stv0g/embeddedsw
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

xilskey: Modified example and input.h files

Browse source 
Example has been modified to support both Zynq PL eFuse and
Ultrascale eFuse. Added GPIO pins and channels to access
Master Jtag through GPIO and RSA key hash, AES's CRC value
input macros are also added.

Signed-off-by: VNSL Durga <vnsldurg@xilinx.com>
Reviewed-by: Harini Katakam <harinik@xilinx.com>
This commit is contained in:
VNSL Durga 2015-08-05 18:50:22 +05:30 committed by Nava kishore Manne
parent 02ccf03a94
commit 7ca1fb1844
2 changed files with 649 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

404
lib/sw_services/xilskey/examples/xilskey_efuse_example.c
View file

@ -40,12 +40,16 @@
* eFUSE Application project is capable of programming the PS and PL eFUSE
* bits given by the user. PS eFUSE holds the RSA primary key hash bits and
* user feature bits, which will enable/disable some features in ZYNQ.
* PL eFUSE holds the AES key, user key and some feature bits.
* In Zynq PL eFUSE holds the AES key, user key and some feature bits and
* and in Ultrascale eFUSE holds AES key, User key, RSA key Hash and
* some feature bits.
* User has the provision to write PS eFUSE & PL eFUSE independently or
* can combine together. This can be selected by using the compilation
* switch provided in xilskey_input.h. XSK_EFUSEPS_DRIVER should be
* defined to enable PS functionality & XSK_EFUSEPL_DRIVER for PL
* functionality.
* However for programming eFuse Ultrascale only XSK_EFUSEPL_DRIVER should be
* enabled.
*
* eFUSE bits are one-time programmable. Once they are burnt, they
* cannot be changed. Make sure you enter the correct information before
@ -58,6 +62,8 @@
* defined in xilskey_input.h. By default, all the macros will be defined
* with FALSE values.
*
* For Zynq
* -----------------------------------------------------------------------
* For PL eFUSE writing enabling the caches are necessary if the image is
* executing from DDR. This will be done in BSP by default. User has to
* take care not to disable caches.
@ -100,6 +106,43 @@
*
* 2) Output of the above command will be <O/p file name>.svf.
*
* For Ultrascale
* -----------------------------------------------------------------------
* Accessing Ultrascale microblaze 's eFuse is done by using block RAM
* initialization.
* Master Jtag primitive has to added to design i.e MASTER_JTAG_inst
* instantiation have to performed and AXI GPIO pins has to be connected
* to TDO, TDI, TMS and TCK signals of MASTER_JTAG primitive.
* All Inputs(TDO) and All Outputs(TDI, TMS, TCK) of MASTER_JTAG can be
* connected as
* 1) All Inputs to one channel
* All Outputs to other channel
* Valid example: All Outputs connected to Channel 1
* Input signal TDO also connected to channel 2
* 2) All Inputs and All Outputs to same channel.
* Valid example: All Outputs connected to Channel 1
* Input signal TDO also connected to channel 1
* 3) But some of the Outputs in one channel and some of them in different
* channel is not accepted.
* Invalid example: All Outputs connected to Channel 1
* Input signals (TDI, TMS) connected to Channel 1
* Input signal TCK also connected to channel 2
* The design should only contain AXI bram Ctrl memory mapped(1MB).
* System management wizard should be operated in DRP interface.
* Note: MASTER_JTAG will disable all other JTAGs
*
* Procedure to access efuse of Ultrascale:
* 1) After providing the required inputs in xilskey_input.h, compile the
* project.
* 2) Generate a memory mapped interface file using TCL command
* write_mem_info $Outfilename
* 3) Update memory has to be done using the tcl command updatemem.
* updatemem -meminfo $file.mmi -data $Outfilename.elf -bit $design.bit
* -proc design_1_i/microblaze_0 -out $Final.bit
* 4) Program the board using $Final.bit bitstream
* 5) Output can be seen in UART terminal.
* 6) For calculating CRC of AES key reverse polynomial is 0x82F63B78 or
* one can use the API u32 Xilskey_CrcCalculation(u8 *Key)
*
* MODIFICATION HISTORY:
*
@ -110,6 +153,10 @@
* 3.00 vns 31/07/15 Modified XSK_EFUSEPL_RSA_KEY_HASH_STRING_SIZE macro
* name to XSK_EFUSEPS_RSA_KEY_HASH_STRING_SIZE.
* Added missing goto statement.
* Modified init function, intialisation of instance is
* done based on the platform and Modified example
* to support both Zynq PL's eFuse and also Ultrascale's
* eFuse.
