BIF File for Black Key Stored in eFUSE - 2020.2 English

Zynq UltraScale+ MPSoC Software Developer Guide (UG1137)

Document ID
Release Date
2020.2 English

For customers who would like to have the device key stored encrypted when not in use, the physical unclonable function (PUF) can be used. Here, the actual red key is encrypted with the PUF key encryption key (KEK), which is an encryption key that is generated by the PUF. The device will decrypt the black key to get the actual red key, so you need to provide the required inputs to Bootgen. The black key can be stored in either eFUSE or the Boot Header. Shutter value indicates the time for which the oscillator values can be captured for PUF. This value must always be 0x100005E.

For more details, refer to “Storing Keys in Encrypted Form (Black)” in the Zynq UltraScale+ Device Technical Reference Manual (UG1085).

The following example shows storage of the black key in eFUSE.

[keysrc_encryption] efuse_blk_key 
[fsbl_config] shutter=0x0100005E 
[auth_params] ppk_select=0
[bootloader, encryption = aes, authentication = rsa, destination_cpu=a53-0]fsbl.elf
[bh_key_iv] black_key_iv.txt