The Authentication Certificate is a structure that contains all the information
related to the authentication of a partition. This structure has the public keys and
the signatures that BootROM/PLM needs to verify. There is an Authentication Header
in each Authentication Certificate, which gives information like the key sizes,
algorithm used for signing, and so forth. Unlike the other devices, the
Authentication Certificate is prepended or attached to the beginning of the actual
partition, for which authentication is enabled. If you want Bootgen to perform
authentication on the meta headers, specify it explicitly under the ‘metaheader’ bif
attribute. See BIF Attribute Reference for information on
usage.
Versal ACAP uses RSA-4096 authentication and
ECDSA algorithms for authentication. The following table provides the format of the
Authentication Certificate for the Versal
ACAP.
Table 1.
Versal ACAP Authentication Certificate – ECDSA
p384
Authentication Certificate Bits |
Description |
0x00 |
Authentication Header. See Versal ACAP Authentication Certification Header
|
0x04 |
Revoke ID |
0x08 |
UDF (56 bytes) |
0x40 |
PPK |
x (48 bytes) |
y (48 bytes) |
Pad 0x00 (932 bytes) |
0x444 |
PPK SHA3 Pad (12 bytes) |
0x450 |
SPK |
x (48 bytes) |
y (48 bytes) |
Pad 0x00 (932 bytes) |
0x854 |
SPK SHA3 Pad (4 bytes) |
0x858 |
Alignment (8 bytes) |
0x860 |
SPK
Signature(r+s+pad)(48+48+416) |
0xA60 |
BH/IHT Signature(r+s+pad)(48+48+416)
|
0xC60 |
Partition
Signature(r+s+pad)(48+48+416) |
Table 2.
Versal ACAP Authentication Certificate –
ECDSA p521
Authentication
Certificate Bits |
Description |
0x00 |
Authentication
Header. See Versal ACAP Authentication Certification Header
|
0x04 |
Revoke ID |
0x08 |
UDF (56 bytes)
|
0x40 |
PPK |
PPK x (66 bytes) |
y (66 bytes) |
Pad 0x00 (896 bytes) |
0x444 |
PPK SHA3 Pad (12
bytes) |
0x450 |
SPK |
SPK x (66 bytes) |
y (66 bytes) |
Pad 0x00 (896 bytes) |
0x854 |
SPK SHA3 Pad (4
bytes) |
0x858 |
Alignment (8 bytes)
|
0x860 |
SPK
Signature(r+s+pad)(66+66+380) |
0xA60 |
BH/IHT
Signature(r+s+pad)(66+66+380) |
0xC60 |
Partition
Signature(r+s+pad)(66+66+380) |
Table 3. Versal ACAP Authentication Certificate – RSA
Authentication Certificate Bits |
Description |
0x00 |
Authentication Header. See Versal ACAP Authentication Certification Header
|
0x04 |
Revoke ID |
0x08 |
UDF (56 bytes) |
0x40 |
PPK |
Mod (512 bytes) |
Mod Ext (512 bytes) |
Exponent (4 bytes) |
0x444 |
PPK SHA3 Pad (12 bytes) |
0x450 |
SPK |
Mod (512 bytes) |
Mod Ext (512 bytes) |
Exponent (4 bytes) |
0x854 |
SPK SHA3 Pad (4 bytes) |
0x858 |
Alignment (8 bytes) |
0x860 |
SPK Signature |
0xA60 |
BH/IHT Signature |
0xC60 |
Partition Signature |