The following BIF file sample shows boot header black key encryption:
the_ROM_image:
{
[aeskeyfile] redkey.nky
[keysrc_encryption] bh_blk_key
[bh_keyfile] blackkey.txt
[bh_key_iv] black_key_iv.txt
[fsbl_config] pufhd_bh , puf4kmode , shutter=0x0100005E, bh_auth_enable
[pskfile] PSK.pem
[sskfile] SSK.pem
[bootloader,authentication=rsa , encryption=aes, destination_cpu=a53-0]fsbl.elf
[puf_file]hlprdata4k.txt
}
Note: Authentication of boot image is compulsory for using black key encryption.
To generate or program the eFUSEs with the back key, see Programming BBRAM and eFUSEs (XAPP1319).