The SHA hardware accelerator included in the Zynq UltraScale+ MPSoC implements the SHA-3 algorithm and produces a 384-bit digest. It is used together with the RSA-4096 accelerator to provide image authentication These blocks (SHA-3/384, and RSA) are hardened and part of crypto interface block (CIB). You can use authentication by itself or in conjunction with encryption.
Authentication flow treats the FSBL as raw data, where it makes no difference whether the image is encrypted or not. There are two level of keys: primary key (PK) and secondary Key (SK).
Each key has two complementary parts: secret key and public key:
- PK contains primary public key (PPK) and primary secret key (PSK).
- SK contains secondary public key (SPK) and secondary secret key (SSK).
The hardened RSA block in the CIB is a Montgomery multiplier for acceleration of the math required for RSA. The hardware accelerator can be used for signature generation or verification. The ROM code only supports signature verification. Secret keys are only used in the signature generation stage when the certificate is generated by Bootgen.
To better understand the format of the authentication certificate, see Bootgen User Guide (UG1283).
As with all asymmetric algorithms, the private (secret) keys (PSK and SSK) are used to sign while the public versions (PPK and SPK) are used to verify (authenticate). The equations for each signature (SPK, boot header, and boot image) are listed here:
- SPK signature. The 512 bytes of the SPK signature is generated by the following
SPK signature = RSA(PSK, padding || SHA(SPK+ auth_header)).
- Boot header signature. The 512 bytes of the boot header signature is generated by
Boot header signature = RSA(SSK, padding || SHA(boot header)).
- Boot image signature. The 512 bytes of the boot image signature is generated by the
BI signature = RSA(SSK, padding || SHA(PFW + FSBL + authentication certificate)).
Bootgen supports RSA-4096 signature generation only. The modulus, exponentiation and precalculated R^2 Mod N are required. Software is supported only for RSA public key encryption, for encrypting the signature RSA engine requires modulus, exponentiation and pre-calculated R^2 Mod N, all these are extracted from keys.