stv0g/embeddedsw
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Xilskey: Added Example for Zynq MP efusePs

Browse source 
To program efuse PS of Zynq MP user has to edit input.h file
in input.h file default all will be in FALSE sate which ever has to be
programmed need to be changed to TRUE.
In example after programming cache will be reloaded and keys will be
read from cache. If user wants read API can be changed to read from
efuse memory.

Signed-off-by: VNSL Durga <vnsldurg@xilinx.com>
Reviewed-by: Harini Katakam <harinik@xilinx.com>
This commit is contained in:
VNSL Durga 2015-10-10 17:09:48 +05:30 committed by Nava kishore Manne
parent b92437c68b
commit 507e33c593
2 changed files with 948 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

601
lib/sw_services/xilskey/examples/xilskey_efuseps_zynqmp_example.c Normal file
View file

@ -0,0 +1,601 @@
/******************************************************************************
*
* Copyright (C) 2015 Xilinx, Inc. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* Use of the Software is limited solely to applications:
* (a) running on a Xilinx device, or
* (b) that interact with a Xilinx device through a bus or interconnect.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* XILINX BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
* OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* Except as contained in this notice, the name of the Xilinx shall not be used
* in advertising or otherwise to promote the sale, use or other dealings in
* this Software without prior written authorization from Xilinx.
*
******************************************************************************/
/*****************************************************************************/
/**
*
* @file xilskey_efuseps_zynqmp_example.c
* This file illustrates how to program ZynqMp efuse and read back the keys from
* efuse.
*
* <pre>
* MODIFICATION HISTORY:
*
* Ver Who Date Changes
* ----- ------ -------- ------------------------------------------------------
* 4.0 vns 10/01/15 First release
* </pre>
*
******************************************************************************/
/***************************** Include Files *********************************/
#include "xilskey_efuseps_zynqmp_input.h"
#include "xil_printf.h"
/***************** Macros (Inline Functions) Definitions *********************/
#define XSK_EFUSEPS_AES_KEY_STRING_LEN (64)
#define XSK_EFUSEPS_USER_KEY_STRING_LEN (64)
#define XSK_EFUSEPS_PPK_SHA3_HASH_STRING_LEN_96 (96)
#define XSK_EFUSEPS_PPK_SHA2_HASH_STRING_LEN_64 (64)
#define XSK_EFUSEPS_SPK_ID_STRING_LEN (8)
#define XSK_EFUSEPS_JTAG_USER_CODE_STRING_LEN (8)
#define XSK_EFUSEPS_AES_KEY_LEN_IN_BITS (256)
#define XSK_EFUSEPS_USER_KEY_LEN_IN_BITS (256)
#define XSK_EFUSEPS_PPK_SHA3HASH_LEN_IN_BITS_384 (384)
#define XSK_EFUSEPS_PPK_SHA2HASH_LEN_IN_BITS_256 (256)
#define XSK_EFUSEPS_SPKID_LEN_IN_BITS (32)
#define XSK_EFUSEPS_JTAG_USER_CODE_LEN_IN_BITS (32)
#define XSK_EFUSEPS_RD_FROM_CACHE (0)
#define XSK_EFUSEPS_RD_FROM_EFUSE (1)
/**************************** Type Definitions *******************************/
/************************** Function Prototypes ******************************/
static inline u32 XilSKey_EfusePs_ZynqMp_InitData(
XilSKey_ZynqMpEPs *PsInstancePtr);
static inline u32 XilSKey_EfusePs_Example_ReadSecCtrlBits();
/*****************************************************************************/
int main()
{
XilSKey_ZynqMpEPs PsInstance = {{0}};
u32 PsStatus;
u32 UserKey[8];
u32 Ppk0[12];
u32 Ppk1[12];
u32 SpkId;
u32 JtagUsrCode;
s8 Row;
u32 AesCrc;
