Trenz Electronic Products > UltraScale
No longer to debug when programmed RSA_EN eFuse
(1/1)
sueaki:
Hello everyone,
I am using TE0820 & TE0706.
By accident, I programmed RSA_EN eFuse, so I have to provide secure boot images. Here is my BIF file:
--- Quote ---the_ROM_image:
{
[pskfile]psk0.pem
[sskfile].ssk0.pem
[auth_params]spk_id = 0; ppk_select = 0
[keysrc_encryption] efuse_blk_key
[bh_key_iv]puf_iv.txt
[bootloader, encryption = aes, authentication = rsa, aeskeyfile =keys.nky, destination_cpu = a53-0]fsbl_a53.elf
[pmufw_image].pmufw.elf
[destination_device = pl]test_board_3eg_1e_2gb.bit
[destination_cpu = a53-0, exception_level = el-3, trustzone]bl31.elf
[destination_cpu = a53-0, exception_level = el-2]u-boot.elf
[destination_cpu = a53-0, load = 0x00100000]u-boot.dtb
}
--- End quote ---
I only enable RSA auth and AES encryption for fsbl, for simplicity.
I can boot linux successfully. But I can no longer debug when the board is boot. When I debug a program in Vitis, I got error:
--- Quote ---12:35:52 INFO : 'jtag frequency' command is executed.
12:35:52 INFO : Sourcing of '/home/sueaki/opt/Vitis/2021.2/scripts/vitis/util/zynqmp_utils.tcl' is done.
12:35:52 INFO : Context for 'APU' is selected.
12:35:52 INFO : System reset is completed.
12:35:55 INFO : 'after 3000' command is executed.
12:35:55 INFO : 'targets -set -filter {jtag_cable_name =~ "JTAG-ONB4 2516330064E1A" && level==0 && jtag_device_ctx=="jsn-JTAG-ONB4-2516330064E1A-14710093-0"}' command is executed.
12:35:58 ERROR : fpga initialization failed
12:35:58 ERROR : Exception occured while running Program Device.
java.lang.RuntimeException: fpga initialization failed
--- End quote ---
After I get this error, if I turn to Vivado to program bit files, I get a critical warning:
--- Quote ---CRITICAL WARNING: [Labtools 27-3421] xczu3_0 PL Power Status OFF, cannot connect PL TAP. Check POR_B signal.
--- End quote ---
I know enabling secure boot especially programming eFuse could limit development, but I don't know for sure. I read this in ug1085:
--- Quote ---When the ENC_ONLY or RSA_EN eFuse is blown, the JTAG boot mode is no longer available. If this was the only mechanism
used to program the boot flash, a secondary means should be employed. Xilinx recommends some other form of in-system
flash programming and not relying on booting the device successfully to update the flash contents.
--- End quote ---
My question is:
1. Can I still do development (need to debug all the time) on this RSA_EN eFuse programmed board?
2. If I can, how? Like maybe using another boot mode, e.g. QSPI?
Thanks in advance.
JH:
Hi,
with Efuse programming there are many setting options, I am not familiar with it, so I can't help you much. I think you has disabled JTAG, that's the reason why you did not longer see the device with vitis. I would expect QSPI boot should work, as long as you use the same binaries, which match your key.
I would suggest to wrote on the xilinx forum, that's more a general question for Xilinx. Community is much bigger there.
br
John
Navigation
[0] Message Index
Go to full version