*
****************************************************************************/
/***************************** Include Files *********************************/
@ -151,6 +198,22 @@
* User High Key size in Bytes
*/
#define XSK_EFUSEPL_USER_HIGH_KEY_SIZE_IN_BITS (24)
/**
* user key size in bits
*/
#define XSK_EFUSEPL_USER_KEY_SIZE_IN_BITS (32)
/**
* PL eFUSE RSA key size in characters
*/
#define XSK_EFUSEPL_RSA_KEY_HASH_STRING_SIZE (96)
/**
* RSA Key size in Bytes
*/
#define XSK_EFUSEPL_RSA_KEY_SIZE_IN_BITS (384)
/**
* PL eFuse user key size in characters
*/
#define XSK_EFUSEPL_USER_KEY_STRING_SIZE (8)
/**
* Key length definition for RSA KEY Hash
*/
@ -168,7 +231,7 @@
#define XSK_EFUSEPS_STATUS_ROM_128_CRC 0x800
/*
* PL efuse status bit definitions
* PL efuse status bit definitions of Zynq
*/
#define XSK_EFUSEPL_STATUS_FORCE_PCYCLE_RECONFIG 0x002
#define XSK_EFUSEPL_STATUS_DISABLE_KEY_WRITE 0x004
@ -207,7 +270,11 @@ int main()
#ifdef XSK_EFUSEPS_DRIVER
XilSKey_EPs PsInstancePtr;
u32 PsStatusBits = 0;
#ifdef XSK_MICROBLAZE_PLATFORM
xil_printf("Kintex ultrascale will not have PS please disable"
"XSK_EFUSEPS_DRIVER\n\r");
goto EFUSE_ERROR;
#endif
/**
* Initialize the PS instance pointer with the data
* populated in xilskey_input.h
@ -329,81 +396,192 @@ int main()
* Print Efuse PL status bits
*/
xil_printf("EfusePL status bits : 0x%x \n\r", PlStatusBits);
/* Status bits for Zynq */
if (PlInstancePtr.FpgaFlag == XSK_FPGA_SERIES_ZYNQ) {
if(PlStatusBits & XSK_EFUSEPL_STATUS_FORCE_PCYCLE_RECONFIG) {
xil_printf("EfusePL status bits : Force power cycle for "
"reconfiguration enabled\n\r");
}else {
xil_printf("EfusePL status bits : Force power cycle for "
"reconfiguration disabled\n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_FORCE_PCYCLE_RECONFIG) {
xil_printf("EfusePL status bits : Force power cycle for "
"reconfiguration enabled\n\r");
}else {
xil_printf("EfusePL status bits : Force power cycle for "
"reconfiguration disabled\n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_KEY_WRITE) {
xil_printf("EfusePL status bits : Key write disabled \n\r");
}else {
xil_printf("EfusePL status bits : Key write enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_KEY_WRITE) {
xil_printf("EfusePL status bits : Key write disabled \n\r");
}else {
xil_printf("EfusePL status bits : Key write enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_AES_KEY_READ) {
xil_printf("EfusePL status bits : AES Key read disabled \n\r");
}else {
xil_printf("EfusePL status bits : AES Key read enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_AES_KEY_READ) {
xil_printf("EfusePL status bits : AES Key read disabled \n\r");
}else {
xil_printf("EfusePL status bits : AES Key read enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_USER_KEY_READ) {
xil_printf("EfusePL status bits : User Key read disabled \n\r");
}else {
xil_printf("EfusePL status bits : User Key read enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_USER_KEY_READ) {
xil_printf("EfusePL status bits : User Key read disabled \n\r");
}else {
xil_printf("EfusePL status bits : User Key read enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_FUSE_CNTRL_WRITE) {
xil_printf("EfusePL status bits : Fuse Control write disabled \n\r");
}else {
xil_printf("EfusePL status bits : Fuse Control write enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_DISABLE_FUSE_CNTRL_WRITE) {
xil_printf("EfusePL status bits : Fuse Control write disabled \n\r");
}else {
xil_printf("EfusePL status bits : Fuse Control write enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_EFUSE_SEC_ENABLE) {
xil_printf("EfusePL status bits : Efuse secure boot enabled \n\r");
