Meta Header Encryption - 2024.1 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2024-05-30
Version
2024.1 English

For a Versal adaptive SoC, Bootgen encrypts the meta header when encryption is specifically mentioned under the "metaheader" attribute. The aeskeyfile to be used can be specified in the bif using the parameters under "metaheader." A snippet of the usage is shown below.

Note: Meta Header encryption includes all the headers except the Image Header Table.
metaheader
{
  encryption = aes,
  keysrc = bbram_red_key,
  aeskeyfile = headerkey.nky,
}

The following conditions apply.

  • If a specific aeskeyfile is not specified for the meta header, Bootgen generates a file named meta_header.nky, and uses it during encryption.
  • If a boot loader is present in the bif, it is mandatory to encrypt boot loader to encrypt meta header. For a partial PDI, meta header can be optionally chosen to be encrypted.
  • To ensure the correctness of Image Header Table, it is added as additional authenticated data when encrypting the meta header.