2.9.3.4 Double Step Verification
In Double-Step mode, an additional check is done after image decryption. Instead of random data in the header padding field, an AES-CMAC tag with the customer key set is used to verify the plain text bootstrap image.
The following figure shows a tagged bootstrap image format.
In this mode Auth. Data
value is as follows:
Mode | RFU | Additional Data Size |
0x12 or 0x13 | 0x00 | 0x0000 |
Mode is encrypted, tagged, double-step. There is no additional data for this mode.
When DSS mode is used, image format is shown in the figure below.
Auth. Data
field is as follows:
Mode | RFU | Additional Data Size |
0x14, 0x15 | 0x00 | 0xyyyy |
Mode is encrypted, signed with DSS, double-step. A security blob is added following the
bootstrap image. Security data size
specifies the size in bytes of this
security chain used to certify the image.