User eFUSE Support with Enhanced RSA Key Revocation - 2024.1 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
UG1400
Release Date
2024-05-30
Version
2024.1 English

Enhanced RSA Key Revocation Support

The RSA key provides the ability to revoke the secondary keys of one partition without revoking the secondary keys for all partitions.

Note: The primary key should be the same across all partitions.

This is achieved by using USER_FUSE0 to USER_FUSE7 eFUSEs with the BIF parameter spk_select.

Note: You can revoke up to 256 keys, if all are not required for their usage.

The following BIF file sample shows enhanced user fuse revocation. Image header and FSBL uses different SSKs for authentication (ssk1.pem and ssk2.pem respectively) with the following BIF input.

the_ROM_image:
{
	[auth_params]ppk_select = 0
	[pskfile]psk.pem
	[sskfile]ssk1.pem
	[
	  bootloader,
	  authentication = rsa,
	  spk_select = spk-efuse,
	  spk_id = 0x8,
	  sskfile = ssk2.pem
	] zynqmp_fsbl.elf
	[
	  destination_cpu = a53-0,
	  authentication = rsa,
	  spk_select = user-efuse,
	  spk_id = 0x100,
	  sskfile = ssk3.pem
	] application.elf
	[
	  destination_cpu = a53-0,
	  authentication = rsa,
	  spk_select = user-efuse,
	  spk_id = 0x8,
	  sskfile = ssk4.pem
	] application2.elf
} 
  • spk_select = spk-efuse indicates that spk_id eFUSE is used for that partition.
  • spk_select = user-efuse indicates that user eFUSE is used for that partition.

Partitions loaded by CSU ROM always uses spk_efuse.

Note: The spk_id eFUSE specifies which key is valid. Hence, the ROM checks the entire field of spk_id eFUSE against the SPK ID to make sure it is a bit for bit match.
The user eFUSE specifies which key ID is NOT valid (has been revoked). Therefore, the firmware (non-ROM) checks to see if a given user eFUSE that represents the SPK ID has been programmed.
Note: In the above example, FSBL, and application2 use the same spk_id. But these two keys can be revoked separately, because one is checked against the SPK_ID eFUSE and the other is checked against User eFUSE.