Signing - 2022.1 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2022-04-26
Version
2022.1 English

The following figure shows RSA signing of partitions. From a secure facility, Bootgen signs partitions using the Secret key. The signing process is described in the following steps:

  1. PPK and SPK are stored in the Authentication Certificate (AC).
  2. SPK is signed using PSK to get SPK signature; also stored as part of the AC.
  3. Partition is signed using SSK to get Partition signature, populated in the AC.
  4. The AC is appended or prepended to each partition that is opted for authentication depending on the device.
  5. PPK is hashed and stored in eFUSE.
Figure 1. RSA Partition Signature

The following table shows the options for Authentication.

Table 1. Supported File Formats for Authentication Keys
Key Name Description Supported File Format
PPK Primary Public Key This key is used to authenticate a partition.

It should always be specified when authenticating a partition.

*.pem

*.pub

PSK Primary Secret Key This key is used to authenticate a partition.

It should always be specified when authenticating a partition.

*.pem

SPK Secondary Public Key This key, when specified, is used to authenticate a partition.

*.pem

*.pub

SSK Secondary Secret Key This key, when specified, is used to authenticate a partition.

*.pem

pub