For a Versal ACAP, bootgen encrypts the meta header when encryption is specifically mentioned under the "metaheader" attribute. The aeskeyfile that is to be used can be specified in the bif using the parameters under "metaheader". A snippet of the usage is shown below.
metaheader
{
encryption = aes,
keysrc = bbram_red_key,
aeskeyfile = headerkey.nky,
}
The following conditions apply.
- If a specific aeskeyfile is not specified for meta header, Bootgen generates a file named meta_header.nky, and uses it during encryption.
- If a boot loader is present in the bif, it is mandatory to encrypt boot loader to encrypt meta header. For a partial PDI, meta header can be optionally chosen to be encrypted.