#if defined (XSK_XPLAT_ZYNQ) || (XSK_MICROBLAZE_PLATFORM)
xil_printf("This example will not work for this platform\n\r");
#endif
/* Initiate the Efuse PS instance */
PsStatus = XilSKey_EfusePs_ZynqMp_InitData(&PsInstance);
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
/* Programming the keys */
PsStatus = XilSKey_ZynqMp_EfusePs_Write(&PsInstance);
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
/* Read keys from cache */
PsStatus = XilSKey_ZynqMp_EfusePs_CacheLoad();
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
xil_printf("keys read from cache \n\r");
PsStatus = XilSKey_ZynqMp_EfusePs_ReadUserKey(UserKey,
XSK_EFUSEPS_RD_FROM_CACHE );
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
else {
xil_printf("\n\rUserKey:");
for (Row = 7; Row >= 0; Row--)
xil_printf("%08x", UserKey[Row]);
}
xil_printf("\n\r");
PsStatus = XilSKey_ZynqMp_EfusePs_ReadPpk0Hash(Ppk0,
XSK_EFUSEPS_RD_FROM_CACHE);
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
else {
xil_printf("\n\rPPK0:");
for (Row = 11; Row >= 0; Row--)
xil_printf("%08x", Ppk0[Row]);
}
xil_printf("\n\r");
PsStatus = XilSKey_ZynqMp_EfusePs_ReadPpk1Hash(Ppk1,
XSK_EFUSEPS_RD_FROM_CACHE);
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
else {
xil_printf("\n\rPPK1:");
for (Row = 11; Row >= 0; Row--)
xil_printf("%08x", Ppk1[Row]);
}
xil_printf("\n\r");
PsStatus = XilSKey_ZynqMp_EfusePs_ReadSpkId(&SpkId,
XSK_EFUSEPS_RD_FROM_CACHE);
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
else {
xil_printf("\r\nSpkid: %08x\n\r", SpkId);
}
PsStatus = XilSKey_ZynqMp_EfusePs_ReadJtagUsrCode(&JtagUsrCode,
XSK_EFUSEPS_RD_FROM_CACHE);
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
else {
xil_printf("\r\nJTAGUSER code: %08x\n\r", JtagUsrCode);
}
/* CRC check for programmed AES key */
AesCrc = XilSKey_CrcCalculation((u8 *)XSK_EFUSEPS_AES_KEY);
PsStatus = XilSKey_ZynqMp_EfusePs_CheckAesKeyCrc(AesCrc);
if (PsStatus != XST_SUCCESS) {
xil_printf("\r\nAES CRC checK is failed\n\r");
}
else {
xil_printf("\r\nAES CRC checK is passed\n\r");
}
/* Reading control and secure bits of eFuse */
PsStatus = XilSKey_EfusePs_Example_ReadSecCtrlBits();
if (PsStatus != XST_SUCCESS) {
goto EFUSE_ERROR;
}
EFUSE_ERROR:
if (PsStatus != XST_SUCCESS) {
xil_printf("\r\nEfuse example is failed with Status = %08x\n\r",
PsStatus);
}
else {
xil_printf("\r\nZynqMp Efuse example exited successfully");
}
return PsStatus;
}
/****************************************************************************/
/**
*
*
* Helper functions to properly initialize the Ps eFUSE structure instance
*
*
* @param PsInstancePtr - Structure Address to update the
* structure elements
*
* @return
* - XST_SUCCESS - In case of Success
* - XST_FAILURE - If initialization fails
*
* @note
*
*****************************************************************************/
static inline u32 XilSKey_EfusePs_ZynqMp_InitData(
XilSKey_ZynqMpEPs *PsInstancePtr)
{
u32 PsStatus;
PsStatus = XST_SUCCESS;
/*
* Copy the xilskey_efuseps_zynqmp_input.h values into
* PS eFUSE structure elements
*/
/* Secure and control bits for programming */
PsInstancePtr->PrgrmgSecCtrlBits.AesKeyRead = XSK_EFUSEPS_AES_RD_LOCK;
PsInstancePtr->PrgrmgSecCtrlBits.AesKeyWrite = XSK_EFUSEPS_AES_WR_LOCK;
PsInstancePtr->PrgrmgSecCtrlBits.UseAESOnly =
XSK_EFUSEPs_FORCE_USE_AES_ONLY;
PsInstancePtr->PrgrmgSecCtrlBits.BbramDisable =
XSK_EFUSEPS_BBRAM_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.PMUError =
XSK_EFUSEPS_ERR_OUTOF_PMU_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.JtagDisable = XSK_EFUSEPS_JTAG_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.DFTDisable = XSK_EFUSEPS_DFT_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.ProgGate0 =