}else {
xil_printf("EfusePL status bits : Efuse secure boot disabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_EFUSE_SEC_ENABLE) {
xil_printf("EfusePL status bits : Efuse secure boot enabled \n\r");
}else {
xil_printf("EfusePL status bits : Efuse secure boot disabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_JTAG_DISABLE) {
xil_printf("EfusePL status bits : Jtag disabled \n\r");
}else {
xil_printf("EfusePL status bits : Jtag enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_JTAG_DISABLE) {
xil_printf("EfusePL status bits : Jtag disabled \n\r");
}else {
xil_printf("EfusePL status bits : Jtag enabled \n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_BBRAM_KEY_DISABLE) {
xil_printf("EfusePL status bits : BBRAM key disabled \n\r");
}else {
xil_printf("EfusePL status bits : BBRAM key enabled \n\r");
}
}
else { /* for Ultrascale */
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_KEY_READ_ULTRA)) {
xil_printf("EfusePL status bits : AES key read and programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : AES key read enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_USER_KEY_READ_ULTRA)) {
xil_printf("EfusePL status bits : User key read and programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : User key read enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_SECURE_READ_ULTRA)) {
xil_printf("EfusePL status bits : Secure bits read and programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : Secure bits read enabled\n\r");
}
if(PlStatusBits & (1<< XSK_EFUSEPL_STATUS_DISABLE_CNTRL_WRITE_ULTRA)) {
xil_printf("EfusePL status bits : Cntrol bits write disabled \n\r");
}else {
xil_printf("EfusePL status bits : Control bits write enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_RSA_KEY_READ_ULTRA)) {
xil_printf("EfusePL status bits : RSA key read and programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : RSA key read enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_KEY_WRITE_ULTRA)) {
xil_printf("EfusePL status bits : AES key programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : AES key programming enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_USER_KEY_WRITE_ULTRA)) {
xil_printf("EfusePL status bits : User key programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : User key programming enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_SECURE_WRITE_ULTRA)) {
xil_printf("EfusePL status bits : Secure bits programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : Secure bits programming enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_RSA_KEY_WRITE_ULTRA)) {
xil_printf("EfusePL status bits : RSA key programming disabled \n\r");
}else {
xil_printf("EfusePL status bits : RSA key programming enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_FUSE_LOGIC_IS_BUSY_ULTRA)) {
xil_printf("EfusePL status bits : FUSE logic is busy \n\r");
}else {
xil_printf("EfusePL status bits : FUSE logic is free \n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_ALLOW_ENCRYPTED_ONLY_ULTRA)) {
xil_printf("EfusePL status bits : Only allows encrypted bitstreams\n\r");
}else {
xil_printf("EfusePL status bits : Non encrypted bitstream allowed\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_AES_ONLY_ENABLED_ULTRA)) {
xil_printf("EfusePL status bits : Decryption only by AES of FUSE \n\r");
}else {
xil_printf("EfusePL status bits : Decryption can be AES of FUSE or BBRAM \n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_RSA_AUTH_ENABLED_ULTRA)) {
xil_printf("EfusePL status bits : RSA authentication is enabled \n\r");
}else {
