The secure boot image format is shown in This Figure.
There are multiple authentication certificates (AC) within a boot image. The authentication certificates include:
•Header AC: authentication certificate for the image header table and partition headers.
•Bootloader AC: authentication certificate for the bootloader (FSBL and optionally the PMUFW).
•Partition AC: authentication certificate for each partition in the image.
The equations for each signature within an AC (SPK, boot header, and partition) are listed here.
•SPK signature – the 512 bytes of the SPK signature is generated by this calculation:
°SPK signature = RSA(PSK, padding || SHA(SPK+ auth_header))
•Boot header signature – the 512 bytes of the boot header signature is generated by this calculation:
°Boot header signature = RSA(SSK, padding || SHA(boot header))
•Partition signature – the 512 bytes of the partition signature is generated by this calculation:
°Partition signature = RSA(SSK, padding || SHA(Partition + authentication certificate))
Table: Authentication Certificates Signatures provides a summary of which asymmetric private key is used, and which SHA padding is used, for each signature within an AC
Each part of the AC is described in the “Authentication Certificate” and “Authentication Certificate Header” sections in Chapter 16 of the Zynq UltraScale+ MPSoC Software Developer’s Guide (UG1137) [Ref 3].
Table: Secure Boot Image Encryption and Authentication summarizes the encryption and authentication attributes of each portion of the secure boot image.
Boot Image Block |
Encrypted |
Authenticated(1) |
Notes |
---|---|---|---|
Boot header |
No |
Yes - signed with user secondary secret key (SSK) |
Described in Table: Boot Header Format and Table: Image Attributes Offset Definition of this TRM. A signature of the BH is provided in each AC. |
Image header table |
No |
Yes - signed with user SSK |
Described in the “Image Header Table” section of the Zynq UltraScale+ MPSoC Software Developer’s Guide (UG1137) [Ref 3]. |
Image headers |
No |
Yes - signed with user SSK |
Not currently used. |
Partition headers |
No |
Yes - signed with user SSK |
Described in the “Partition Header Tables” section of the Zynq UltraScale+ MPSoC Software Developer’s Guide (UG1137) [Ref 3]. There is one partition header for each partition within the boot image. |
FSBL secure header |
Dependent on secure boot mode(2) |
Yes - signed with user SSK |
This is part of the FSBL that minimizes the use of the device key. The FSBL secure header contains the key and IV used to decrypt the FSBL. See Bootgen User Guide (UG1283) [Ref 36] for more details on Secure Header use. Only included when the OP key option is chosen. See Minimizing Use of the AES Boot Key (OP Key Option). |
FSBL |
Dependent on secure boot mode(2) |
Yes - signed with user SSK |
|
PMUFW secure header |
Dependent on secure boot mode(2) |
Yes - signed with user SSK |
This is part of the PMUFW and minimizes the use of the device key. The PMUFW Secure Header contains the key and IV used to decrypt the PMUFW. See Bootgen User Guide (UG1283) [Ref 36] for more details on Secure Header use. |
PMUFW |
Dependent on secure boot mode(2) |
Yes - signed with user SSK |
The PMUFW can be included as part of the bootloader and consequently loaded by the CSU. Alternatively, it can be its own partition. |
Partition secure header |
Dependent on secure boot mode(2) |
Yes - signed with user SSK |
This is part of the partition that minimizes the use of the other device key. The Partition secure header contains the key and IV used to decrypt the partition. See Bootgen User Guide (UG1283) [Ref 36] for more details on Secure Header use. |
Partition |
Dependent on secure boot mode(2) |
Yes - signed with user SSK |
|
Notes: 1.In hardware root of trust secure boot mode. 2.Required for encrypt only secure boot mode and optional for hardware root of trust secure boot mode. |