This example shows how to create a boot image with encryption
enabled for FSBL and the application with the bh_blk_key
stored in the Boot Header. Authentication is also enabled
for FSBL.
the_ROM_image:
{
[pskfile] PSK.pem
[sskfile] SSK.pem
[fsbl_config] shutter=0x0100005E
[auth_params] ppk_select=0
[bh_keyfile] blackkey.txt
[bh_key_iv] black_key_iv.txt
[puf_file]helperdata4k.txt
[keysrc_encryption] bh_blk_key
[
bootloader,
encryption=aes,
aeskeyfile=aes0.nky,
authentication=rsa,
destination_cpu=a53-0
] ZynqMP_Fsbl.elf
[
destination_cpu = a53-0,
encryption=aes,
aeskeyfile=aes1.nky
] App_A53_0.elf
}
Note: Boot image Authentication
is required when using black key Encryption.