For this example, you will create the primary and secondary keys in the PEM format. The keys are generated using Bootgen command-line options. Alternatively, you can create the keys using external tools such as OpenSSL.
The following steps describe the process of creating the RSA private/public key pairs:
Launch the shell from the Vitis IDE by clicking Xilinx → Vitis Shell.
Create a file named
key_generation.bif.Note
The
key_generation.biffile will be used to create both the asymmetric keys in these steps and the symmetric keys in later steps.the_ROM_image: { [pskfile]psk0.pem [sskfile]ssk0.pem [auth_params]spk_id = 0; ppk_select = 0 [fsbl_config]a53_x64 [bootloader]fsbl_a53.elf [destination_cpu = pmu]pmufw.elf [destination_device = pl]edt_zcu102_wrapper.bit [destination_cpu = a53-0, exception_level = el-3, trustzone] bl31.elf [destination_cpu = r5-0]tmr_psled_r5.elf [destination_cpu = a53-0, exception_level = el-2]u-boot.elf [load = 0x1000000, destination_cpu = a53-0]image.ub }
Save the
key_generation.biffile in theC:\edt\secure_boot_sd\keysdirectory.Copy all of the ELF, BIF, and UB files built in Design Example 1: Using GPIOs, Timers, and Interrupts to
C:\edt\secure_boot_sd\keys directory.bl31.elf
edt_zcu102_wrapper.bit
fsbl_a53.elf
image.ub
pmufw.elf
tmr_psled_r5.elf
u-boot.elf
Navigate to the folder containing the BIF file.
cd C:\edt\secure_boot_sd\keys
Run the following command to generate the keys:
bootgen -p zu9eg -arch zynqmp -generate_keys auth pem -image key_generation.bif
Verify that the files
psk0.pemandssk0.pemare generated at the location specified in the BIF file (c:\edt\secure_boot_sd\keys).
Note
2020.3 (and previous) Bootgen fails to replace the old authentication key files with new authentication key files generated using the -generate_keys option. It is recommended that you check the existence and permissions of the target key files before generation. Refer to AR 76125 for details.