xil_printf("EfusePL status bits : RSA authentication is disabled \n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_JTAG_ULTRA)) {
xil_printf("EfusePL status bits : External Jtag pins are disabled\n\r");
}else {
xil_printf("EfusePL status bits : Jtag is not disabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_TEST_ACCESS_ULTRA)) {
xil_printf("EfusePL status bits : Disables test access\n\r");
}else {
xil_printf("EfusePL status bits : Xilinx test access is enabled\n\r");
}
if(PlStatusBits & (1 << XSK_EFUSEPL_STATUS_DISABLE_DCRPTR_ULTRA)) {
xil_printf("EfusePL status bits : Decryptor disabled \n\r");
}else {
xil_printf("EfusePL status bits : Decryptor enabled\n\r");
}
if(PlStatusBits & XSK_EFUSEPL_STATUS_BBRAM_KEY_DISABLE) {
xil_printf("EfusePL status bits : BBRAM key disabled \n\r");
}else {
xil_printf("EfusePL status bits : BBRAM key enabled \n\r");
}
}
/*
* Read Efuse PL key
*/
PlStatus = XilSKey_EfusePl_ReadKey(&PlInstancePtr);
if( PlStatus != XST_SUCCESS) {
printf("PL efuse key read failed\r\n");
xil_printf("PL efuse key read failed\r\n");
goto EFUSE_ERROR;
}
/*
* Print Efuse PL key
*/
xil_printf("EfusePL User key : 0x");
for(KeyCnt = 3; KeyCnt >= 0; KeyCnt--)
{
xil_printf("%02x", PlInstancePtr.UserKeyReadback[KeyCnt]);
}
xil_printf("\n\r");
#ifdef XSK_ARM_PLATFORM
/*
* Print Efuse PL key
*/
xil_printf("EfusePL User key : 0x");
for(KeyCnt = 3; KeyCnt >= 0; KeyCnt--)
{
xil_printf("%02x", PlInstancePtr.UserKeyReadback[KeyCnt]);
}
xil_printf("\n\r");
xil_printf("EfusePL AES key : 0x");
for(KeyCnt = 31; KeyCnt >= 0; KeyCnt--)
{
xil_printf("%02x", PlInstancePtr.AESKeyReadback[KeyCnt]);
}
xil_printf("\n\r");
#else
if (XSK_EFUSEPL_CHECK_AES_KEY_CRC == TRUE){
if (PlInstancePtr.AESKeyMatched == TRUE) {
xil_printf("AES key matched with expected AES Key's CRC");
}
else {
xil_printf("AES key not matched with expected AES's CRC "
"Please provide key's valid CRC \n\r");
}
}
if (XSK_EFUSEPL_READ_USER_KEY == TRUE) {
xil_printf("\r\nEfusePL User key : 0x");
for(KeyCnt = (XSK_EFUSEPL_USER_KEY_SIZE_IN_BYTES - 1); KeyCnt >= 0; KeyCnt--) {
xil_printf("%02x", PlInstancePtr.UserKeyReadback[KeyCnt]);
}
}
if (XSK_EFUSEPL_READ_RSA_KEY_HASH == TRUE) {
xil_printf("\r\nEfusePL RSA hash value : 0x");
for(KeyCnt = (XSK_EFUSEPL_RSA_KEY_HASH_SIZE_IN_BYTES - 1); KeyCnt >= 0; KeyCnt--) {
xil_printf("%02x", PlInstancePtr.RSAHashReadback[KeyCnt]);
}
}
#endif
xil_printf("EfusePL AES key : 0x");
for(KeyCnt = 31; KeyCnt >= 0; KeyCnt--)
{
xil_printf("%02x", PlInstancePtr.AESKeyReadback[KeyCnt]);
}
xil_printf("\n\r");
#endif /*XSK_EFUSEPL_DRIVER*/
@ -435,11 +613,12 @@ EFUSE_ERROR:
Status = ((PsStatus << 16) + PlStatus);
printf("eFUSE operations exit status: %08X\r\n", Status);
/**
* Writing the Exit Status to Reboot Status Register
*/
Xil_Out32(REBOOT_STATUS_REG_ADDR,Status);
#ifdef XSK_ARM_PLATFORM
/**
* Writing the Exit Status to Reboot Status Register
*/
Xil_Out32(REBOOT_STATUS_REG_ADDR,Status);
#endif
while(1);
return 0;
}
@ -534,10 +713,12 @@ u32 XilSKey_EfusePl_InitData(XilSKey_EPl *PlInstancePtr)
/**
* Copy the xilskeyinput.h values into PL eFUSE structure elements
*/
/* For Zynq PL efuse */
/**
* Assign FUSE CNTRL bits[1:5] to the PL eFUSE structure elements.
*/
#ifdef XSK_ARM_PLATFORM
/* Assign FUSE CNTRL bits[1:5] to the PL eFUSE structure elements.*/
PlInstancePtr->ForcePowerCycle = XSK_EFUSEPL_FORCE_PCYCLE_RECONFIG;
PlInstancePtr->KeyWrite = XSK_EFUSEPL_DISABLE_KEY_WRITE;
@ -622,6 +803,95 @@ u32 XilSKey_EfusePl_InitData(XilSKey_EPl *PlInstancePtr)
XSK_EFUSEPL_USER_HIGH_KEY_SIZE_IN_BITS);
}
#else
/* For Ultrascle efuse */
/* eFuse control bits [2:0] */
PlInstancePtr->AESKeyRead= XSK_EFUSEPL_DISABLE_AES_KEY_READ;
