I actually reached out to customer service last year about this, but they directed me here to the forums. I need the board for a project now and I am hoping to get a replacement because the board may not meet the Xilinx proper voltage synchronization required for secure boot. I would need someone in the technical staff to confirm this according to customer service.
History
I was working on a secure boot project, and apparently the ZYBOZ7 board may be susceptible to the following:
The board was working fine even with the PL eFUSE was set with an AES key. I was able to program encrypted bit streams and boot encrypted boot files. Because of Xilinx starbleed exploit:
and made certain that the PL eFuse was disabled as per the steps in the xapp. After running secure key to program the PS eFuse, the serial terminal printed out success and even read back the correct PPK Hash value. For me, the board stopped working on reboot. The board is 100% bricked at this point and when reading back the PL eFuse it is all zeros meaning it was corrupted. The PL eFuse always read back the AES key until I added authentication and programed the PS eFuse.
Can you confirm that the power up and down sequences are with the Xilinx spec? See
I've worked with board after this were the voltage was synchronized correctly and had no issue implementing secure boot. It comes down to confirming the voltages are correct to support secure boot though.
Question
phyguy
I actually reached out to customer service last year about this, but they directed me here to the forums. I need the board for a project now and I am hoping to get a replacement because the board may not meet the Xilinx proper voltage synchronization required for secure boot. I would need someone in the technical staff to confirm this according to customer service.
History
I was working on a secure boot project, and apparently the ZYBOZ7 board may be susceptible to the following:
https://support.xilinx.com/s/article/65240?language=en_US
The board was working fine even with the PL eFUSE was set with an AES key. I was able to program encrypted bit streams and boot encrypted boot files. Because of Xilinx starbleed exploit:
https://support.xilinx.com/s/article/73541?language=en_US
Xilinx is instructing users to add authentication. I followed xpp1175:
https://support.xilinx.com/s/article/73541?language=en_US
and made certain that the PL eFuse was disabled as per the steps in the xapp. After running secure key to program the PS eFuse, the serial terminal printed out success and even read back the correct PPK Hash value. For me, the board stopped working on reboot. The board is 100% bricked at this point and when reading back the PL eFuse it is all zeros meaning it was corrupted. The PL eFuse always read back the AES key until I added authentication and programed the PS eFuse.
Can you confirm that the power up and down sequences are with the Xilinx spec? See
https://support.xilinx.com/s/article/65240?language=en_US
I've worked with board after this were the voltage was synchronized correctly and had no issue implementing secure boot. It comes down to confirming the voltages are correct to support secure boot though.
Thanks!
Edited by phyguyLink to comment
Share on other sites
6 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now