AR# 71436

Design Advisory for Zynq-7000: 2018.2 (and earlier) U-Boot does not use the PPK verified by BootROM and stored in OCM when loading partitions.

Description

In Zynq-7000, U-Boot does not use the RSA Primary Public Key (PPK) that was authenticated by the BootROM and stored in OCM, to authenticate the SPK (Secondary Public Key) when loading partitions.

This results in a situation where an adversary could substitute their PPK/SPK pair and have U-Boot successfully authenticate an image that should not have been authenticated.

Solution

This issue is fixed in the 2018.3 release.

Was this Answer Record helpful?

AR# 71436
Date	09/12/2018
Status	Active
Type	Design Advisory
Devices	Zynq-7000

AI Inference Acceleration

App Store

Aerospace & Defense

Automotive

Broadcast & Pro A/V

Consumer Electronics

Data Center

Emulation & Prototyping

Industrial

Healthcare / Medical

Test & Measurement

Wired & Wireless Communications

Devices

Accelerators

System-on-Modules (SOMs)

Kria SOM Resources

Evaluation Boards & Kits

Ethernet Adapters

Software Development Tools

Software Development Resources

Hardware Development Tools

Hardware Development Resources

Embedded Development

Core Technologies

App Store

Product Support

Support

Services

Company

Partners

Contact Us

Your cart is empty

AR# 71436

Design Advisory for Zynq-7000: 2018.2 (and earlier) U-Boot does not use the PPK verified by BootROM and stored in OCM when loading partitions.

Description

Solution