Bootgen generates the PPK hash for storing in eFUSE for PPK to be trusted. This step is required only for Asymmetric HW Root-of-Trust (AHWRoT), and can be skipped for AHWRoT for the AMD Zynq™ UltraScale+™ MPSoC device. The value from efuseppksha.txt can be programmed to eFUSE for AHWRoT.
For more information about BBRAM and eFUSE programming, see Programming BBRAM and eFUSEs (XAPP1319).
BIF File Example
The following is a sample BIF file, generate_hash_ppk.bif.
generate_hash_ppk:
{
[pskfile] psk0.pem
[sskfile] ssk0.pem
[bootloader, destination_cpu=a53-0, authentication=rsa] fsbl_a53.elf
}
Command
The command to generate PPK hash for eFUSE programming is:
bootgen –image generate_hash_ppk.bif –arch zynqmp –w –o /
test.bin –efuseppkbits efuseppksha.txt