Versal Hashing Scheme - 2022.1 English

Vitis Unified Software Platform Documentation: Embedded Software Development (UG1400)

Document ID
UG1400
Release Date
2022-04-26
Version
2022.1 English

Versal® introduces a new hashing scheme that minimizes boot time and buffer space required by the PLM while authenticating partitions. The hashing scheme centers on including the hash for the next block of data in the current block of data (similar to what is done with key rolling). This allows a single signature to be used for the entire partition, regardless of partition size, and removes the need to buffer hashes inside the PLM itself. This scheme is used on all partitions except for the bootloader. This block of data, that is hashed each time, is referred to as secure chunk. This chunk size is 32KB for Versal.

The hashing scheme as per the table below:

Table 1. Partition Chunking Scheme
Partition Chunk Count Partition Chunking Scheme Notes
CHUNK 0 [ Authentication Certificate - Partition Sign Field + SECURE HEADER + GCM TAG + SECURE_CHUNK_SIZE + HASH OF CHUNK 1 ] This data is hashed and then signed. This signature sits in the Partition Signature field of AC
CHUNK 1 SECURE_CHUNK_SIZE + HASH OF CHUNK 2 ]  
CHUNK 2 SECURE_CHUNK_SIZE + HASH OF CHUNK 3 ]  
CHUNK n-1 SECURE_CHUNK_SIZE + HASH OF CHUNK n]  
CHUNK n [ REMAINING LENGTH ]  

The SECURE_CHUNK_SIZE applicable to Versal® is 32KB.