2.9.3.5 Security Blob Format

The security blob contains all necessary data to verify the signature of a bootstrap image. When an AES-CMAC tag is used as the image signature, the security blob is simply the 128 bits TAG.

In DSS mode, either RSA or EC-DSA, the security blob is an ASN.1 construction as follow:

SecurityBlob ::= SEQUENCE {  
                Certificates CertificatesList,
                Algorithm OBJECT IDENTIFIER,
                Signature SignatureData
}

CertificatesList ::= SEQUENCE SIZE (1..3) OF Certificate

SignatureData ::= CHOICE {
                RSASignature BITSTRING,
                DSSSignature ECDSA-Sig-Value
}

See RFC-3280 and RFC-5480 for details on Certificate and ECDSA-Sig-Value ASN.1 construction.