Zynq UltraScale+ MPSoC Secure Boot


This page provides information about the different types of devices used in Secure boot on the ZCU102 board

1. Secure Boot using BBRAM storage for Encryption key
2. Secure boot using eFuses for Authentication and Encryption

1.1 Secure Boot using BBRAM Storage for Encryption key

Follow the instructions below to use BBRAM as storage for encryption key.

1. Programming AES key in BBRAM.
2. Secure Linux boot using AES key from BBRAM based on boot mode selection

1.1.1 Programming AES key in BBRAM

1. Refer to section "Programming the AES Key in BBRAM" in XAPP1319

1.1.2 Secure Linux boot using AES key from BBRAM based on boot mode selection

1. Refer to section 1.1.1 for BBRAM Programming
2. Refer to section "Linux on APU and Bare-Metal on RPU" in UG1209 based on boot mode selection.

1.2 Secure Boot using eFuses for Authentication and Encryption

Follow the instructions below to use the eFuses.

1. Programming eFuses for authentication and encryption keys
2. Secure Linux boot using eFuses based on boot mode selection.

1.2.1 Programming eFuses for Authentication and Encryption keys


1. Refer to section " Programming eFuses for AES and RSA Cryptographic Functions" in XAPP1319

1.2.2 Secure Linux boot using eFuses based on boot mode selection

1. Refer to section 1.2.1 for eFUSE programming
2. Refer to section "Linux on APU and Bare-Metal on RPU" in UG1209 based on boot mode selection.

Related Links

Zynq UltraScale+ MPSoC Non-Secure Boot
Zynq UltraScale+ MPSoC Multiboot and Fallback

[destination_device=ps, destination_cpu=a53-0, authentication=rsa, encryption=aes] bl31.elf
[destination_device=ps, destination_cpu=a53-0, authentication=rsa, encryption=aes] u-boot.elf