7.2 Provisioning the Root x.509 Certificate Hash

If the RSA (Rivest-Shamir-Adleman) public key authentication mode is selected, in addition to the customer symmetric key used to decrypt the bootstrap, the SHA256 of the public x.509 certificate used to authenticate or sign the boot image or the embedded application needs to be provisioned on the device. The ROM code uses this digest to check the authenticity of the certificate or the root CA if a chain of certificates is used.

sam-ba -p secure –device sam9x60 -m write_rsa_hash:../src/data/cert_hash_sam9x60.cip