In 2019.2 and previous releases, it is possible to load a non-secure Bitstream using XilFpga (Standalone, u-boot and Linux) even if RSA_EN and/or ENC_ONLY eFUSEs are programmed.
An adversary with access to Linux calls through ATF into XilFpga or RPU calls to XilFpga could perform incorrect operations.
For more information on how to sign up to receive notifications for new Design Advisories, see (Xilinx Answer 18683).
This issue is addressed in the 2020.1 release by checking the status of RSA_EN and ENC_ONLY during the bitstream validation (prior to loading).
For previous releases, copy the .c and .h files in the attached ZIP file to the Vitis or XSDK installation path and re-build the project.
For example in the 2019.2 release copy the .c and .h file to the below path:
|Name||File Size||File Type|