AR# 71326

Design Advisory for Zynq UltraScale+ MPSoC: 2017.x, 2018.1, 2018.2 FSBL is not checking all of the RSA_EN eFUSEs

Description

From (UG1085): 

https://www.xilinx.com/cgi-bin/docs/ndoc?t=user_guides;d=ug1085-zynq-ultrascale-trm.pdf

There are 15 RSA_EN eFUSEs that when any one of them are programmed, will force the device to boot with a Hardware Root of Trust. 

Note: When any one of the eFUSEs is programmed, every boot must be authenticated using RSA. Xilinx recommends programming all 15 eFUSEs.

The location of these eFUSEs is row 22 and columns [25:11].

The FSBL only checks columns 25 and 24 to see if RSA_EN is indeed programmed.

If the user does not program one of these two eFUSEs, then the FSBL code will not detect that the partition loading requires RSA, and as a result the partitions loaded by the FSBL will not be authenticated. 

Solution

This issue does not have any impact on the CSU ROM or the XilSecure library. It only affects the FSBL.

This is a security issue if the customer does not follow Xilinx's guidance and program all 15 eFUSEs.

The FSBL will be fixed in the 2018.3 release to check all 15 RSA_EN eFUSEs.

AR# 71326
Date 08/03/2018
Status Active
Type Design Advisory
Devices
Tools More Less