The following BIF file sample shows boot header black key encryption:
the_ROM_image:
{
[aeskeyfile] redkey.nky
[keysrc_encryption] bh_blk_key
[bh_keyfile] blackkey.txt
[bh_key_iv] black_key_iv.txt
[fsbl_config] pufhd_bh , puf4kmode , shutter=0x0100005E, bh_auth_enable
[pskfile] PSK.pem
[sskfile] SSK.pem
[bootloader,authentication=rsa , encryption=aes, destination_cpu=a53-0]fsbl.elf
[puf_file]hlprdata4k.txt
}
Note: Authentication of boot image is compulsory for using black key encryption.
To generate or program the eFUSEs with the back key, see Zynq eFUSE PS API in the OS and Libraries Document Collection (UG643).