Rolling Keys - 2025.1 English - UG1283

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2025-05-29
Version
2025.1 English

For Spartan UltraScale+ devices, Bootgen supports AES-GCM encryption with rolling keys, enhancing security by segmenting the boot image into smaller encrypted blocks (modules). Each module is encrypted with a unique AES key, helping mitigate key reuse and reducing susceptibility to side-channel attacks.

The first key is derived from the specified hardware key source (for example, eFUSE). Keys for subsequent modules are wrapped (encrypted) using the preceding module’s key, forming a secure key chain across the image.


all:
{
    id_code = 0x04ca8093
    extended_id_code = 0x01
    id = 0x2

    bh_kek_iv = black_iv.txt
    bh_keyfile = black_key.txt
    puf_file = pufdata.txt
    boot_config {puf4kmode}

    image
    {
        name = pmc_subsys, id = 0x1c000001

        partition
        {
            id = 0x01,
            type = bootloader,
            encryption = aes,
            keysrc = efuse_red_key,
            aeskeyfile = efuse_red_key.nky,
            dpacm_enable,
            blocks = 4096(2);1024;2048(2);4096(*),
            file = plm.elf
        }

        partition
        {
            id = 0x09,
            type = pldata,
            load = 0xf2000000,
            aeskeyfile = pldata.nky,
            file = pl_data.cdo
        }
    }
}
blocks
Specifies the encryption granularity. The syntax allows definition of specific block sizes and repetitions (for example; 4096(2) encrypts two 4 KB blocks). The * wildcard applies the last block size repeatedly to the remaining data.
aeskeyfile
Provides the initial AES key; rolling keys are derived and wrapped internally.
dpacm_enable
Adds the indication in the boot image that the differential power analysis (DPA) counter measure is enabled for side channel resistance.
Note: The enablement of the DPA Counter Measure in the boot image must match the enablement of the countermeasure in device.