XSK_EFUSEPS_PROG_GATE_0_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.ProgGate1 =
XSK_EFUSEPS_PROG_GATE_1_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.ProgGate2 =
XSK_EFUSEPS_PROG_GATE_2_DISABLE;
PsInstancePtr->PrgrmgSecCtrlBits.SecureLock = XSK_EFUSEPS_SECURE_LOCK;
PsInstancePtr->PrgrmgSecCtrlBits.RSAEnable = XSK_EFUSEPS_RSA_ENABLE;
PsInstancePtr->PrgrmgSecCtrlBits.PPK0WrLock = XSK_EFUSEPS_PPK0_WR_LOCK;
PsInstancePtr->PrgrmgSecCtrlBits.PPK0Revoke = XSK_EFUSEPS_PPK0_REVOKE;
PsInstancePtr->PrgrmgSecCtrlBits.PPK1WrLock = XSK_EFUSEPS_PPK1_WR_LOCK;
PsInstancePtr->PrgrmgSecCtrlBits.PPK1Revoke = XSK_EFUSEPS_PPK1_REVOKE;
/* User control bits */
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk0 = XSK_EFUSEPS_USER_WRLK_0;
PsInstancePtr->PrgrmgSecCtrlBits. UserWrLk1 = XSK_EFUSEPS_USER_WRLK_1;
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk2 = XSK_EFUSEPS_USER_WRLK_2;
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk3 = XSK_EFUSEPS_USER_WRLK_3;
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk4 = XSK_EFUSEPS_USER_WRLK_4;
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk5 = XSK_EFUSEPS_USER_WRLK_5;
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk6 = XSK_EFUSEPS_USER_WRLK_6;
PsInstancePtr->PrgrmgSecCtrlBits.UserWrLk7 = XSK_EFUSEPS_USER_WRLK_7;
/* For writing into eFuse */
PsInstancePtr->PrgrmAesKey = XSK_EFUSEPS_WRITE_AES_KEY;
PsInstancePtr->PrgrmUserKey = XSK_EFUSEPS_WRITE_USER_KEY;
PsInstancePtr->PrgrmPpk0Hash = XSK_EFUSEPS_WRITE_PPK0_HASH;
PsInstancePtr->PrgrmPpk1Hash = XSK_EFUSEPS_WRITE_PPK1_HASH;
PsInstancePtr->PrgrmSpkID = XSK_EFUSEPS_WRITE_SPKID;
PsInstancePtr->PrgrmJtagUserCode = XSK_EFUSEPS_WRITE_JTAG_USERCODE;
/* Variable for Timer Intialization */
PsInstancePtr->IntialisedTimer = 0;
/* Copying PPK hash types */
PsInstancePtr->IsPpk0Sha3Hash = XSK_EFUSEPS_PPK0_IS_SHA3;
PsInstancePtr->IsPpk1Sha3Hash = XSK_EFUSEPS_PPK1_IS_SHA3;
/* Copy the keys to be programmed */
if (PsInstancePtr->PrgrmUserKey == TRUE) {
/* Validation of User High Key */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_USER_KEY,
XSK_EFUSEPS_USER_KEY_STRING_LEN);
if(PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the User key [255:0]bits */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPS_USER_KEY ,
&PsInstancePtr->UserKey[0],
XSK_EFUSEPS_USER_KEY_LEN_IN_BITS);
}
if (PsInstancePtr->PrgrmAesKey == TRUE) {
/* Validation of AES Key */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_AES_KEY,
XSK_EFUSEPS_AES_KEY_STRING_LEN);
if(PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the AES Key Value */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPS_AES_KEY,
&PsInstancePtr->AESKey[0],
XSK_EFUSEPS_AES_KEY_LEN_IN_BITS);
}
/* Is PPK0 hash programming is enabled */
if (PsInstancePtr->PrgrmPpk0Hash == TRUE) {
/* If Sha3 hash is programming into Efuse PPK0 */
if (PsInstancePtr->IsPpk0Sha3Hash == TRUE) {
/* Validation of PPK0 sha3 hash */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_PPK0_HASH,
XSK_EFUSEPS_PPK_SHA3_HASH_STRING_LEN_96);
if(PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the PPK0 sha3 hash */
XilSKey_Efuse_ConvertStringToHexBE(
(char *)XSK_EFUSEPS_PPK0_HASH,
&PsInstancePtr->Ppk0Hash[0],
XSK_EFUSEPS_PPK_SHA3HASH_LEN_IN_BITS_384);
}
/* If Sha2 hash is programming into Efuse PPK0 */
else {
/* Validation of PPK0 sha2 hash */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_PPK0_HASH,
XSK_EFUSEPS_PPK_SHA2_HASH_STRING_LEN_64);
if(PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the PPK0 sha3 hash */
