Zynq UltraScale+ MPSoC Authentication Certificates - 2021.2 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
UG1400
Release Date
2021-12-15
Version
2021.2 English

The Authentication Certificate is a structure that contains all the information related to the authentication of a partition. This structure has the public keys and the signatures that BootROM/FSBL needs to verify. There is an Authentication Header in each Authentication Certificate, which gives information like the key sizes, algorithm used for signing, and so forth. The Authentication Certificate is appended to the actual partition, for which authentication is enabled. If authentication is enabled for any of the partitions, the header tables also needs authentication. The Header Table Authentication Certificate is appended at end of the content to the header tables.

The Zynq® UltraScale+™ MPSoC uses RSA-4096 authentication, which means the primary and secondary key sizes are 4096-bit. The following table provides the format of the Authentication Certificate for the Zynq UltraScale+ MPSoC device.

Table 1. Zynq UltraScale+ MPSoC Device Authentication Certificates
Authentication Certificate
0x00 Authentication Header = 0x0101000. See Zynq UltraScale+ MPSoC Authentication Certification Header.
0x04 SPK ID
0x08 UDF (56 bytes)
0x40 PPK Mod (512)
0x240 Mod Ext (512)
0x440 Exponent (4 bytes)
0x444 Pad (60 bytes)
0x480 SPK Mod (512 bytes)
0x680 Mod Ext (512 bytes)
0x880 Exponent (4 bytes)
0x884 Pad (60 bytes)
0x8C0 SPK Signature = RSA-4096 ( PSK, Padding || SHA-384 (SPK + Authentication Header + SPK-ID))
0xAC0 Boot Header Signature = RSA-4096 ( SSK, Padding || SHA-384 (Boot Header))
0xCC0 Partition Signature = RSA-4096 ( SSK, Padding || SHA-384 (Partition || Padding || Authentication Header || SPK ID || UDF || PPK || SPK || SPK Signature || BH Signature))
Note: FSBL Signature is calculated as follows:
FSBL Signature = RSA-4096 ( SSK, Padding || SHA-384 (PMUFW || FSBL ||
Padding || Authentication Header || SPK ID || UDF || PPK || SPK || SPK Signature|| BH Signature))