AMD Versalâ„¢ adaptive SoC device introduces a new hashing scheme that minimizes boot time and buffer space required by the PLM while authenticating partitions. The hashing scheme centers on including the hash for the next block of data in the current block of data (similar to what is done with key rolling). This allows a single signature to be used for the entire partition, regardless of partition size, and removes the need to buffer hashes inside the PLM itself. This scheme is used on all partitions except for the bootloader. This block of data, that is hashed each time, is referred to as secure chunk. This chunk size is 32 KB for Versal.
The hashing scheme as per the following table:
| Partition Chunk Count | Partition Chunking Scheme | Notes |
|---|---|---|
| CHUNK 0 | [ Authentication Certificate - Partition Sign Field + SECURE HEADER + GCM TAG + SECURE_CHUNK_SIZE + HASH OF CHUNK 1 ] | This data is hashed and then signed. This signature sits in the Partition Signature field of AC |
| CHUNK 1 | [ SECURE_CHUNK_SIZE + HASH OF CHUNK 2 ] | |
| CHUNK 2 | [ SECURE_CHUNK_SIZE + HASH OF CHUNK 3 ] | |
| CHUNK n-1 | [ SECURE_CHUNK_SIZE + HASH OF CHUNK n] | |
| CHUNK n | [ REMAINING LENGTH ] |
- The
SECURE_CHUNK_SIZEapplicable to Versal is 32 KB. - For Versal AI Edge Series Gen 2 and Versal Prime Series Gen 2,
SECURE_CHUNK_SIZEfor bootloader is 16 KB and 32 KB for other partitions. - For Spartan UltraScale+,
SECURE_CHUNK_SIZEfor bootloader is 8 KB.
Note: For encryption use cases, do that the user key
rolling is wholly contained within a hash chunk.
Note: This hashing scheme is applicable
for Spartan UltraScale+ and is used on all
partitions including bootloader.