AR# 76125

|

Design Advisory for Zynq-7000 SoC and Zynq UltraScale+ MPSoC/RFSoC: 2020.3 (and previous) Bootgen fails to replace the old authentication key files with new authentication key files generated using the ‘-generate_keys’ option

Description

In the 2020.3 release and previous versions, Bootgen can fail to replace the old authentication key files with new authentication key files generated using the ‘-generate_keys’ option.

This happens when the target key files already exist on the disk but cannot be overwritten (for example, due to permissions issue).

If the key format is PEM, bootgen will crash with a segmentation fault.

However, if the format is RSA, Bootgen will silently exit without any error.

Notes:

  • This issue does not apply to Versal because the ‘-generate_keys’ option is not yet supported for Versal (As of the 2020.3 release and previous versions).
  • This issue does not apply to the obfuscated key because it is NOT an authentication key.

For more information on how to sign up to receive notifications for new Design Advisories, see (Xilinx Answer 18683).


 

Solution

Xilinx recommends that you check the existence and permissions of the target key files before generation.

If this is not done, it could result in the user using the old keys while under the impression that they are using the newly generated keys. This could be a security vulnerability.

This issue wil be fixed in future releases of Bootgen and proper ERROR messages will be provided if Bootgen does not have permission to overwrite any of the existing key files.

AR# 76125
Date 03/07/2021
Status Active
Type Design Advisory
Devices
Tools
People Also Viewed