# Xilinx SDK wolfBoot Project To use this example project: 1. Copy `.cproject` and `.project` into the wolfBoot root. 2. From the Xilinx SDK Import wolfBoot using "Import" -> "Existing Projects into Workspace". ## Xilinx SDK BSP This project uses a BSP named `standalone_bsp_0`, which must be configured to use "hypervisor guest" in the BSP configuration settings. This will enable the EL-1 support required with Bl31 (ARM Trusted Firmware). The BSP generates a include/bspconfig.h, which should have these defines set: ``` #define EL1_NONSECURE 1 #define HYP_GUEST 1 ``` Note: This is a generated file from the BSP configurator tool, which is edited by opening the `system.mss` file. ## wolfBoot Configuration A build settings template for Zynq UltraScale+ can be found here `./config/examples/zynqmp.config`. This file can be copied to wolfBoot root as `.config` for building from the command line. These template settings are also in this `.cproject` as preprocessor macros. These settings are loaded into the `target.h.in` template by the wolfBoot `make`. If not using the built-in make then the following defines will need to be manually created in `target.h`: ``` #define WOLFBOOT_SECTOR_SIZE 0x20000 #define WOLFBOOT_PARTITION_BOOT_ADDRESS 0x800000 #define WOLFBOOT_LOAD_ADDRESS 0x10000000 #define WOLFBOOT_PARTITION_SIZE 0x2A00000 #define WOLFBOOT_PARTITION_UPDATE_ADDRESS 0x3A00000 #define WOLFBOOT_PARTITION_SWAP_ADDRESS 0x63E0000 #define WOLFBOOT_DTS_BOOT_ADDRESS 0x7E0000 #define WOLFBOOT_DTS_UPDATE_ADDRESS 0x39E0000 #define WOLFBOOT_LOAD_DTS_ADDRESS 0x11800000 ``` Note: If not using Position Independent Code (PIC) the linker script `ldscript.ld` must have the start address offset to match the `WOLFBOOT_LOAD_ADDRESS`. ## Signing Example ```sh python3 ./tools/keytools/sign.py --rsa4096 --sha3 ../helloworld/Debug/helloworld.elf ./rsa4096.der 1 ``` ## Bootgen Xilinx uses a `bootgen` tool for generating a boot binary image that has Xilinx headers, which the FSBL (First Stage Boot Loader) understands. See the `boot.bif` and `boot_auth.bif` as examples. * Use "partition_owner=uboot" to prevent a partition from being loaded into RAM. * Use "offset=" option to place the application into a specific location in flash. * Use "load=" option to have FSBL load into specific location in RAM. ### Adding RSA Authentication 1. Generate keys: * `bootgen.exe -generate_keys auth pem -arch zynqmp -image boot.bif` 2. Create hash for primary key: * `bootgen.exe -image boot.bif -arch zynqmp -w -o i BOOT.BIN -efuseppkbits ppkf_hash.txt` 3. Import example project for programming eFuses: * New BSP project (program efuses , ZCU102_hw_platform, standalone, CPU: PSU_cortexa53_0) * Goto Xilinx Board Support Packet Settings. * Scroll down to Supported Libraries and Check the xiskey libray * In the system.mss pane, scroll down to Libraries and click Import Examples. * Check the xilskey_esfuseps_zynqmp_example 4. Edit `xilskey_efuseps_zynqmp_input.h` * 433 `#define XSK_EFUSEPS_WRITE_PPK0_HASH TRUE` * 453 `#define XSK_EFUSEPS_PPK0_IS_SHA3 TRUE` * 454 `#define XSK_EFUSEPS_PPK0_HASH "0000000000000000000000000000000000000000000000000000000000000000" /* from ppkf_hash.txt */`` 5. Update boot.bif (see boot_auth.bif) ``` [auth_params] ppk_select=0; spk_id=0x00000000 [pskfile] pskf.pem [sskfile] sskf.pem authentication=rsa ``` 6. Build “boot.bin” image: * `bootgen.exe -image boot.bif -arch zynqmp -o i BOOT.BIN -w` Note: To generate a report of a boot.bin use the `bootgen_utility`: `bootgen_utility -arch zynqmp -bin boot.bin -out boot.bin.txt` ### References: * [ZAPP1319](https://www.xilinx.com/support/documentation/application_notes/xapp1319-zynq-usp-prog-nvm.pdf): Programming BBRAM and eFUSEs * [UG1283](https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_2/ug1283-bootgen-user-guide.pdf): Bootgen User Guide