PlInstancePtr->UserKeyRead = XSK_EFUSEPL_DISABLE_USER_KEY_READ;
PlInstancePtr->SecureRead = XSK_EFUSEPL_DISABLE_SECURE_READ;
/* eFuse Control bits [9:5] */
PlInstancePtr->CtrlWrite = XSK_EFUSEPL_DISABLE_FUSE_CNTRL_WRITE;
PlInstancePtr->RSARead = XSK_EFUSEPL_DISABLE_RSA_KEY_READ;
PlInstancePtr->KeyWrite = XSK_EFUSEPL_DISABLE_KEY_WRITE;
PlInstancePtr->UserKeyWrite = XSK_EFUSEPL_DISABLE_USER_KEY_WRITE;
PlInstancePtr->SecureWrite = XSK_EFUSEPL_DISABLE_SECURE_WRITE;
/* eFuse control bit 15 */
PlInstancePtr->RSAWrite = XSK_EFUSEPL_DISABLE_RSA_HASH_WRITE;
/* eFuse secure bits [5:0] */
PlInstancePtr->EncryptOnly = XSK_EFUSEPL_ALLOW_ENCRYPTED_ONLY;
PlInstancePtr->UseAESOnly = XSK_EFUSEPL_FORCE_USE_FUSE_AES_ONLY;
PlInstancePtr->RSAEnable = XSK_EFUSEPL_ENABLE_RSA_AUTH;
PlInstancePtr->JtagDisable = XSK_EFUSEPL_DISABLE_JTAG_CHAIN;
PlInstancePtr->IntTestAccessDisable = XSK_EFUSEPL_DISABLE_TEST_ACCESS;
PlInstancePtr->DecoderDisable = XSK_EFUSEPL_DISABLE_DECODER;
PlInstancePtr->ProgAESKeyUltra = XSK_EFUSEPL_PROGRAM_AES_KEY;
PlInstancePtr->ProgUserKeyUltra = XSK_EFUSEPL_PROGRAM_USER_KEY;
PlInstancePtr->ProgRSAKeyUltra = XSK_EFUSEPL_PROGRAM_RSA_KEY_HASH;
PlInstancePtr->ReadUserKeyUltra = XSK_EFUSEPL_READ_USER_KEY;
PlInstancePtr->ReadRSAKeyUltra = XSK_EFUSEPL_READ_RSA_KEY_HASH;
PlInstancePtr->CheckAESKeyUltra = XSK_EFUSEPL_CHECK_AES_KEY_CRC;
PlInstancePtr->CrcOfAESKey = XSK_EFUSEPL_CRC_OF_EXPECTED_AES_KEY;
PlInstancePtr->JtagGpioTDI = XSK_EFUSEPL_AXI_GPIO_JTAG_TDI;
PlInstancePtr->JtagGpioTMS = XSK_EFUSEPL_AXI_GPIO_JTAG_TMS;
PlInstancePtr->JtagGpioTCK = XSK_EFUSEPL_AXI_GPIO_JTAG_TCK;
PlInstancePtr->JtagGpioTDO = XSK_EFUSEPL_AXI_GPIO_JTAG_TDO;
PlInstancePtr->GpioInputCh = XSK_EFUSEPL_GPIO_INPUT_CH;
PlInstancePtr->GpioOutPutCh = XSK_EFUSEPL_GPIO_OUTPUT_CH;
if (PlInstancePtr->ProgUserKeyUltra == TRUE) {
/* Validation of User High Key */
PlStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPL_USER_KEY,
XSK_EFUSEPL_USER_KEY_STRING_SIZE);
if(PlStatus != XST_SUCCESS) {
goto PL_INIT_ERROR;
}
/* Assign the User key [31:0]bits */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPL_USER_KEY ,
&PlInstancePtr->UserKey[0],
XSK_EFUSEPL_USER_KEY_SIZE_IN_BITS);
}
if (PlInstancePtr->ProgAESKeyUltra == TRUE) {
/* Validation of AES Key */
PlStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPL_AES_KEY,
XSK_EFUSEPL_AES_KEY_STRING_SIZE);
if(PlStatus != XST_SUCCESS) {
goto PL_INIT_ERROR;
}
/* Assign the AES Key Value */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPL_AES_KEY,
&PlInstancePtr->AESKey[0],
XSK_EFUSEPL_AES_KEY_SIZE_IN_BITS);
}
if (PlInstancePtr->ProgRSAKeyUltra == TRUE) {
/* Validation of RSA hash */
PlStatus = XilSKey_Efuse_ValidateKey(
(char *)XSK_EFUSEPL_RSA_KEY_HASH_VALUE,
XSK_EFUSEPL_RSA_KEY_HASH_STRING_SIZE);
if(PlStatus != XST_SUCCESS) {
goto PL_INIT_ERROR;
}
/* Assign the RSA hash */
XilSKey_Efuse_ConvertStringToHexLE(
(char *)XSK_EFUSEPL_RSA_KEY_HASH_VALUE,
&PlInstancePtr->RSAKeyHash[0],
XSK_EFUSEPL_RSA_KEY_SIZE_IN_BITS);
}
/* Variable to check whether internal system initialization is done.*/
PlInstancePtr->SystemInitDone = 0;
#endif
PL_INIT_ERROR:
return PlStatus;
}

314
lib/sw_services/xilskey/examples/xilskey_input.h
View file

@ -84,7 +84,7 @@
* Note: When XilSKey_EfusePs_Write() API is used, above mentioned RSA hash
* is written and XSK_EFUSEPS_ENABLE_RSA_KEY_HASH should have TRUE value.
*
* User configurable parameters for PL eFUSE
* User configurable parameters for PL eFUSE for Zynq
* -----------------------------------------------------------------------
* #define XSK_EFUSEPL_FORCE_PCYCLE_RECONFIG FALSE
* TRUE then part has to be power cycled to be able to be reconfigured.
