Symmetric Hardware Root-of-Trust (S-HWRoT) Boot Mode (Encryption Required) - 2023.2 English

Versal Adaptive SoC System Software Developers Guide (UG1304)

Document ID
Release Date
2023.2 English

There are dedicated bits in eFUSEs that correspond to the S-HWRoT boot mode. If any one of these bits are set, the S-HWRoT boot mode forces the device to only boot images that have the PLM and MetaHeader encrypted using a black (encrypted) eFUSE key. Encryption of partitions beyond the PLM and MetaHeader is defined by the MetaHeader which is authenticated using AES-GCM.