The authentication certificate is a structure that contains all the information related to the authentication of a partition. This structure has the public keys and the signatures that BootROM/PLM needs to verify. There is an authentication header in each authentication certificate, which gives information like the key sizes and algorithm used for signing. The authentication certificate is attached to the beginning of the actual partition PLM/PL data, for which authentication is enabled. Spartan UltraScale+ SU10P, SU25P, and SU35P use the HSS-SHAKE256 authentication, where as Spartan UltraScale+ SU50P, SU55P, SU65P, SU100P, SU150P, and SU200P use the HSS-SHAKE256, LMS-SHAKE256, and ECDSA P-384 authentications. The following tables provide the format of the authentication certificates.
| Authentication Certificate Bits | Description |
|---|---|
| 0x00 | PPK x (48 bytes) – (coordinate ) y (48 bytes) – (coordinate) |
| 0x60 | Total SPK size |
| 0x64 | Actual SPK size |
| 0x68 | Total SPK signature size |
| 0x6C | Actual SPK signature size |
| 0x70 | SPK Revocation ID |
| 0x74 | SPK header alignment |
| 0x80 | SPK x (48 bytes) – (coordinate ) y (48 bytes) – (coordinate) |
| 0xE0 | SPK signature |
| Authentication Certificate Bits | Description |
|---|---|
| 0x00 | PPK |
| 0x3c | PPK alignment |
| 0x40 | Total SPK size |
| 0x44 | Actual SPK size |
| 0x48 | Total SPK sign size |
| 0x4C | Actual SPK sign size |
| 0x50 | SPK Revocation ID |
| 0x54 | SPK header alignment |
| 0x60 | SPK |
| 0x9C | SPK align |
| 0xA0 | SPK sign |