change in boot behavior is permanent. Therefore, only the authenticated BI will boot on the ZCU102 device where the eFUSE programming was done. Generating a Secure Boot Image and Booting the Secured ZCU102 Device details how to generate a secured BI using the provided pem files.