@ -203,6 +203,169 @@
* "349de4571ae6d88de23de65489acf67000ff5ec901ae3d409aabbce4549812dd"
* #define XSK_BBRAM_AES_KEY_SIZE_IN_BITS 256
*
* User configurable parameters for PL eFUSE for Kintex Ultrascale
* -----------------------------------------------------------------------
* #define XSK_EFUSEPL_DISABLE_AES_KEY_READ FALSE
* TRUE will permanently disables the write to FUSE_AES and
* check CRC for AES key by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_USER_KEY_READ FALSE
* TRUE will permanently disables the write to FUSE_USER and
* read of FUSE_USER key by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_SECURE_READ FALSE
* TRUE will permanently disables the write to FUSE_Secure block
* and reading of secure block by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_FUSE_CNTRL_WRITE FALSE
* TRUE will permanently disables the write to FUSE_CNTRL block
* by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_RSA_KEY_READ FALSE
* TRUE will permanently disables the write to FUSE_RSA block and
* reading of FUSE_RSA Hash by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_KEY_WRITE FALSE
* TRUE will permanently disables the write to FUSE_AES block by
* programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_USER_KEY_WRITE FALSE
* TRUE will permanently disables the write to FUSE_USER block
* by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_SECURE_WRITE FALSE
* TRUE will permanently disables the write to FUSE_SECURE block
* by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_RSA_HASH_WRITE FALSE
* TRUE will permanently disables the write to FUSE_RSA authentication
* key by programming control bit of FUSE.
* FALSE will not modify this control bit of eFuse.
*
* #define XSK_EFUSEPL_ALLOW_ENCRYPTED_ONLY FALSE
* TRUE will permanently allows encrypted bitstream only.
* FALSE will not modify this Secure bit of eFuse.
*
* #define XSK_EFUSEPL_FORCE_USE_FUSE_AES_ONLY FALSE
* TRUE then allows only FUSE's AES key as source of encryption
* FALSE then allows FPGA to configure an unencrypted bitstream or
* bitstream encrypted using key stored BBRAM or eFuse.
*
* #define XSK_EFUSEPL_ENABLE_RSA_AUTH FALSE
* TRUE will enable RSA authentication of bitstream
* FALSE will not modify this secure bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_JTAG_CHAIN FALSE
* TRUE will disable JTAG permanently.
* FALSE will not modify this secure bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_TEST_ACCESS FALSE
* TRUE will disables Xilinx test access.
* FALSE will not modify this secure bit of eFuse.
*
* #define XSK_EFUSEPL_DISABLE_DECODER FALSE
* TRUE will disables decoder completely.
* FALSE will not modify this secure bit of eFuse.
*
* In Ultrascale GPIO pins used for connecting MASTER_JTAG pins to access
* eFUSE
* Following are the GPIO pins and user can change these pins
* #define XSK_EFUSEPL_AXI_GPIO_JTAG_TDO (0)
* #define XSK_EFUSEPL_AXI_GPIO_JTAG_TDI (0)
* #define XSK_EFUSEPL_AXI_GPIO_JTAG_TMS (1)
* #define XSK_EFUSEPL_AXI_GPIO_JTAG_TCK (2)
*
* #define XSK_EFUSEPL_GPIO_INPUT_CH (2)
* This macro is for providing channel number of ALL INPUTS connected (TDO)
* #define XSK_EFUSEPL_GPIO_OUTPUT_CH (1)
* This macro is for providing channel number of ALL OUTPUTS connected
* (TDI, TCK, TMS)
*
* NOTE: All inputs and outputs of GPIO can be configured in single
* channel also
* i.e XSK_EFUSEPL_GPIO_INPUT_CH = XSK_EFUSEPL_GPIO_OUTPUT_CH = 1 or 2.
* Among (TDI, TCK, TMS) Outputs of GPIO cannot be connected to different
* GPIO channels all the 3 signals should be in same channel.
* TDO can be a other channel of (TDI, TCK, TMS) or the same.
*
* #define XSK_EFUSEPL_PROGRAM_AES_KEY_ULTRA FALSE
* TRUE will burn the AES key given in XSK_EFUSEPL_AES_KEY.
* FALSE will ignore the values given.
*
* #define XSK_EFUSEPL_PROGRAM_USER_KEY_ULTRA FALSE
* TRUE will burn User key given in XSK_EFUSEPL_USER_KEY
* FALSE will ignore the values given.
*
* #define XSK_EFUSEPL_PROGRAM_RSA_HASH_ULTRA FALSE
* TRUE will burn RSA hash given in XSK_EFUSEPL_RSA_KEY_HASH_VALUE
* FALSE will ignore the values given.
*
* #define XSK_EFUSEPL_CHECK_AES_KEY_ULTRA FALSE
* TRUE will perform CRC check of FUSE_AES with provided CRC value in macro
* XSK_EFUSEPL_CRC_OF_EXPECTED_AES_KEY.
* And result of CRC checck will be updated in XilSKey_EPl instance
* parameter AESKeyMatched with either TRUE or FALSE.
* FALSE CRC check of FUSE_AES will not be performed.