XilSKey_Efuse_ConvertStringToHexBE(
(char *)XSK_EFUSEPS_PPK0_HASH,
&PsInstancePtr->Ppk0Hash[0],
XSK_EFUSEPS_PPK_SHA2HASH_LEN_IN_BITS_256);
}
}
/* Is PPK1 hash programming is enabled */
if (PsInstancePtr->PrgrmPpk1Hash == TRUE) {
/* If Sha3 hash is programming into Efuse PPK1 */
if (PsInstancePtr->IsPpk1Sha3Hash == TRUE) {
/* Validation of PPK1 sha3 hash */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_PPK1_HASH,
XSK_EFUSEPS_PPK_SHA3_HASH_STRING_LEN_96);
if(PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the PPK1 sha3 hash */
XilSKey_Efuse_ConvertStringToHexBE(
(char *)XSK_EFUSEPS_PPK1_HASH,
&PsInstancePtr->Ppk1Hash[0],
XSK_EFUSEPS_PPK_SHA3HASH_LEN_IN_BITS_384);
}
/* If Sha2 hash is programming into Efuse PPK1 */
else {
/* Validation of PPK1 sha2 hash */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_PPK1_HASH,
XSK_EFUSEPS_PPK_SHA2_HASH_STRING_LEN_64);
if(PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the PPK1 sha2 hash */
XilSKey_Efuse_ConvertStringToHexBE(
(char *)XSK_EFUSEPS_PPK1_HASH,
&PsInstancePtr->Ppk1Hash[0],
XSK_EFUSEPS_PPK_SHA2HASH_LEN_IN_BITS_256);
}
}
if (PsInstancePtr->PrgrmJtagUserCode == TRUE) {
/* Validation of JTAG user code */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_JTAG_USERCODE,
XSK_EFUSEPS_JTAG_USER_CODE_STRING_LEN);
if (PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the JTAG user code */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPS_JTAG_USERCODE,
&PsInstancePtr->JtagUserCode[0],
XSK_EFUSEPS_JTAG_USER_CODE_LEN_IN_BITS);
}
if (PsInstancePtr->PrgrmSpkID == TRUE) {
/* Validation of SPK ID */
PsStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPS_SPK_ID,
XSK_EFUSEPS_SPK_ID_STRING_LEN);
if (PsStatus != XST_SUCCESS) {
goto ERROR;
}
/* Assign the JTAG user code */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPS_SPK_ID,
&PsInstancePtr->SpkId[0],
XSK_EFUSEPS_SPKID_LEN_IN_BITS);
}
ERROR:
return PsStatus;
}
/****************************************************************************/
/**
* This API reads secure control bits from efuse and prints the status bits
*
*
* @param None
*
* @return
* - XST_SUCCESS - In case of Success
* - ErrorCode - If fails
*
* @note
*
*****************************************************************************/
static inline u32 XilSKey_EfusePs_Example_ReadSecCtrlBits()
{
u32 PsStatus;
XilSKey_SecCtrlBits ReadSecCtrlBits;
PsStatus = XilSKey_ZynqMp_EfusePs_ReadSecCtrlBits(&ReadSecCtrlBits,
XSK_EFUSEPS_RD_FROM_CACHE);
if (PsStatus != XST_SUCCESS) {
return PsStatus;
}
xil_printf("\r\nSecure and Control bits of eFuse:\n\r");
if (ReadSecCtrlBits.AesKeyRead == TRUE) {
xil_printf("\r\nAES key CRC check is disabled\n\r");
}
else {
xil_printf("\r\nAES key CRC check is enabled\n\r");
}
if (ReadSecCtrlBits.AesKeyWrite == TRUE) {
xil_printf("Programming AES key is disabled\n\r");
}
else {
xil_printf("Programming AES key is enabled\n\r");
}
if (ReadSecCtrlBits.UseAESOnly == TRUE) {
xil_printf("All boots must be encrypted with eFuse"
"AES key is enabled\n\r");
}
else {
xil_printf("All boots must be encrypted with eFuse"
"AES key is disabled\n\r");
}
if (ReadSecCtrlBits.BbramDisable == TRUE) {
xil_printf("Disables BBRAM key\n\r");
}
else {
xil_printf("BBRAM key is not disabled\n\r");
}
if (ReadSecCtrlBits.PMUError == TRUE) {
xil_printf("Error output from PMU is disabled\n\r");
}
else {
xil_printf("Error output from PMU is enabled\n\r");
}
if (ReadSecCtrlBits.JtagDisable == TRUE) {
xil_printf("Jtag is disabled\n\r");
}
else {
xil_printf("Jtag is enabled\n\r");
}
if (ReadSecCtrlBits.DFTDisable == TRUE) {
xil_printf("DFT is disabled\n\r");
