When bitstream is requested for authentication, Bootgen divides the whole bitstream into 8 MB blocks and has an authentication certificate for each block.
If a bitstream is not in multiples of 8 MB, the last block contains the remaining bitstream data.
Figure 1. Bitstream Blocks
When authentication and encryption are both enabled, encryption is first done on the bitstream. Then Bootgen divides the encrypted data into blocks and places an authentication certificate for each block.