For Spartan UltraScale+ devices, Bootgen supports AES-GCM encryption with rolling keys, enhancing security by segmenting the boot image into smaller encrypted blocks (modules). Each module is encrypted with a unique AES key, helping mitigate key reuse and reducing susceptibility to side-channel attacks.
The first key is derived from the specified hardware key source (for example, eFUSE). Keys for subsequent modules are wrapped (encrypted) using the preceding module’s key, forming a secure key chain across the image.
all:
{
id_code = 0x04ca8093
extended_id_code = 0x01
id = 0x2
bh_kek_iv = black_iv.txt
bh_keyfile = black_key.txt
puf_file = pufdata.txt
boot_config {puf4kmode}
image
{
name = pmc_subsys, id = 0x1c000001
partition
{
id = 0x01,
type = bootloader,
encryption = aes,
keysrc = efuse_red_key,
aeskeyfile = efuse_red_key.nky,
dpacm_enable,
blocks = 4096(2);1024;2048(2);4096(*),
file = plm.elf
}
partition
{
id = 0x09,
type = pldata,
load = 0xf2000000,
aeskeyfile = pldata.nky,
file = pl_data.cdo
}
}
}
- blocks
- Specifies the encryption granularity. The syntax allows definition of specific block sizes and repetitions (for example; 4096(2) encrypts two 4 KB blocks). The * wildcard applies the last block size repeatedly to the remaining data.
- aeskeyfile
- Provides the initial AES key; rolling keys are derived and wrapped internally.
- dpacm_enable
- Adds the indication in the boot image that the differential power analysis
(DPA) counter measure is enabled for side channel resistance. Note: The enablement of the DPA Counter Measure in the boot image must match the enablement of the countermeasure in device.