Versal Adaptive SoC Authentication Certificates - 2023.1 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
UG1400
Release Date
2023-07-26
Version
2023.1 English

The Authentication Certificate is a structure that contains all the information related to the authentication of a partition. This structure has the public keys and the signatures that BootROM/PLM needs to verify. There is an Authentication Header in each Authentication Certificate, which gives information like the key sizes, algorithm used for signing, and so forth. Unlike the other devices, the Authentication Certificate is prepended or attached to the beginning of the actual partition, for which authentication is enabled. If you want Bootgen to perform authentication on the meta headers, specify it explicitly under the ‘metaheader’ bif attribute. See BIF Attribute Reference for information on usage.

Versal adaptive SoC uses RSA-4096 authentication and ECDSA algorithms for authentication. The following table provides the format of the Authentication Certificate for the Versal adaptive SoC.

Table 1. Versal Adaptive SoC Authentication Certificate – ECDSA p384
Authentication Certificate Bits Description
0x00 Authentication Header. See Versal Adaptive SoC Authentication Certification Header
0x04 Revoke ID
0x08 UDF (56 bytes)
0x40 PPK x (48 bytes)
y (48 bytes)
Pad 0x00 (932 bytes)
0x444 PPK SHA3 Pad (12 bytes)
0x450 SPK x (48 bytes)
y (48 bytes)
Pad 0x00 (932 bytes)
0x854 SPK SHA3 Pad (4 bytes)
0x858 Alignment (8 bytes)
0x860 SPK Signature(r+s+pad)(48+48+416)
0xA60 BH/IHT Signature(r+s+pad)(48+48+416)
0xC60 Partition Signature(r+s+pad)(48+48+416)
Table 2. Versal Adaptive SoC Authentication Certificate – ECDSA p521
Authentication Certificate Bits Description
0x00 Authentication Header. See Versal Adaptive SoC Authentication Certification Header
0x04 Revoke ID
0x08 UDF (56 bytes)
0x40 PPK PPK x (66 bytes)
y (66 bytes)
Pad 0x00 (896 bytes)
0x444 PPK SHA3 Pad (12 bytes)
0x450 SPK SPK x (66 bytes)
y (66 bytes)
Pad 0x00 (896 bytes)
0x854 SPK SHA3 Pad (4 bytes)
0x858 Alignment (8 bytes)
0x860 SPK Signature(r+s+pad)(66+66+380)
0xA60 BH/IHT Signature(r+s+pad)(66+66+380)
0xC60 Partition Signature(r+s+pad)(66+66+380)
Table 3. Versal Adaptive SoC Authentication Certificate – RSA
Authentication Certificate Bits Description
0x00 Authentication Header. See Versal Adaptive SoC Authentication Certification Header
0x04 Revoke ID
0x08 UDF (56 bytes)
0x40 PPK Mod (512 bytes)
Mod Ext (512 bytes)
Exponent (4 bytes)
0x444 PPK SHA3 Pad (12 bytes)
0x450 SPK Mod (512 bytes)
Mod Ext (512 bytes)
Exponent (4 bytes)
0x854 SPK SHA3 Pad (4 bytes)
0x858 Alignment (8 bytes)
0x860 SPK Signature
0xA60 BH/IHT Signature
0xC60 Partition Signature