This example shows how to create a boot image with authentication enabled for FSBL and application with Boot Header authentication enabled to bypass the PPK hash verification:
the_ROM_image:
{
[fsbl_config] bh_auth_enable
[auth_params] ppk_select=0; spk_id=0x00000000
[pskfile] PSK.pem
[sskfile] SSK.pem
[
bootloader,
authentication=rsa,
destination_cpu=a53-0
] ZynqMP_Fsbl.elf
[destination_cpu=a53-0, encryption=aes] App_A53_0.elf
}