Enhanced RSA Key Revocation Support
The RSA key provides the ability to revoke the secondary keys of one partition without revoking the secondary keys for all partitions.
Note: The primary key should be the
same across all partitions.
This is achieved by using USER_FUSE0
to USER_FUSE7
eFUSEs with the BIF parameter spk_select.
Note: You can revoke up to 256 keys, if all are not required for their usage.
The following BIF file sample shows enhanced user fuse revocation. Image header and FSBL uses different SSKs for authentication (ssk1.pem and ssk2.pem respectively) with the following BIF input.
the_ROM_image:
{
[auth_params]ppk_select = 0
[pskfile]psk.pem
[sskfile]ssk1.pem
[
bootloader,
authentication = rsa,
spk_select = spk-efuse,
spk_id = 0x8,
sskfile = ssk2.pem
] zynqmp_fsbl.elf
[
destination_cpu = a53-0,
authentication = rsa,
spk_select = user-efuse,
spk_id = 0x100,
sskfile = ssk3.pem
] application.elf
[
destination_cpu = a53-0,
authentication = rsa,
spk_select = user-efuse,
spk_id = 0x8,
sskfile = ssk4.pem
] application2.elf
}
-
spk_select = spk-efuse
indicates thatspk_id
eFUSE is used for that partition. -
spk_select = user-efuse
indicates that user eFUSE is used for that partition.
Partitions loaded by CSU ROM always uses spk_efuse
.
Note: The
spk_id
eFUSE specifies which key is valid. Hence, the ROM checks the
entire field of spk_id
eFUSE against the SPK ID to
make sure it is a bit for bit match.The user eFUSE specifies which key ID is NOT valid (has been revoked).
Therefore, the firmware (non-ROM) checks to see if a given user eFUSE that
represents the SPK ID has been programmed.
Note: In the above example, FSBL and application2 use the
same spk_id. But these two keys can be revoked separately, because one is
checked against the SPK_ID eFUSE and the other is checked against User
eFUSE.