The following figure shows RSA signing of partitions. From a secure facility, Bootgen signs partitions using the Secret key. The signing process is described in the following steps:
- PPK and SPK are stored in the Authentication Certificate (AC).
- SPK is signed using PSK to get SPK signature; also stored as part of the AC.
- Partition is signed using SSK to get Partition signature, populated in the AC.
- The AC is appended or prepended to each partition that is opted for authentication depending on the device.
- PPK is hashed and stored in eFUSE.
Figure 1. RSA Partition Signature
The following table shows the options for Authentication.
Key | Name | Description | Supported File Format |
---|---|---|---|
PPK | Primary Public Key | This key is used to authenticate a partition. It should always be specified when authenticating a partition. |
*.pem *.pub |
PSK | Primary Secret Key | This key is used to authenticate a partition. It should always be specified when authenticating a partition. |
*.pem |
SPK | Secondary Public Key | This key, when specified, is used to authenticate a partition. |
*.pem *.pub |
SSK | Secondary Secret Key | This key, when specified, is used to authenticate a partition. |
*.pem pub |