Hardware Root Of Trust Secure Boot Details

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.4 English

The Zynq UltraScale+ MPSoC hardware root of trust is based on the RSA-4096 asymmetric authentication algorithm in conjunction with SHA-3/384. There are two key pairs used in the Zynq UltraScale+ MPSoC, and consequently two public key types: the primary public key (PPK) and the secondary public key (SPK). Table: Public Keys lists the characteristics of each public key type.

Table 12-15:      Public Keys

Public Key





Primary (PPK)


External memory and hash in eFUSEs.

Can be revoked.

Only used to authenticate SPK and authentication header.

Secondary (SPK)

Up to 256

Boot image.

Can be revoked.

Signed by PPK. Used to authenticate everything else.

There are two PPKs; the full public key is stored in external memory (e.g., flash) and a SHA-3/384 hash of the public key is stored in eFUSEs on the device. The CSU, during the boot process, validates the integrity of the public key stored in external memory using the hash stored in eFUSEs. The PPKs can be revoked. The main purpose of the PPK is to authenticate the SPK.

There are 32 SPKs available for the bootloader (FSBL) and up to 256 SPKs available for all other partitions depending on which SPK revocation method is used (standard or enhanced). The SPK is delivered via the authenticated boot image, and is consequently protected against modification. The SPKs can also be revoked and are used to authenticate everything else.

There are a number of considerations when utilizing the hardware root of trust capabilities. These are discussed in detail in Device Provisioning, Boot Operation, and Key Revocation.