Versal Hashing Scheme - 2024.1 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2024-05-30
Version
2024.1 English

AMD Versal™ adaptive SoC device introduces a new hashing scheme that minimizes boot time and buffer space required by the PLM while authenticating partitions. The hashing scheme centers on including the hash for the next block of data in the current block of data (similar to what is done with key rolling). This allows a single signature to be used for the entire partition, regardless of partition size, and removes the need to buffer hashes inside the PLM itself. This scheme is used on all partitions except for the bootloader. This block of data, that is hashed each time, is referred to as secure chunk. This chunk size is 32 KB for Versal.

The hashing scheme as per the following table:

Table 1. Partition Chunking Scheme
Partition Chunk Count Partition Chunking Scheme Notes
CHUNK 0 [ Authentication Certificate - Partition Sign Field + SECURE HEADER + GCM TAG + SECURE_CHUNK_SIZE + HASH OF CHUNK 1 ] This data is hashed and then signed. This signature sits in the Partition Signature field of AC
CHUNK 1 [ SECURE_CHUNK_SIZE + HASH OF CHUNK 2 ]  
CHUNK 2 [ SECURE_CHUNK_SIZE + HASH OF CHUNK 3 ]  
CHUNK n-1 [ SECURE_CHUNK_SIZE + HASH OF CHUNK n]  
CHUNK n [ REMAINING LENGTH ]  

The SECURE_CHUNK_SIZE applicable to AMD Versal™ is 32 KB.

Note: For encryption use cases, do that the user key rolling is wholly contained within a hash chunk.