Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

efuseppkbits - Unknown option on command line #12

Open
ldts opened this issue Jul 18, 2021 · 7 comments
Open

efuseppkbits - Unknown option on command line #12

ldts opened this issue Jul 18, 2021 · 7 comments

Comments

@ldts
Copy link

ldts commented Jul 18, 2021
edited
Loading

Hi,

I am trying to generate the SHA to write to the eFuse so I can properly activate the secure boot authentication
However using the documented bif file, I am having the following issue:

all:
{
        [pskfile] keys/PSK.pem
        [sskfile] keys/SSK.pem
        [bootloader, destination_cpu=a53-0, authentication=rsa] u-boot-spl.bin
}

./bootgen –arch zynqmp –image bif.hash -o boot.bin –efuseppkbits eFUSE.txt

****** Xilinx Bootgen v2021.1
  **** Build date : Jul 15 2021-00:18:02
    ** Copyright 1986-2021 Xilinx, Inc. All Rights Reserved.

[ERROR]  : Unknown option on command line:

It is not straightforward to debug the parser (lex/bixon stuff).
Could you help me understand the error in the command line please - verbatim from the documentation?

This actually relates to #10
@ldts
Copy link
Author

ldts commented Jul 18, 2021
edited
Loading

Um reading the code a bit it seems the right way to generate the efuse.txt is to do it at the time of the bin creation only

the_ROM_image:
{
        [pskfile] keys/PSK.pem
        [sskfile] keys/SSK.pem
        [pmufw_image, load=0xffdc0000] pmu.bin
        [bootloader, authentication=rsa, destination_cpu=a53-0, load=0xfffc0000] u-boot-spl.bin
}

./bootgen -arch zynqmp -image bif -w on -o boot.bin -efuseppkbits efusefile.txt

The command above does generate the efuse file but I'd like to have some guarantees it will work (I dont want to risk bricking this board).

please could you confirm?

@embetrix
Copy link

@ldts hi, any hints how to write the fuses without breaking some devices ?

@RamyaDarapuneni
Copy link
Collaborator

Could you please refer app note for writing eFuses on Zynq Ultra Scale Plus devices
Programming BBRAM and eFUSEs Application Note (XAPP1319) • Viewer • AMD Technical Information Portal

@ldts hi, any hints how to write the fuses without breaking some devices ?

@embetrix
Copy link

embetrix commented May 3, 2024

@RamyaDarapuneni thanks but the document doesn't illustrate bytes order of the PPKs and I would like to avoid break some devices. can you please provide an example ?

Is it also possible to write them from Linux through the nvmem API ?

@nathan-menhorn
Copy link

Hi @ldts and @embetrix please reference XAPP1357 found in the Xilinx Design Security lounge.

https://account.amd.com/en/member/design_security.html#tabs-b08b1a322e-item-5dbfbe7377-tab

This will have more details on how to use Bootgen to create the hashes of the PPKs.

@embetrix
Copy link

@nathan-menhorn this just redirect to a registration form which I filled weeks ago and no one from AMD is daring to answer...

@nathan-menhorn
Copy link

Hi @embetrix do you have an active NDA with AMD? This will be required before access is granted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@embetrix @ldts @nathan-menhorn @RamyaDarapuneni