AR# 71436


Design Advisory for Zynq-7000: 2018.2 (and earlier) U-Boot does not use the PPK verified by BootROM and stored in OCM when loading partitions.


In Zynq-7000, U-Boot does not use the RSA Primary Public Key (PPK) that was authenticated by the BootROM and stored in OCM, to authenticate the SPK (Secondary Public Key) when loading partitions.

This results in a situation where an adversary could substitute their PPK/SPK pair and have U-Boot successfully authenticate an image that should not have been authenticated.


This issue is fixed in the 2018.3 release.

AR# 71436
Date 09/12/2018
Status Active
Type Design Advisory
People Also Viewed