}
else {
xil_printf("DFT is enabled\n\r");
}
if (ReadSecCtrlBits.ProgGate0 == TRUE) {
xil_printf("PROG_GATE 0 feature is disabled\n\r");
}
else {
xil_printf("PROG_GATE 0 feature is enabled\n\r");
}
if (ReadSecCtrlBits.ProgGate1 == TRUE) {
xil_printf("PROG_GATE 1 feature is disabled\n\r");
}
else {
xil_printf("PROG_GATE 1 feature is enabled\n\r");
}
if (ReadSecCtrlBits.ProgGate2 == TRUE) {
xil_printf("PROG_GATE 2 feature is disabled\n\r");
}
else {
xil_printf("PROG_GATE 2 feature is enabled\n\r");
}
if (ReadSecCtrlBits.SecureLock == TRUE) {
xil_printf("Reboot from JTAG mode is disabled when"
"doing secure lock down\n\r");
}
else {
xil_printf("Reboot from JTAG mode is enabled\n\r");
}
if (ReadSecCtrlBits.RSAEnable == TRUE) {
xil_printf("RSA authentication is enabled\n\r");
}
else {
xil_printf("RSA authentication is disabled\n\r");
}
if (ReadSecCtrlBits.PPK0WrLock == TRUE) {
xil_printf("Locks writing to PPK0 efuse \n\r");
}
else {
xil_printf("writing to PPK0 efuse is not locked\n\r");
}
if (ReadSecCtrlBits.PPK0Revoke == TRUE) {
xil_printf("Revoking PPK0 is enabled \n\r");
}
else {
xil_printf("Revoking PPK0 is disabled\n\r");
}
if (ReadSecCtrlBits.PPK1WrLock == TRUE) {
xil_printf("Locks writing to PPK1 efuses\n\r");
}
else {
xil_printf("writing to PPK1 efuses is not locked\n\r");
}
if (ReadSecCtrlBits.PPK1Revoke == TRUE) {
xil_printf("Revoking PPK1 is enabled \n\r");
}
else {
xil_printf("Revoking PPK1 is disabled\n\r");
}
xil_printf("\r\nUser control bits of eFuse:\n\r");
if (ReadSecCtrlBits.UserWrLk0 == TRUE) {
xil_printf("Programming USER_0 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_0 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk1 == TRUE) {
xil_printf("Programming USER_1 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_1 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk2 == TRUE) {
xil_printf("Programming USER_2 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_2 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk3 == TRUE) {
xil_printf("Programming USER_3 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_3 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk4 == TRUE) {
xil_printf("Programming USER_4 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_4 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk5 == TRUE) {
xil_printf("Programming USER_5 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_5 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk6 == TRUE) {
xil_printf("Programming USER_6 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_6 fuses is enabled\n\r");
}
if (ReadSecCtrlBits.UserWrLk7 == TRUE) {
xil_printf("Programming USER_7 fuses is disabled\n\r");
}
else {
xil_printf("Programming USER_7 fuses is enabled\n\r");
}
return XST_SUCCESS;
}

347
lib/sw_services/xilskey/examples/xilskey_efuseps_zynqmp_input.h Normal file
View file

@ -0,0 +1,347 @@
/******************************************************************************
*
* Copyright (C) 2015 Xilinx, Inc. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* Use of the Software is limited solely to applications:
* (a) running on a Xilinx device, or
* (b) that interact with a Xilinx device through a bus or interconnect.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* XILINX BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
* OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* Except as contained in this notice, the name of the Xilinx shall not be used
* in advertising or otherwise to promote the sale, use or other dealings in
* this Software without prior written authorization from Xilinx.
