The Authentication Certificate is a structure that contains all the information
related to the authentication of a partition. This structure has the public keys and
the signatures that BootROM/PLM needs to verify. There is an Authentication Header
in each Authentication Certificate, which gives information like the key sizes,
algorithm used for signing, and so forth. Unlike the other devices, the
Authentication Certificate is prepended or attached to the beginning of the actual
partition, for which authentication is enabled. If you want Bootgen to perform
authentication on the meta headers, specify it explicitly under the ‘metaheader’ bif
attribute. See BIF Attribute Reference for information on
usage.
Versal adaptive SoC uses RSA-4096
authentication and ECDSA algorithms for authentication. The following table provides
the format of the Authentication Certificate for the Versal adaptive SoC.
Table 1.
Versal Adaptive SoC Authentication
Certificate – ECDSA p384
Authentication Certificate Bits |
Description |
0x00 |
Authentication Header. See Versal Adaptive SoC Authentication Certification Header
|
0x04 |
Revoke ID |
0x08 |
UDF (56 bytes) |
0x40 |
PPK |
x (48 bytes) |
y (48 bytes) |
Pad 0x00 (932 bytes) |
0x444 |
PPK SHA3 Pad (12 bytes) |
0x450 |
SPK |
x (48 bytes) |
y (48 bytes) |
Pad 0x00 (932 bytes) |
0x854 |
SPK SHA3 Pad (4 bytes) |
0x858 |
Alignment (8 bytes) |
0x860 |
SPK
Signature(r+s+pad)(48+48+416) |
0xA60 |
BH/IHT Signature(r+s+pad)(48+48+416)
|
0xC60 |
Partition
Signature(r+s+pad)(48+48+416) |
Table 2.
Versal Adaptive SoC Authentication
Certificate – ECDSA p521
Authentication
Certificate Bits |
Description |
0x00 |
Authentication
Header. See Versal Adaptive SoC Authentication Certification Header
|
0x04 |
Revoke ID |
0x08 |
UDF (56 bytes)
|
0x40 |
PPK |
PPK x (66 bytes) |
y (66 bytes) |
Pad 0x00 (896 bytes) |
0x444 |
PPK SHA3 Pad (12
bytes) |
0x450 |
SPK |
SPK x (66 bytes) |
y (66 bytes) |
Pad 0x00 (896 bytes) |
0x854 |
SPK SHA3 Pad (4
bytes) |
0x858 |
Alignment (8 bytes)
|
0x860 |
SPK
Signature(r+s+pad)(66+66+380) |
0xA60 |
BH/IHT
Signature(r+s+pad)(66+66+380) |
0xC60 |
Partition
Signature(r+s+pad)(66+66+380) |
Table 3. Versal Adaptive SoC Authentication Certificate – RSA
Authentication Certificate Bits |
Description |
0x00 |
Authentication Header. See Versal Adaptive SoC Authentication Certification Header
|
0x04 |
Revoke ID |
0x08 |
UDF (56 bytes) |
0x40 |
PPK |
Mod (512 bytes) |
Mod Ext (512 bytes) |
Exponent (4 bytes) |
0x444 |
PPK SHA3 Pad (12 bytes) |
0x450 |
SPK |
Mod (512 bytes) |
Mod Ext (512 bytes) |
Exponent (4 bytes) |
0x854 |
SPK SHA3 Pad (4 bytes) |
0x858 |
Alignment (8 bytes) |
0x860 |
SPK Signature |
0xA60 |
BH/IHT Signature |
0xC60 |
Partition Signature |