2.9.2.5.3 Single-Step Verification

There are two versions of the bootstrap image format. One format is for the tagged version, AES-CMAC, which is used for authenticity. The other version is for the DSS version, when a digital signature is used.

For both versions, the header authenticity is checked with an AES-CMAC, and random data are used to pad the header.

The following figure shows a tagged bootstrap image format.

Figure 2-28. Secure Mode Image Format –Tagged Version

In this mode, Auth.Data value is as follows:


Mode	RFU	Security Data Size
`0x02` or `0x03`	`0x00`	`0x0010`

Mode is encrypted, tagged. There is no additional data for this mode.

When DSS mode is used, the image format is shown in the figure below.

Figure 2-29. Secure Mode Image Format (DSS Version)

The Auth.Data field is as follows:


Mode	RFU	Additional Data Size
`0x04,0x05`	`0x00`	`0xyyyy`

Mode is encrypted, signed with a DSS. A security blob is added following the bootstrap image; Security data size specifies the size in bytes of this security blob used to certify the image.