Bootgen authentication failures on ZCU102 Dev Board (ZynqMP)

[scagate]

BIF File:

cdmx_image:
{
    [fsbl_config] bh_auth_enable
    [pskfile] keys/psk0.pem
    [sskfile] keys/ssk0.pem

    [fsbl_config] puf4kmode, shutter=0x0100005E, pufhd_bh
    [keysrc_encryption] bh_blk_key
    [bh_keyfile] keys/bh_keyfile.txt
    [bh_key_iv] keys/bh_key_iv.txt
    [puf_file] keys/puf_file.txt
    [auth_params] ppk_select=0; spk_id=0

    [
        bootloader,
        authentication=rsa,
        encryption=aes,
        aeskeyfile=keys/fsbl.nky
    ] fsbl.elf

    ...

Bootgen command line:

bootgen -arch zynqmp -image cdmx_image.bif -w -o boot.bin

The latest version of bootgen (34c4313) fails to build boot.bin due to an error with the PUF shutter value, as the MSB bit is now required to be set. This contradicts the value generated by the PUF registration example code (xilskey_puf_registration_example.c), which does not have the MSB set. The error message comes from here: https://github.com/Xilinx/bootgen/blob/master/bifoptions.cpp#L588

If the MSB bit is set in the BIF file, boot.bin is generated, but fails to boot. No console output is shown.

Disabling encryption (i.e. just using authentication) works correctly.

The problem appears to be with the more recent commits, as commit 8221184 (tagged as "2020.3") also works correctly.

[RamyaDarapuneni]

Hi @scagate The issue exists in the release 2021.1, and is fixed in the latest release of 2021.2. (https://github.com/Xilinx/bootgen/blob/xlnx_rel_v2021.2/bifoptions.cpp#L587) It is a miss to merge the same on master. Please let me know if you can switch to the latest version, or I can check and update the fix to the releases based on need.

Thanks Ramya Darapuneni

[scagate]

Hi Ramya, I can confirm that the issue is resolved on the xlnx_rel_v2021.2 branch. Thanks!

[RamyaDarapuneni]

This is fixed @https://github.com/Xilinx/bootgen/blob/xlnx_rel_v2021.2/bifoptions.cpp#L587, hence closing.