UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

AR# 64935

Zynq-7000 AP SoC, Secure boot – Why can I still boot with non-Secure image when XSK_EFUSEPL_FORCE_USE_AES_ONLY is programmed.

Description

I have programed the XSK_EFUSEPL_FORCE_USE_AES_ONLY( CFG_AES_Only) eFuse bit in Vivado Hardware manager.

Non-secure boot of the device should be not allowed.

However I can still boot with a non-AES key image.

Why is this the case?

Solution

(UG585) Table 32-2 indicates that XSK_EFUSEPL_FORCE_USE_AES_ONLY is referred to as CFG_AES_Only in (UG470).

This information is incorrect, the PL CFG_AES_Only bit is not used for Zynq and must not be programmed by the user.

The correct bit is bit[8] of FUSE_CNTL. 

The latest version of Vivado is aware of Zynq and gives a correct bit setting.

<

AR# 64935
Date Created 07/08/2015
Last Updated 07/08/2015
Status Active
Type General Article
Devices
  • Zynq-7000