2.9.3.5 Security Blob Format
The security blob contains all necessary data to verify the signature of a bootstrap image. When an AES-CMAC tag is used as the image signature, the security blob is simply the 128 bits TAG.
In DSS mode, either RSA or EC-DSA, the security blob is an ASN.1 construction as follow:
SecurityBlob ::= SEQUENCE {
Certificates CertificatesList,
Algorithm OBJECT IDENTIFIER,
Signature SignatureData
}
CertificatesList ::= SEQUENCE SIZE (1..3) OF Certificate
SignatureData ::= CHOICE {
RSASignature BITSTRING,
DSSSignature ECDSA-Sig-Value
}
See RFC-3280 and RFC-5480 for details on Certificate
and
ECDSA-Sig-Value
ASN.1 construction.