Gray/Obfuscated Keys - 2023.2 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
Release Date
2023.2 English

The user key is encrypted with the family key, which is embedded in the metal layers of the device. This family key is the same for all devices in the AMD Zynq™ UltraScale+™ MPSoC. The result is referred to as the obfuscated key. The obfuscated key can reside in either the Authenticated Boot Header or or in eFUSEs.

	[keysrc_encryption] efuse_gry_key 
	[bh_key_iv] bhiv.txt
		destination_cpu = a53-0,
		encryption      = aes, 
		aeskeyfile      = aes_p1.nky
	]    fsbl.elf 
		destination_cpu = r5-0,
		encryption      = aes,
		aeskeyfile      = aes_p2.nky 
	]    hello.elf

Bootgen does the following while creating an image:

  1. Places the IV from bhiv.txt in the field BH IV in Boot Header.
  2. Places the IV 0 from aes.nky in the field "Secure Header IV" in Boot Header.
  3. Encrypts the partition, with Key0 and IV0 from aes.nky.

Another example of using the gray/family key is found in Use Cases and Examples.

For more details about this feature, refer to the Zynq UltraScale+ Device Technical Reference Manual (UG1085).