Before the device can boot with the root of trust, a minimum amount of user information must be programmed or provisioned into the device. At a minimum, the hardware root of trust must be enabled and a hash of the user public key must be programmed into the device. This Figure shows the critical eFUSEs that must be programmed.
The generation of the primary and secondary key pairs is a user decision. Utilizing AMD tools, a hash of the each of the PPKs is obtained and programmed into the eFUSE locations on the device. If desired, the secondary public key identification (ID) can be programmed to a non-zero value.
IMPORTANT: The Zynq Ultrascale+ MPSoC supports two PPKs. Both PPK hash values shall be programmed before fielding a system.
Finally, the hardware root of trust must be enabled by programming the fifteen (15) RSA enable eFUSEs. While programming, any one of the fifteen forces every boot to be authenticated. It is recommended that all 15 are programmed. The enable eFUSEs are implemented redundantly as a countermeasure against advanced physical modification attacks such as those using a focused ion beam (FIB).