Using Encryption

Select the Use Encryption check box to encrypt the boot image or any of the particular partitions of the boot image.

When you enable encryption, you must specify the key file, source, and part name. The table below lists the encryption settings available for both Zynq® and Zynq® UltraScale+™ MPSoC architectures :

Table 1. Encryption Settings



For Zynq Architecture

Key File

The AES key file contains the key for encryption.

The supported file format for AES key file is *.nky.

This key file contains the values like Key 0, StartCBC and HMAC values. If the key file is not given, then this tool generates a key file and stores in the current working directory, which is used for encrypting the partitions.

Key Store

The Key Store is the location where the AES key will be written to for decryption purpose.

Part Name

This field specifies the Xilinx part name. This is needed when generating an encryption key. The name is copied verbatim to the NKY file in the “Device” line.

For Zynq UltraScale+ MPSoC Architecture
Optional Key Use the optional key for encryption purpose.