Xilinx, Inc.
Incremental authentication for memory constrained systems

Abstract:

Apparatus and associated methods relate to authenticating a back-to-front-built configuration image. In an illustrative example, a circuit may include memory configured to store a signature S, a second hash H.sub.2, and a first data chunk C.sub.1. Signature S may be signed on a first hash H.sub.1. H.sub.1 may be the hash for H.sub.2 and C.sub.1. If signature S passes verification, a hash engine may perform hash functions on C.sub.1 and H.sub.2 to generate a hash H.sub.1'. H.sub.1' may be compared with H.sub.1 to indicate whether C.sub.1 has been tampered with or not. By using the incremental authentication, a signature that appears at the beginning of the image may be extended to the entire image while only using a small internal buffer. Advantageously, internal buffer may only need to store two hashes H.sub.i, H.sub.i+1, and a data chunk C.sub.i, or, a signature S, a hash H.sub.i, and a data chunk C.sub.i.