Using Authentication
Select the Use Authentication check box to authenticate the boot image or any of the partitions of the boot image.
When using authentication, you must specify the authentication keys. The table below lists the authentication keys available for both Zynq® and Zynq® UltraScale+™ MPSoC architectures :
Key |
Name |
Description |
Supported File Formats |
|---|---|---|---|
|
For Zynq Architecture |
|||
| PPK |
Primary Public Key |
This key is used to authenticate a partition. It should always be specified when authenticating a partition. |
*.txt *.pem *.pub |
SPK |
Secondary Public Key |
This key is used to authenticate a partition. It should always be specified when authenticating a partition. |
*.txt *.pem *.pub |
PSK |
Primary Secret Key |
This key is used to sign a partition. It is not mandatory. There are two options:
|
*.txt *.pem |
SSK |
Secondary Secret Key |
This key is used to sign a partition. It is not mandatory. There are two options:
|
*.txt *.sig |
SPK Signature |
Secondary Public Key Signature |
The SPK Signature can be directly specified in cases where you do not want to share the secret key. |
*.txt *.sig |
| For Zynq UltraScale+ MPSoC Architecture | |||
| Hashing Select |
SHA3: SHA3 Hashing algorithm is used while doing RSA authentication. SHA2: SHA2 Hashing algorithm is used while doing RSA authentication. |
||
| PPK Select | Primary Public Key Select | There are two locations in efuse to store the hash of PPK (PPK0 & PPK1). Select the location in which PPK hash will be stored. | |
| SPK ID | Secondary Public Key Identifier | This is a optional user defined value that is also written to efuse. This value is ignored in case of the Use BH Auth checkbox is selected Boot Header Authentication (Use BH Auth) | |
| Use BH Auth | Boot Header Authentication | Using BH authentication, bypasses the PPK validation. This option can be used during development cycle, without burning the efuse . | |