Black/PUF Keys - 2025.1 English - UG1283

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2025-05-29
Version
2025.1 English

In Spartan UltraScale+ devices, the black key mechanism offers a highly secure key management solution. It uses a PUF-derived KEK to encrypt user-defined AES keys. The resulting encrypted key (black key) can be stored securely in eFuse.

all:
{
    id_code = 0x04ca8093
    extended_id_code = 0x01
    id = 0x2


    image
    {
        name = pmc_subsys, id = 0x1c000001

        partition
        {
            id = 0x01,
            type = bootloader,
            encryption = aes,
            keysrc = efuse_red_key,
            aeskeyfile = efuse_red_key.nky,
            dpacm_enable,
            blocks = 4096(2);1024;2048(2);4096(*),
            file = plm.elf
        }

        partition
        {
            id = 0x09,
            type = pldata,
            load = 0xf2000000,
            aeskeyfile = pldata.nky,
            file = pl_data.cdo
        }
    }
}
Note: Because there is no Metaheader for Spartan UltraScale+ , meta encryption does not exist.