The authentication certificate is a structure that contains all the information related to the authentication of a partition. This structure contains public keys and the signatures that BootROM/PLM requires verification. There is an authentication header in each authentication certificate, which provides information for the key sizes and algorithm used for signing. Similar to Versal adaptive SoC, the authentication certificate is attached to the beginning of the actual partition PLM/PL data, for which authentication is enabled. For Versal AI Edge Series Gen 2 and Versal Prime Series Gen 2 along with RSA and ECDSA-P384, it also supports HSS-SHAKE256 and LMS-SHAKE256.
The following tables provide the format of the authentication certificates.
| Authentication Certificate Bits | Description |
|---|---|
| 0x00 | PPK x (48 bytes) – (coordinate ) y (48 bytes) – (coordinate) |
| 0x60 | Total SPK size |
| 0x64 | Actual SPK size |
| 0x68 | Total SPK signature size |
| 0x6C | Actual SPK signature size |
| 0x70 | SPK Revocation ID |
| 0x74 | SPK header alignment |
| 0x80 | SPK x (48 bytes) – (coordinate ) y (48 bytes) – (coordinate) |
| 0xE0 | SPK signature |
| Authentication Certificate Bits | Description |
|---|---|
| 0x00 | PPK |
| 0x3c | PPK alignment |
| 0x40 | Total SPK size |
| 0x44 | Actual SPK size |
| 0x48 | Total SPK sign size |
| 0x4C | Actual SPK sign size |
| 0x50 | SPK Revocation ID |
| 0x54 | SPK header alignment |
| 0x60 | SPK |
| 0x9C | SPK align |
| 0xA0 | SPK sign |