Versal ACAP Authentication Certificates - 2022.1 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2022-04-26
Version
2022.1 English

The Authentication Certificate is a structure that contains all the information related to the authentication of a partition. This structure has the public keys and the signatures that BootROM/PLM needs to verify. There is an Authentication Header in each Authentication Certificate, which gives information like the key sizes, algorithm used for signing, and so forth. Unlike the other devices, the Authentication Certificate is prepended or attached to the beginning of the actual partition, for which authentication is enabled. If you want Bootgen to perform authentication on the meta headers, specify it explicitly under the ‘metaheader’ bif attribute. See BIF Attribute Reference for information on usage.

Versal ACAP uses RSA-4096 authentication and ECDSA algorithms for authentication. The following table provides the format of the Authentication Certificate for the Versal ACAP.

Table 1. Versal ACAP Authentication Certificate – ECDSA p384
Authentication Certificate Bits Description
0x00 Authentication Header. See Versal ACAP Authentication Certification Header
0x04 Revoke ID
0x08 UDF (56 bytes)
0x40 PPK x (48 bytes)
y (48 bytes)
Pad 0x00 (932 bytes)
0x444 PPK SHA3 Pad (12 bytes)
0x450 SPK x (48 bytes)
y (48 bytes)
Pad 0x00 (932 bytes)
0x854 SPK SHA3 Pad (4 bytes)
0x858 Alignment (8 bytes)
0x860 SPK Signature(r+s+pad)(48+48+416)
0xA60 BH/IHT Signature(r+s+pad)(48+48+416)
0xC60 Partition Signature(r+s+pad)(48+48+416)
Table 2. Versal ACAP Authentication Certificate – ECDSA p521
Authentication Certificate Bits Description
0x00 Authentication Header. See Versal ACAP Authentication Certification Header
0x04 Revoke ID
0x08 UDF (56 bytes)
0x40 PPK PPK x (66 bytes)
y (66 bytes)
Pad 0x00 (896 bytes)
0x444 PPK SHA3 Pad (12 bytes)
0x450 SPK SPK x (66 bytes)
y (66 bytes)
Pad 0x00 (896 bytes)
0x854 SPK SHA3 Pad (4 bytes)
0x858 Alignment (8 bytes)
0x860 SPK Signature(r+s+pad)(66+66+380)
0xA60 BH/IHT Signature(r+s+pad)(66+66+380)
0xC60 Partition Signature(r+s+pad)(66+66+380)
Table 3. Versal ACAP Authentication Certificate – RSA
Authentication Certificate Bits Description
0x00 Authentication Header. See Versal ACAP Authentication Certification Header
0x04 Revoke ID
0x08 UDF (56 bytes)
0x40 PPK Mod (512 bytes)
Mod Ext (512 bytes)
Exponent (4 bytes)
0x444 PPK SHA3 Pad (12 bytes)
0x450 SPK Mod (512 bytes)
Mod Ext (512 bytes)
Exponent (4 bytes)
0x854 SPK SHA3 Pad (4 bytes)
0x858 Alignment (8 bytes)
0x860 SPK Signature
0xA60 BH/IHT Signature
0xC60 Partition Signature