efuseppkbits - Unknown option on command line

Xilinx / bootgen

bootgen source code

Other

30 stars 41 forks source link

efuseppkbits - Unknown option on command line #12

Open ldts opened 2 years ago

ldts commented 2 years ago

Hi,

I am trying to generate the SHA to write to the eFuse so I can properly activate the secure boot authentication However using the documented bif file, I am having the following issue:

all:
{
        [pskfile] keys/PSK.pem
        [sskfile] keys/SSK.pem
        [bootloader, destination_cpu=a53-0, authentication=rsa] u-boot-spl.bin
}

./bootgen –arch zynqmp –image bif.hash -o boot.bin –efuseppkbits eFUSE.txt

****** Xilinx Bootgen v2021.1
  **** Build date : Jul 15 2021-00:18:02
    ** Copyright 1986-2021 Xilinx, Inc. All Rights Reserved.

[ERROR]  : Unknown option on command line:

It is not straightforward to debug the parser (lex/bixon stuff). Could you help me understand the error in the command line please - verbatim from the documentation?

This actually relates to https://github.com/Xilinx/bootgen/pull/10

ldts commented 2 years ago

Um reading the code a bit it seems the right way to generate the efuse.txt is to do it at the time of the bin creation only

the_ROM_image:
{
        [pskfile] keys/PSK.pem
        [sskfile] keys/SSK.pem
        [pmufw_image, load=0xffdc0000] pmu.bin
        [bootloader, authentication=rsa, destination_cpu=a53-0, load=0xfffc0000] u-boot-spl.bin
}

./bootgen -arch zynqmp -image bif -w on -o boot.bin -efuseppkbits efusefile.txt

The command above does generate the efuse file but I'd like to have some guarantees it will work (I dont want to risk bricking this board).

please could you confirm?

embetrix commented 2 months ago

@ldts hi, any hints how to write the fuses without breaking some devices ?

RamyaDarapuneni commented 2 months ago

Could you please refer app note for writing eFuses on Zynq Ultra Scale Plus devices Programming BBRAM and eFUSEs Application Note (XAPP1319) • Viewer • AMD Technical Information Portal

@ldts hi, any hints how to write the fuses without breaking some devices ?

embetrix commented 2 months ago

@RamyaDarapuneni thanks but the document doesn't illustrate bytes order of the PPKs and I would like to avoid break some devices. can you please provide an example ?

Is it also possible to write them from Linux through the nvmem API ?

nathan-menhorn commented 1 month ago

Hi @ldts and @embetrix please reference XAPP1357 found in the Xilinx Design Security lounge.

https://account.amd.com/en/member/design_security.html#tabs-b08b1a322e-item-5dbfbe7377-tab

This will have more details on how to use Bootgen to create the hashes of the PPKs.