This example shows how to create a boot image with the encryption
enabled for FSBL and an application with the efuse_blk_key
stored in eFUSE. Authentication is also enabled for
FSBL.
the_ROM_image:
{
[fsbl_config] puf4kmode, shutter=0x0100005E
[auth_params] ppk_select=0; spk_id=0x5
[pskfile] primary_4096.pem
[sskfile] secondary_4096.pem
[keysrc_encryption] efuse_blk_key
[bh_key_iv] bhkeyiv.txt
[
bootloader,
encryption=aes,
aeskeyfile=aes0.nky,
authentication=rsa
] fsbl.elf
}
Note: Boot image
authentication is compulsory for using black key encryption.