*
* #define XSK_EFUSEPL_READ_USER_KEY_ULTRA FALSE
* TRUE will read FUSE_USER from Ultrascale's eFuse and updates in
* XilSKey_EPl instance parameter UserKeyReadback
* FALSE FUSE_USER key read will not be performed.
*
* #define XSK_EFUSEPL_READ_RSA_HASH_ULTRA FALSE
* TRUE will read FUSE_USER from Ultrascale's eFuse and updates in
* XilSKey_EPl instance parameter RSAHashReadback
* FALSE FUSE_RSA_HASH read will not be performed.
*
* #define XSK_EFUSEPL_AES_KEY
* "0000000000000000000000000000000000000000000000000000000000000000"
* The value mentioned in this will be converted to hex buffer and written
* into the PL eFUSE array when write API used. This value should be the
* PPK(Primary Public Key) hash given in string format. It should be 64
* characters long, valid characters are 0-9,a-f,A-F. Any other character
* is considered as invalid string and will not burn AES Key. Note that,
* for writing the AES Key, XSK_EFUSEPL_PROGRAM_AES_KEY_ULTRA should
* have TRUE value.
*
* #define XSK_EFUSEPL_USER_KEY "00000000"
* The value mentioned in this will be converted to hex buffer and written
* into the PL eFUSE array when write API used. This value should be the
* User Key given in string format. It should be 8 characters long, valid
* characters are 0-9,a-f,A-F. Any other character is considered as invalid
* string and will not burn User Key. Note that, for writing the User Key,
* XSK_EFUSEPL_PROGRAM_USER_KEY_ULTRA should have TRUE value.
*
* #define XSK_EFUSEPL_RSA_KEY_HASH_VALUE
* "0000000000000000000000000000000000000000000000 \
* 00000000000000000000000000000000000000000000000000"
* The value mentioned in this will be converted to hex buffer and written
* into the PL eFUSE array when write API used. This value should be the
* RSA Key hash given in string format. It should be 96 characters long,
* valid characters are 0-9,a-f,A-F. Any other character is considered as
* invalid string and will not burn RSA hash value. Note that, for writing
* the RSA hash, XSK_EFUSEPL_PROGRAM_RSA_HASH_ULTRA should have TRUE value.
*
* #define XSK_EFUSEPL_CRC_OF_EXPECTED_AES_KEY 0x621C42AA
* 0x621C42AA is hexadecimal CRC value of FUSE_AES with all Zeros.
* Expected FUSE_AES key's CRC value has to be updated in place of
* 0x621C42AA.
* For Checking CRC of FUSE_AES XSK_EFUSEPL_CHECK_AES_KEY_ULTRA macro
* should be TRUE otherwise CRC check will not be performed.
* For calculation of AES key's CRC one can use
* u32 Xilskey_CrcCalculation(u8 *Key) API or reverse polynomial
* 0x82F63B78.
*
* NOTE:Please make sure you have sufficient heap and stack to run this
* application.
*
* <pre>
* MODIFICATION HISTORY:
*
@ -210,6 +373,12 @@
* ----- ---- -------- --------------------------------------------------------
* 1.00a rpoolla 04/26/13 First release
* 1.01a hk 09/18/13 Added BBRAM related definitions
* 3.00 vns 31/07/15 Added efuse functionality for Ultrascale.
* In Ultrascale GPIO pins and channels macros are added
* to access Master Jtag primitive and also added
* extra control bits and secure bits for Ultrascale's
* eFuse.
*
* </pre>
*
*
@ -238,6 +407,11 @@ extern "C" {
#define LOW 0
#define HIGH 1
/**
* Definition of Zynq PL
* ----------------------------------------------------------
*/
#ifdef XSK_ARM_PLATFORM
/**
* Following defines should be defined either TRUE or FALSE.
