Enhanced RSA Key Revocation Support
The RSA key provides the ability to revoke the secondary keys of one partition without revoking the secondary keys for all partitions.
Note: The primary key should be the
same across all partitions.
This is achieved by using USER_FUSE0
to USER_FUSE7
eFUSEs with the BIF parameter spk_select.
Note: You can revoke up to 256 keys, if all are not required for their usage.
The following BIF file sample shows enhanced user fuse revocation. Image header and FSBL uses different SSKs for authentication (ssk1.pem and ssk2.pem respectively) with the following BIF input.
the_ROM_image:
{
[auth_params]ppk_select = 0
[pskfile]psk.pem
[sskfile]ssk1.pem
[
bootloader,
authentication = rsa,
spk_select = spk-efuse,
spk_id = 0x8,
sskfile = ssk2.pem
] zynqmp_fsbl.elf
[
destination_cpu = a53-0,
authentication = rsa,
spk_select = user-efuse,
spk_id = 0x100,
sskfile = ssk3.pem
] application.elf
[
destination_cpu = a53-0,
authentication = rsa,
spk_select = spk-efuse,
spk_id = 0x8,
sskfile = ssk4.pem
] application2.elf
}
-
spk_select = spk-efuse
indicates thatspk_id
eFUSE will be used for that partition. -
spk_select = user-efuse
indicates that user eFUSE will be used for that partition.
Partitions loaded by CSU ROM will always use spk_efuse
.
Note: The
spk_id
eFUSE specifies which key is valid. Hence, the ROM checks the
entire field of spk_id
eFUSE against the SPK ID to
make sure its a bit for bit match.The user eFUSE specifies which key ID is NOT valid (has been revoked). Therefore, the firmware (non-ROM) checks to see if a given user eFUSE that represents the SPK ID has been programmed.