Hello,
I have been following External Secure Storage Using the PUF - XAPP1333 (Xilinx Guide) with an ultra96-V2. I have been following the steps in the guide including running the xilskey_puf_registration_example and xilskey_efuseps_zynqmp_example with the following outputs respectively in puf_xapp1333_puf_registration.txt and puf_xapp1333_efuse.txt attached.
Here is a link for all the attachments: https://drive.google.com/drive/folders/1LlYLnofBePf1EQxz-kfoBf9eAbh3JzD3?usp=drive_link
I used the keys in the reference design attached under Reference Design Keys. I changed the device to zu3eg for the multiple_keys.nky and multiple_keys_app.nky files.
I created a folder named boot with the following files from the reference design:
ExternalKeyStorage.bif
multiple_keys.nky
multiple_keys_app.nky
psk0.pmem
puf_iv.txt
ssk0.pem
ExternalKeyStorage.elf
fsbl.elf
with fsbl.elf and ExternalKeyStorage.elf being the .elf files for the Ulra96 platform I created based on the steps from Appendix A in XAPP133, and the ExternalKeyStorage application.
My ExternalKeyStorage.bif is attached and can be seen here:
//arch = zynqmp; split = false; format = BIN
the_ROM_image:
{
[pskfile] psk0.pem
[sskfile] ssk0.pem
[auth_params] spk_id = 0; ppk_select = 0
[keysrc_encryption] efuse_blk_key
[bh_key_iv] puf_iv.txt
[fsbl_config] shutter = 0x0100005E, opt_key
[bootloader, destination_cpu=a53-0, encryption = aes, authentication = rsa, aeskeyfile = multiple_keys.nky] fsbl.elf
[destination_cpu = a53-0, encryption = aes, authentication = rsa, aeskeyfile = multiple_keys_app.nky] ExternalKeyStorage.elf
}
I modified the one from the reference design based on the instructions in Sample BIF for a Fielded System (removing the puf4kmode) from Use Secure Boot Features to Protect Your Design — Embedded Design Tutorials 2021.1 documentation
The instructions in XAPP1333 mention to use this bootgen command:
bootgen –p zcu9eg –arch zynqmp –image ExternalKeyStorage.bif –w –o BOOT.bin
Since I am using the Avnet ultra96-V2 board, I replaced the zcu9eg with the following based on the technical specifications listed on the ultra96 Product Technical Specifications page.
bootgen –p zu3eg –arch zynqmp –image ExternalKeyStorage.bif –w –o BOOT.bin
I ran this bootgen command in the boot folder previously mentioned, successfully creating BOOT.bin, which is also attached.
After creating the boot image, I copied and pasted the BOOT.bin onto an SD Card and tried and turning on the board. When booting, Red INIT_B LED (D5) is staying on and DONE LED (D1) never turns on. When connecting the board with the JTAG/UART pod, I am unable to see any output.
Do you know why the board is unable to boot from the SD card with the supposed secure boot image? Is my ExternalKeyStorage.bif correct?
Any advice would be appreciated. Let me know if I can provide any more information. Thanks!