In Spartan UltraScale+ devices, the black key mechanism offers a highly secure key management solution. It uses a PUF-derived KEK to encrypt user-defined AES keys. The resulting encrypted key (black key) can be stored securely in eFuse.
all:
{
id_code = 0x04ca8093
extended_id_code = 0x01
id = 0x2
image
{
name = pmc_subsys, id = 0x1c000001
partition
{
id = 0x01,
type = bootloader,
encryption = aes,
keysrc = efuse_red_key,
aeskeyfile = efuse_red_key.nky,
dpacm_enable,
blocks = 4096(2);1024;2048(2);4096(*),
file = plm.elf
}
partition
{
id = 0x09,
type = pldata,
load = 0xf2000000,
aeskeyfile = pldata.nky,
file = pl_data.cdo
}
}
}
Note: Because there is no Metaheader for Spartan UltraScale+ , meta encryption does not
exist.