*
******************************************************************************/
/*****************************************************************************/
/**
*
* @file xilskey_efuseps_zynqmp_input.h.
* This file contains macros which needs to configured by user based on the
* options selected by user operations will be performed.
*
* @note
*
* User configurable parameters for ZynqMP PS eFUSE
*------------------------------------------------------------------------------
*
* #define XSK_EFUSEPS_AES_RD_LOCK FALSE
* TRUE will permanently disables the CRC check of FUSE_AES.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_AES_WR_LOCK FALSE
* TRUE will permanently disables the writing to FUSE_AES block.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPs_FORCE_USE_AES_ONLY FALSE
* TRUE will permanently enables encrypted booting only using the Fuse
* key.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_BBRAM_DISABLE FALSE
* TRUE will permanently disables the BBRAM key.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_ERR_OUTOF_PMU_DISABLE FALSE
* TRUE will permanently disables the error output from the PMU.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_JTAG_DISABLE FALSE
* TRUE will permanently disables JTAG controller.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_DFT_DISABLE FALSE
* TRUE will permanently disables DFT boot mode.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PROG_GATE_0_DISABLE FALSE
* TRUE will permanently disables PROG_GATE feature in PPD.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PROG_GATE_1_DISABLE FALSE
* TRUE will permanently disables PROG_GATE feature in PPD.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PROG_GATE_2_DISABLE FALSE
* TRUE will permanently disables PROG_GATE feature in PPD.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_SECURE_LOCK FALSE
* TRUE will permanently disables reboot into JTAG mode when doing
* a secure lockdown.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_RSA_ENABLE FALSE
* TRUE will permanently enables RSA authentication during boot.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PPK0_WR_LOCK FALSE
* TRUE will permanently disables writing to PPK0 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PPK0_REVOKE FALSE
* TRUE will permanently revokes PPK0.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PPK1_WR_LOCK FALSE
* TRUE will permanently disables writing PPK1 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_PPK1_REVOKE FALSE
* TRUE will permanently revokes PPK1.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_0 FALSE
* TRUE will permanently disables writing to USER_0 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_1 FALSE
* TRUE will permanently disables writing to USER_1 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_2 FALSE
* TRUE will permanently disables writing to USER_2 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_3 FALSE
* TRUE will permanently disables writing to USER_3 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_4 FALSE
* TRUE will permanently disables writing to USER_4 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_5 FALSE
* TRUE will permanently disables writing to USER_5 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_6 FALSE
* TRUE will permanently disables writing to USER_6 efuses.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPS_USER_WRLK_7 FALSE
* TRUE will permanently disables writing to USER_7 efuses.
* FALSE will not modify this control bit of eFuse.
*
* Following has to be set for programming required keys
*------------------------------------------------------------------------------
* #define XSK_EFUSEPS_WRITE_AES_KEY TRUE
* TRUE will burn the AES key provided in XSK_EFUSEPS_AES_KEY.
* FALSE will ignore the key provide XSK_EFUSEPS_AES_KEY.
*
* #define XSK_EFUSEPS_WRITE_USER_KEY TRUE
* TRUE will burn User key provided in XSK_EFUSEPS_USER_KEY.
* FALSE will ignore the key provided in XSK_EFUSEPS_USER_KEY.
*
* #define XSK_EFUSEPS_WRITE_PPK0_SHA3_HASH TRUE
* TRUE will burn PPK0 sha3 hash provided in XSK_EFUSEPS_PPK0_SHA3_HASH.
* FALSE will ignore the hash provided in XSK_EFUSEPS_PPK0_SHA3_HASH.
*
* #define XSK_EFUSEPS_WRITE_PPK1_SHA3_HASH TRUE
* TRUE will burn PPK1 sha3 hash provided in XSK_EFUSEPS_PPK1_SHA3_HASH.
* FALSE will ignore the hash provided in XSK_EFUSEPS_PPK1_SHA3_HASH.
*
* #define XSK_EFUSEPS_WRITE_SPKID TRUE
* TRUE will burn SPKID provided in XSK_EFUSEPS_SPK_ID.
* FALSE will ignore the hash provided in XSK_EFUSEPS_SPK_ID.
*
* #define XSK_EFUSEPS_WRITE_JTAG_USERCODE TRUE
* TRUE will burn JTAG user code provided in XSK_EFUSEPS_JTAG_USERCODE.