* --------------------------------------------------------
@ -320,10 +494,146 @@ extern "C" {
#define XSK_EFUSEPL_AES_KEY "0000000000000000000000000000000000000000000000000000000000000000"
#define XSK_EFUSEPL_USER_LOW_KEY "00"
#define XSK_EFUSEPL_USER_HIGH_KEY "000000"
/**
* Definitions for Kintex Ultrascale's eFuse
* ---------------------------------------------
*/
#else
/**
* Following is the define to select if the user wants to program control bits
*/
#define XSK_EFUSEPL_DISABLE_AES_KEY_READ FALSE /**< If TRUE will disable
* AES key crc check
* andprogramming
*/
#define XSK_EFUSEPL_DISABLE_USER_KEY_READ FALSE /**< If TRUE will disable
* User key reading and
* programming
*/
#define XSK_EFUSEPL_DISABLE_SECURE_READ FALSE /**< If TRUE will disable
* secure block reading
* and programming
*/
#define XSK_EFUSEPL_DISABLE_FUSE_CNTRL_WRITE FALSE /**< If TRUE will disable
* programming control
* bits
*/
#define XSK_EFUSEPL_DISABLE_RSA_KEY_READ FALSE /**< If TRUE will disable
* RSA key hash reading
* and programming
*/
#define XSK_EFUSEPL_DISABLE_KEY_WRITE FALSE /**< If TRUE will disable
* AES key programming
*/
#define XSK_EFUSEPL_DISABLE_USER_KEY_WRITE FALSE /**< If TRUE will disable
* Programming User
* key
*/
#define XSK_EFUSEPL_DISABLE_SECURE_WRITE FALSE /**< If TRUE will disable
* programming Secure block
*/
#define XSK_EFUSEPL_DISABLE_RSA_HASH_WRITE FALSE /**< If TRUE will disable
* programming to RSA key
* hash
*/
/**
* Following is the define to select if the user wants to program Secure bits
*/
#define XSK_EFUSEPL_ALLOW_ENCRYPTED_ONLY FALSE /**< If TRUE will force
* to use only encrypted
* bitstreams
*/
#define XSK_EFUSEPL_FORCE_USE_FUSE_AES_ONLY FALSE /**< If TRUE will force
* to use Secure boot
* with eFUSE key only.
*/
#define XSK_EFUSEPL_ENABLE_RSA_AUTH FALSE /**< If TRUE will enable
* RSA authentication of
* bitstream */
#define XSK_EFUSEPL_DISABLE_JTAG_CHAIN FALSE /**< If TRUE then
* permanently sets the Ultrascale
* device in bypass mode
*/
#define XSK_EFUSEPL_DISABLE_TEST_ACCESS FALSE /**< If TRUE will disable internal
* test access for ULTRASCALE
*/
#define XSK_EFUSEPL_DISABLE_DECODER FALSE /**< If TRUE will
* Disable's decoder
*/
/**
* Following defines should be given in decimal/hexa-decimal values.
* These are to be defined for Ultrascale Microblaze
* AXI GPIO pin numbers connected to MASTER JTAG primitive and corresponding
* channel numbers for GPIO pins
*/
#define XSK_EFUSEPL_AXI_GPIO_JTAG_TDO (0) /**< MASTER JTAG GPIO
* pin for TDO */
#define XSK_EFUSEPL_AXI_GPIO_JTAG_TDI (0) /**< MASTER JTAG GPIO
* pin for TDI */
#define XSK_EFUSEPL_AXI_GPIO_JTAG_TMS (1) /**< MASTER JTAG GPIO
* pin for TMS */
#define XSK_EFUSEPL_AXI_GPIO_JTAG_TCK (2) /**< MASTER JTAG GPIO
* pin for TCK */
#define XSK_EFUSEPL_GPIO_INPUT_CH (2) /**< GPIO Channel of TDO
* pin connected */
#define XSK_EFUSEPL_GPIO_OUTPUT_CH (1) /**< GPIO Channel of TDI,
* * TMS and TCK pin connected */
/**
* Following is the define to select if the user wants to select AES, User, RSA and RES keys
* for Ultrascale
*/
/* For Programming keys */
#define XSK_EFUSEPL_PROGRAM_AES_KEY FALSE /**< TRUE burns
* the AES key
*/
#define XSK_EFUSEPL_PROGRAM_USER_KEY FALSE /**< TRUE burns
* the USER key
*/
#define XSK_EFUSEPL_PROGRAM_RSA_KEY_HASH FALSE /**< TRUE burns
* the RSA hash
*/
/* For reading keys */
#define XSK_EFUSEPL_CHECK_AES_KEY_CRC FALSE /**< TRUE checks
* AES key with
* below provided CRC
*/
#define XSK_EFUSEPL_READ_USER_KEY FALSE /**< TRUE read
* USER key
*/
#define XSK_EFUSEPL_READ_RSA_KEY_HASH FALSE /**< TRUE read
* RSA Hash value
*/
/**
* Following defines should be given in the form of hex string.
* The length of AES_KEY string must me 64 and for USER_KEY must be 8.
*/
#define XSK_EFUSEPL_AES_KEY "0000000000000000000000000000000000000000000000000000000000000000"
#define XSK_EFUSEPL_USER_KEY "00000000"
/**
* Following defines should be given only for Ultrascale the length of
* RSA string must be 96
*/
#define XSK_EFUSEPL_RSA_KEY_HASH_VALUE "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
/**
* Following define is CRC value of expected AES key
*/
#define XSK_EFUSEPL_CRC_OF_EXPECTED_AES_KEY 0x621C42AA
#endif
#endif /*XSK_EFUSEPL_DRIVER*/
/**
* Similarly we can define PS eFUSE related data
* ---------------------------------------------