Symmetric Hardware Root-of-Trust (S-HWRoT) Boot Mode (Encryption Required) - 2022.1 English

Versal ACAP System Software Developers Guide (UG1304)

Document ID
UG1304
Release Date
2022-04-21
Version
2022.1 English

There are dedicated bits in eFUSEs that correspond to the S-HWRoT boot mode. If any one of these bits are set, the S-HWRoT boot mode forces the device to only boot images that have the PLM and MetaHeader encrypted using a black (encrypted) eFUSE key. Encryption of partitions beyond the PLM and MetaHeader is defined by the MetaHeader which is authenticated using AES-GCM.