BIF File for Black Key Stored in Boot Header - 2020.2 English

Zynq UltraScale+ MPSoC Software Developer Guide (UG1137)

Document ID
UG1137
Release Date
2021-01-05
Version
2020.2 English

The following BIF file sample shows boot header black key encryption:

the_ROM_image:
{
[aeskeyfile] redkey.nky 
[keysrc_encryption] bh_blk_key 
[bh_keyfile] blackkey.txt 
[bh_key_iv] black_key_iv.txt
[fsbl_config] pufhd_bh , puf4kmode , shutter=0x0100005E, bh_auth_enable 
[pskfile] PSK.pem
[sskfile] SSK.pem
[bootloader,authentication=rsa , encryption=aes, destination_cpu=a53-0]fsbl.elf 
[puf_file]hlprdata4k.txt
}
Note: Authentication of boot image is compulsory for using black key encryption.

To generate or program the eFUSEs with the back key, see Zynq eFUSE PS API in the OS and Libraries Document Collection (UG643).