User manual
Table Of Contents
- Zynq-7000 All Programmable SoC
- Table of Contents
- Ch. 1: Introduction
- Ch. 2: Signals, Interfaces, and Pins
- Ch. 3: Application Processing Unit
- Ch. 4: System Addresses
- Ch. 5: Interconnect
- Ch. 6: Boot and Configuration
- Ch. 7: Interrupts
- Ch. 8: Timers
- Ch. 9: DMA Controller
- Introduction
- Functional Description
- DMA Transfers on the AXI Interconnect
- AXI Transaction Considerations
- DMA Manager
- Multi-channel Data FIFO (MFIFO)
- Memory-to-Memory Transfers
- PL Peripheral AXI Transactions
- PL Peripheral Request Interface
- PL Peripheral - Length Managed by PL Peripheral
- PL Peripheral - Length Managed by DMAC
- Events and Interrupts
- Aborts
- Security
- IP Configuration Options
- Programming Guide for DMA Controller
- Programming Guide for DMA Engine
- Programming Restrictions
- System Functions
- I/O Interface
- Ch. 10: DDR Memory Controller
- Introduction
- AXI Memory Port Interface (DDRI)
- DDR Core and Transaction Scheduler (DDRC)
- DDRC Arbitration
- Controller PHY (DDRP)
- Initialization and Calibration
- DDR Clock Initialization
- DDR IOB Impedance Calibration
- DDR IOB Configuration
- DDR Controller Register Programming
- DRAM Reset and Initialization
- DRAM Input Impedance (ODT) Calibration
- DRAM Output Impedance (RON) Calibration
- DRAM Training
- Write Data Eye Adjustment
- Alternatives to Automatic DRAM Training
- DRAM Write Latency Restriction
- Register Overview
- Error Correction Code (ECC)
- Programming Model
- Ch. 11: Static Memory Controller
- Ch. 12: Quad-SPI Flash Controller
- Ch. 13: SD/SDIO Controller
- Ch. 14: General Purpose I/O (GPIO)
- Ch. 15: USB Host, Device, and OTG Controller
- Introduction
- Functional Description
- Programming Overview and Reference
- Device Mode Control
- Device Endpoint Data Structures
- Device Endpoint Packet Operational Model
- Device Endpoint Descriptor Reference
- Programming Guide for Device Controller
- Programming Guide for Device Endpoint Data Structures
- Host Mode Data Structures
- EHCI Implementation
- Host Data Structures Reference
- Programming Guide for Host Controller
- OTG Description and Reference
- System Functions
- I/O Interfaces
- Ch. 16: Gigabit Ethernet Controller
- Ch. 17: SPI Controller
- Ch. 18: CAN Controller
- Ch. 19: UART Controller
- Ch. 20: I2C Controller
- Ch. 21: Programmable Logic Description
- Ch. 22: Programmable Logic Design Guide
- Ch. 23: Programmable Logic Test and Debug
- Ch. 24: Power Management
- Ch. 25: Clocks
- Ch. 26: Reset System
- Ch. 27: JTAG and DAP Subsystem
- Ch. 28: System Test and Debug
- Ch. 29: On-Chip Memory (OCM)
- Ch. 30: XADC Interface
- Ch. 31: PCI Express
- Ch. 32: Device Secure Boot
- Appx. A: Additional Resources
- Appx. B: Register Details
- Overview
- Acronyms
- Module Summary
- AXI_HP Interface (AFI) (axi_hp)
- CAN Controller (can)
- DDR Memory Controller (ddrc)
- CoreSight Cross Trigger Interface (cti)
- Performance Monitor Unit (cortexa9_pmu)
- CoreSight Program Trace Macrocell (ptm)
- Debug Access Port (dap)
- CoreSight Embedded Trace Buffer (etb)
- PL Fabric Trace Monitor (ftm)
- CoreSight Trace Funnel (funnel)
- CoreSight Intstrumentation Trace Macrocell (itm)
- CoreSight Trace Packet Output (tpiu)
- Device Configuration Interface (devcfg)
- DMA Controller (dmac)
- Gigabit Ethernet Controller (GEM)
- General Purpose I/O (gpio)
- Interconnect QoS (qos301)
- NIC301 Address Region Control (nic301_addr_region_ctrl_registers)
- I2C Controller (IIC)
- L2 Cache (L2Cpl310)
- Application Processing Unit (mpcore)
- On-Chip Memory (ocm)
- Quad-SPI Flash Controller (qspi)
- SD Controller (sdio)
- System Level Control Registers (slcr)
- Static Memory Controller (pl353)
- SPI Controller (SPI)
- System Watchdog Timer (swdt)
- Triple Timer Counter (ttc)
- UART Controller (UART)
- USB Controller (usb)
Zynq-7000 AP SoC Technical Reference Manual www.xilinx.com 772
UG585 (v1.11) September 27, 2016
Chapter 32: Device Secure Boot
PS eFUSE Settings
The PS also has an eFuse array. The primary purpose is to store the memory built in self repair
information and the RSA public key hash. The PS eFuse also has a number of fuses that can be used
to control the security boot flow of the device. (see Table 32-3). More information regarding
programing of the PS eFuses can be found in UG643
, OS and Libraries Document Collection, and in
UG996 (available in the user install area of the software).
32.2.5
RSA Authentication
The BootROM has the ability to authenticate a secure FSBL prior to decryption or a non-secure FSBL
prior to execution using RSA public key authentication. This feature is enabled by blowing the RSA
Authentication Enable fuse in the PS eFuse array.
When RSA authentication is enabled, the BootROM starts by loading the FSBL into the OCM. Then
the Primary Public Key (PPK) is loaded and a SHA-256 signature is calculated. This calculated
signature is compared to the PPK Hash value stored in the PS eFuse. If the PPK signature matches the
PPK Hash value, then the boot continues. The BootROM then loads the Secondary Public Key (SPK)
from the boot image and the SPK signature. The SPK is authenticated using the PPK. Failure to
authenticate the PPK or SPK triggers a fallback mode by the BootROM. If a new FSBL is not found, the
device enters a secure lockdown.
XSK_EFUSEPL_BBRAM_KEY_DISABLE BBRAM Key Disable. If the AP SoC device is booted in
secure mode, then the eFuse key must be selected.
Non-secure boot of the device is allowed. If the boot image
header does not match this setting, a security lockdown
occurs.
XSK_EFUSEPL_DISABLE_JTAG_CHAIN JTAG Chain Disable. The ARM DAP and PL TAP are
permanently disabled. Any attempt to active the ARM DAP
or the PL TAP controllers causes a security lockdown.
Table 32-3: PS eFuse Setting Summary
eFuse Description
eFuse Write Protection (2 fuses) Blow both of these fuses to permanently disable all writes to the PS
eFuse array.
OCM ROM 128KB CRC Enable
Enables a full 128 KB CRC on the ROM prior to loading the FSBL.
RSA Authentication Enable
Enables RSA authentication for NAND, NOR, SD, or QSPI.
DFT JTAG Disable
The ARM DAP and PL TAP are disabled when the device is booted
in DFT mode, any attempt to activate the ARM DAP or the PL TAP
causes a security lockdown.
DFT Mode Disable
The DFT boot mode is permanently disabled. Booting in DFT mode
immediately triggers a security lockdown.
RSA PPK Hash (310 fuses)
SHA-256 signature for the RSA primary public key including extra
ECC bits.
Table 32-2: PL eFuse Settings Summary (Cont’d)
eFuse Description