wolfBoot/IDE/XilinxSDK

Xilinx SDK wolfBoot Project

To use this example project:

1. Copy .cproject and .project into the wolfBoot root.
2. From the Xilinx SDK Import wolfBoot using "Import" -> "Existing Projects into Workspace".

Xilinx SDK BSP

This project uses a BSP named standalone_bsp_0, which must be configured to use "hypervisor guest" in the BSP configuration settings. This will enable the EL-1 support required with Bl31 (ARM Trusted Firmware). The BSP generates a include/bspconfig.h, which should have these defines set:

#define EL1_NONSECURE 1
#define HYP_GUEST 1

Note: This is a generated file from the BSP configurator tool, which is edited by opening the system.mss file.

wolfBoot Configuration

A build settings template for Zynq UltraScale+ can be found here ./config/examples/zynqmp.config. This file can be copied to wolfBoot root as .config for building from the command line. These template settings are also in this .cproject as preprocessor macros. These settings are loaded into the target.h.in template by the wolfBoot make. If not using the built-in make then the following defines will need to be manually created in target.h:

#define WOLFBOOT_SECTOR_SIZE                 0x20000
#define WOLFBOOT_PARTITION_BOOT_ADDRESS      0x800000
#define WOLFBOOT_LOAD_ADDRESS                0x10000000
#define WOLFBOOT_PARTITION_SIZE              0x2A00000
#define WOLFBOOT_PARTITION_UPDATE_ADDRESS    0x3A00000
#define WOLFBOOT_PARTITION_SWAP_ADDRESS      0x63E0000

#define WOLFBOOT_DTS_BOOT_ADDRESS            0x7E0000
#define WOLFBOOT_DTS_UPDATE_ADDRESS          0x39E0000
#define WOLFBOOT_LOAD_DTS_ADDRESS            0x11800000

Note: If not using Position Independent Code (PIC) the linker script ldscript.ld must have the start address offset to match the WOLFBOOT_LOAD_ADDRESS.

Signing Example

python3 ./tools/keytools/sign.py --rsa4096 --sha3 ../helloworld/Debug/helloworld.elf ./rsa4096.der 1

Bootgen

Xilinx uses a bootgen tool for generating a boot binary image that has Xilinx headers, which the FSBL (First Stage Boot Loader) understands. See the boot.bif and boot_auth.bif as examples.

• Use "partition_owner=uboot" to prevent a partition from being loaded into RAM.
• Use "offset=" option to place the application into a specific location in flash.
• Use "load=" option to have FSBL load into specific location in RAM.

Adding RSA Authentication

1. Generate keys:

   • bootgen.exe -generate_keys auth pem -arch zynqmp -image boot.bif

2. Create hash for primary key:

   • bootgen.exe -image boot.bif -arch zynqmp -w -o i BOOT.BIN -efuseppkbits ppkf_hash.txt

3. Import example project for programming eFuses:

   • New BSP project (program efuses , ZCU102_hw_platform, standalone, CPU: PSU_cortexa53_0)
   • Goto Xilinx Board Support Packet Settings.
   • Scroll down to Supported Libraries and Check the xiskey libray
   • In the system.mss pane, scroll down to Libraries and click Import Examples.
   • Check the xilskey_esfuseps_zynqmp_example

4. Edit xilskey_efuseps_zynqmp_input.h

   • 433 #define XSK_EFUSEPS_WRITE_PPK0_HASH TRUE
   • 453 #define XSK_EFUSEPS_PPK0_IS_SHA3 TRUE
   • 454 `#define XSK_EFUSEPS_PPK0_HASH "0000000000000000000000000000000000000000000000000000000000000000" /* from ppkf_hash.txt */``

5. Update boot.bif (see boot_auth.bif)

   [auth_params] ppk_select=0; spk_id=0x00000000
   [pskfile] pskf.pem
   [sskfile] sskf.pem
   authentication=rsa
   

6. Build “boot.bin” image:

   • bootgen.exe -image boot.bif -arch zynqmp -o i BOOT.BIN -w

Note: To generate a report of a boot.bin use the bootgen_utility: bootgen_utility -arch zynqmp -bin boot.bin -out boot.bin.txt

References:

• ZAPP1319: Programming BBRAM and eFUSEs
• UG1283: Bootgen User Guide