* FALSE will ignore the JTAG user code provided in
* XSK_EFUSEPS_JTAG_USERCODE.
*
* #define XSK_EFUSEPS_AES_KEY
* "0000000000000000000000000000000000000000000000000000000000000000"
* The value mentioned in this will be converted to hex buffer and written
* into the ZynqMP Ps eFUSE array when write API used. This value should
* be given in string format. It should be 64 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn AES Key.
* Note that,for writing the AES Key, XSK_EFUSEPS_WRITE_AES_KEY should
* have TRUE value.
*
* #define XSK_EFUSEPS_USER_KEY
* "0000000000000000000000000000000000000000000000000000000000000000"
* The value mentioned in this will be converted to hex buffer and written
* into the ZynqMP Ps eFUSE array when write API used. This value should
* be given in string format. It should be 64 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn User Key.
* Note that,for writing the User Key, XSK_EFUSEPS_WRITE_USER_KEY should
* have TRUE value.
*
* #define XSK_EFUSEPS_PPK0_IS_SHA3 TRUE
* Default value is TRUE.
* TRUE XSK_EFUSEPS_PPK0_SHA3_HASH should be of string length 96 it specifies
* that PPK0 is used to program SHA3 hash.
* FALSE XSK_EFUSEPS_PPK0_SHA3_HASH should be of string length 64 it specifies
* that PPK0 is used to program SHA2 hash.
*
* #define XSK_EFUSEPS_PPK0_HASH
* "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
* The value mentioned in this will be converted to hex buffer and written
* into the ZynqMP Ps eFUSE array when write API used. This value should
* be given in string format. It should be 96 or 64 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn PPK0 hash.
* Note that,for writing the PPK0 hash, XSK_EFUSEPS_WRITE_PPK0_SHA3_HASH
* should have TRUE value.
* While writing SHA2 hash, length should be 64 characters long
* XSK_EFUSEPS_PPK0_IS_SHA3 macro has to be made FALSE.
* While writing SHA3 hash, length should be 96 characters long and
* XSK_EFUSEPS_PPK0_IS_SHA3 macro should be made TRUE
*
* #define XSK_EFUSEPS_PPK1_IS_SHA3 FALSE
* Default value is FALSE.
* TRUE XSK_EFUSEPS_PPK1_SHA3_HASH should be of string length 96 it specifies
* that PPK1 is used to program SHA3 hash.
* FALSE XSK_EFUSEPS_PPK1_SHA3_HASH should be of string length 64 it specifies
* that PPK1 is used to program SHA2 hash.
*
* #define XSK_EFUSEPS_PPK1_HASH
* "0000000000000000000000000000000000000000000000000000000000000000"
* The value mentioned in this will be converted to hex buffer and written
* into the ZynqMP Ps eFUSE array when write API used. This value should
* be given in string format. It should be 64 or 96 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn PPK1 hash.
* Note that,for writing the PPK11 hash, XSK_EFUSEPS_WRITE_PPK1_SHA3_HASH
* should have TRUE value.
* By default PPK1 hash will be provided with 64 character length to
* program PPK1 hash with sha2 hash so XSK_EFUSEPS_PPK1_IS_SHA3
* also will be in FALSE state
* But to program PPK1 hash with SHA3 hash make XSK_EFUSEPS_PPK1_IS_SHA3
* to TRUE and provide sha3 hash of length 96 characters XSK_EFUSEPS_PPK1_HASH
* so that one can program sha3 hash.
*
* #define XSK_EFUSEPS_SPK_ID "00000000"
* The value mentioned in this will be converted to hex buffer and written
* into the ZynqMP Ps eFUSE array when write API used. This value should
* be given in string format. It should be 8 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn SPK ID.
* Note that,for writing the SPK ID, XSK_EFUSEPS_WRITE_SPKID
* should have TRUE value.
*
* #define XSK_EFUSEPS_JTAG_USERCODE "00000000"
* The value mentioned in this will be converted to hex buffer and written
* into the ZynqMP Ps eFUSE array when write API used. This value should
* be given in string format. It should be 8 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn JTAG user code.
* Note that,for writing the JTAG user code, XSK_EFUSEPS_WRITE_JTAG_USERCODE
* should have TRUE value.
*
* NOTE: PPK hash should be unmodified hash generated by bootgen.
