Secure Boot Image Format

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

The secure boot image format is shown in This Figure.

Figure 12-16:      Secure Boot Image

X-Ref Target - Figure 12-16

X18916-secure-boot-image.jpg

There are multiple authentication certificates (AC) within a boot image. The authentication certificates include:

Header AC: authentication certificate for the image header table and partition headers.

Bootloader AC: authentication certificate for the bootloader (FSBL and optionally the PMUFW).

Partition AC: authentication certificate for each partition in the image.

The equations for each signature within an AC (SPK, boot header, and partition) are listed here.

SPK signature – the 512 bytes of the SPK signature is generated by this calculation:

°SPK signature = RSA(PSK, padding || SHA(SPK+ auth_header))

Boot header signature – the 512 bytes of the boot header signature is generated by this calculation:

°Boot header signature = RSA(SSK, padding || SHA(boot header))

Partition signature – the 512 bytes of the partition signature is generated by this calculation:

°Partition signature = RSA(SSK, padding || SHA(Partition + authentication certificate))

Table: Authentication Certificates Signatures provides a summary of which asymmetric private key is used, and which SHA padding is used, for each signature within an AC

Table 12-16:      Authentication Certificates Signatures

AC

Signature

SHA Padding Used

Private Key Used

Header AC

SPK signature

Keccak if standard key revocation;
NIST if enhanced key revocation

PSK

BH signature

Keccak

SSKHeader

Header signature

NIST

SSKHeader

BootLoader AC

SPK signature

Keccak

PSK

BH signature

Keccak

SSKBootLoader

BootLoader signature

Keccak

SSKBootLoader

Partition AC

SPK signature

Keccak if standard key revocation;
NIST if enhanced key revocation

PSK

BH signature

Keccak

SSKPartition

Partition signature

NIST

SSKPartition

Each part of the AC is described in the “Authentication Certificate” and “Authentication Certificate Header” sections in Chapter 16 of the Zynq UltraScale+ MPSoC Software Developer’s Guide (UG1137) [Ref 3].

Table: Secure Boot Image Encryption and Authentication summarizes the encryption and authentication attributes of each portion of the secure boot image.

Table 12-17:      Secure Boot Image Encryption and Authentication

Boot Image Block

Encrypted

Authenticated(1)

Notes

Boot header

No

Yes - signed with user secondary secret key (SSK)

Described in Table: Boot Header Format and Table: Image Attributes Offset Definition of this TRM. A signature of the BH is provided in each AC.

Image header table

No

Yes - signed with user SSK

Described in the “Image Header Table” section of the Zynq UltraScale+ MPSoC Software Developer’s Guide (UG1137) [Ref 3].

Image headers

No

Yes - signed with user SSK

Not currently used.

Partition headers

No

Yes - signed with user SSK

Described in the “Partition Header Tables” section of the Zynq UltraScale+ MPSoC Software Developer’s Guide (UG1137) [Ref 3]. There is one partition header for each partition within the boot image.

FSBL secure header

Dependent on secure boot mode(2)

Yes - signed with user SSK

This is part of the FSBL that minimizes the use of the device key. The FSBL secure header contains the key and IV used to decrypt the FSBL. See Bootgen User Guide (UG1283) [Ref 36] for more details on Secure Header use. Only included when the OP key option is chosen. See Minimizing Use of the AES Boot Key (OP Key Option).

FSBL

Dependent on secure boot mode(2)

Yes - signed with user SSK

 

PMUFW secure header

Dependent on secure boot mode(2)

Yes - signed with user SSK

This is part of the PMUFW and minimizes the use of the device key. The PMUFW Secure Header contains the key and IV used to decrypt the PMUFW. See Bootgen User Guide (UG1283) [Ref 36] for more details on Secure Header use.

PMUFW

Dependent on secure boot mode(2)

Yes - signed with user SSK

The PMUFW can be included as part of the bootloader and consequently loaded by the CSU. Alternatively, it can be its own partition.

Partition secure header

Dependent on secure boot mode(2)

Yes - signed with user SSK

This is part of the partition that minimizes the use of the other device key. The Partition secure header contains the key and IV used to decrypt the partition. See Bootgen User Guide (UG1283) [Ref 36] for more details on Secure Header use.

Partition

Dependent on secure boot mode(2)

Yes - signed with user SSK

 

Notes:

1.In hardware root of trust secure boot mode.

2.Required for encrypt only secure boot mode and optional for hardware root of trust secure boot mode.