Black Key - 2020.2 English

Versal ACAP System Software Developers Guide (UG1304)

Document ID
Release Date
2020.2 English

The black key is produced after the red key is encrypted using the PUF generated key encryption key (KEK).

Note: The KEK is unique per Versal device and cannot be read out of the device.

The black key can be stored in eFUSE, BBRAM, or in the boot header for secure boot. If encrypt-only boot mode is selected, the black key can only be stored in eFUSEs .