The BootROM uses the linear mode to access the first 16MB of the QSPI flash to look for the boot image.
There are limitations on where the boot image could be placed if QSPI flash larger than 16MB is used with the optional Execute-in-Place mode.
The same limitation applies when RSA is used. See (Xilinx Answer 57900) for more detail.
The QSPI linear mode read command (6bh) might not get the correct data for the first 4 bytes.
Looking at the following figure, the incorrect 4 bytes of data are from the upper 16MB of memory.
This is a known behavior of the QSPI controller in linear mode.
In the normal QSPI boot mode (not XIP), the first 4 bytes of BootROM header are not used, and checksum is only calculated from 0x020 to 0x044.
So the incorrect data can be ignored. QSPI will boot without issues.
However, if QSPI boots with XIP, the first word is used to remap the flash linear address space.
The following applies only when RSA Authentication is used on QSPI flashes larger than 16MB in single x2 or x4, dual-stacked x4, and dual-parallel x4 configurations.
The boot image cannot be placed at 0x0 offset in the flash when using a QSPI device larger than 16MB with the optional Execute-in-Place mode.
There are three possible work-arounds for this requirement:
NOTE: If XIP is not used, the boot image can be placed at 0x0 even for QSPI larger than 16MB.