We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 64935

Zynq-7000 AP SoC, Secure boot – Why can I still boot with non-Secure image when XSK_EFUSEPL_FORCE_USE_AES_ONLY is programmed.


I have programed the XSK_EFUSEPL_FORCE_USE_AES_ONLY( CFG_AES_Only) eFuse bit in Vivado Hardware manager.

Non-secure boot of the device should be not allowed.

However I can still boot with a non-AES key image.

Why is this the case?


(UG585) Table 32-2 indicates that XSK_EFUSEPL_FORCE_USE_AES_ONLY is referred to as CFG_AES_Only in (UG470).

This information is incorrect, the PL CFG_AES_Only bit is not used for Zynq and must not be programmed by the user.

The correct bit is bit[8] of FUSE_CNTL. 

The latest version of Vivado is aware of Zynq and gives a correct bit setting.


AR# 64935
Date Created 07/08/2015
Last Updated 07/08/2015
Status Active
Type General Article
  • Zynq-7000