We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

Page Bookmarked

AR# 56948

14.6 FSBL has Security Risks that need to be addressed


Version14.6 of  FSBL contains Security Risks which need to be addressed.
The Partition Header used by FSBL is not authenticated

The Partition Header contains details about the partition attributes which are used by FSBL to determine whether the partition needs to be authenticated or not.

Security Risk:
A hacker could change the RSA attribute values in the Partition header and make FSBL skip the authentication of those partitions.

This could results in partitions of the hackers choosing being loaded.
FSBL does not use PPK authenticated by Boot ROM for authenticating the Partition images

FSBL must use the same PPK as in the FSBL certificate which BootROM has authenticated.

Security Risk:
FSBL always trusts the PPK that was attached with the authentication certificate of that Partition.

A Hacker could create their own authentication certificate which contains their own PPK and SPK.


These issues have been resolved in FSBL version 14.7.


AR# 56948
Date 05/30/2014
Status Active
Type Known Issues
  • Zynq-7000
  • EDK - 14.6