* <pre>
* MODIFICATION HISTORY:
*
* Ver Who Date Changes
* ----- ------ -------- ------------------------------------------------------
* 4.0 vns 10/01/15 First release
* </pre>
*
******************************************************************************/
#ifndef XILSKEY_EFUSEPS_ZYNQMP_INPUT_H_
#define XILSKEY_EFUSEPS_ZYNQMP_INPUT_H_
#ifdef __cplusplus
extern "C" {
#endif
/***************************** Include Files *********************************/
#include "xilskey_eps_zynqmp.h"
/************************** Constant Definitions *****************************/
/**************************** Type Definitions *******************************/
/***************** Macros (Inline Functions) Definitions *********************/
/* Following defines should be defined either TRUE or FALSE */
/**
* Following is the define to select if the user wants to program
* Secure control bits
*/
#define XSK_EFUSEPS_AES_RD_LOCK FALSE
#define XSK_EFUSEPS_AES_WR_LOCK FALSE
#define XSK_EFUSEPs_FORCE_USE_AES_ONLY FALSE
#define XSK_EFUSEPS_BBRAM_DISABLE FALSE
#define XSK_EFUSEPS_ERR_OUTOF_PMU_DISABLE FALSE
#define XSK_EFUSEPS_JTAG_DISABLE FALSE
#define XSK_EFUSEPS_DFT_DISABLE FALSE
#define XSK_EFUSEPS_PROG_GATE_0_DISABLE FALSE
#define XSK_EFUSEPS_PROG_GATE_1_DISABLE FALSE
#define XSK_EFUSEPS_PROG_GATE_2_DISABLE FALSE
#define XSK_EFUSEPS_SECURE_LOCK FALSE
#define XSK_EFUSEPS_RSA_ENABLE FALSE
#define XSK_EFUSEPS_PPK0_WR_LOCK FALSE
#define XSK_EFUSEPS_PPK0_REVOKE FALSE
#define XSK_EFUSEPS_PPK1_WR_LOCK FALSE
#define XSK_EFUSEPS_PPK1_REVOKE FALSE
/**
* Following is the define to select if the user wants to program
* user control bits
*/
#define XSK_EFUSEPS_USER_WRLK_0 FALSE
#define XSK_EFUSEPS_USER_WRLK_1 FALSE
#define XSK_EFUSEPS_USER_WRLK_2 FALSE
#define XSK_EFUSEPS_USER_WRLK_3 FALSE
#define XSK_EFUSEPS_USER_WRLK_4 FALSE
#define XSK_EFUSEPS_USER_WRLK_5 FALSE
#define XSK_EFUSEPS_USER_WRLK_6 FALSE
#define XSK_EFUSEPS_USER_WRLK_7 FALSE
/**
* Following is the define to select if the user wants to select AES,
* User keys, PPK0 Sha3 hash, PPK1 Sha3 hash, SPKID and JTAG user code
* for Zynq MP
*/
/* For writing into eFuse */
#define XSK_EFUSEPS_WRITE_AES_KEY FALSE
#define XSK_EFUSEPS_WRITE_USER_KEY FALSE
#define XSK_EFUSEPS_WRITE_PPK0_HASH FALSE
#define XSK_EFUSEPS_WRITE_PPK1_HASH FALSE
#define XSK_EFUSEPS_WRITE_SPKID FALSE
#define XSK_EFUSEPS_WRITE_JTAG_USERCODE FALSE
/**
* Following defines should be given in the form of hex string.
* The length of AES_KEY string must me 64 and for USER_KEY must be 64.
*/
#define XSK_EFUSEPS_AES_KEY "0000000000000000000000000000000000000000000000000000000000000000"
#define XSK_EFUSEPS_USER_KEY "0000000000000000000000000000000000000000000000000000000000000000"
#define XSK_EFUSEPS_PPK0_IS_SHA3 TRUE
#define XSK_EFUSEPS_PPK0_HASH "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
#define XSK_EFUSEPS_PPK1_IS_SHA3 FALSE
#define XSK_EFUSEPS_PPK1_HASH "0000000000000000000000000000000000000000000000000000000000000000"
#define XSK_EFUSEPS_SPK_ID "00000000"
#define XSK_EFUSEPS_JTAG_USERCODE "00000000"
#ifdef __cplusplus
}
#endif
#endif /* XILSKEY_EFUSEPS_ZYNQMP_INPUT_H_ */