11-08-2018 10:44 AM
While attempting to verify the signature of the 2018.2.2 HLx update, I found a discrepancy with the Xilinx public key.
The public key was downloaded from the Xilinx downloads page:
While importing the public key, I noticed that the key signature, and generation date do not match the information listed in UG973.
Key downloaded from Xilinx downloads page:
Due to the discrepancy, I do not think that I can certify this key, and would not use this key to verify authenticity of the downloaded HLx update.
How can I verify the authenticity of the downloaded public key so that I can certify the key?
PS: I have attached the downloaded public key, but had to change the extension from asc to txt.
gpg --version -> 1.4.20
11-12-2018 01:30 AM
The UG973 contains the public key for 2018.2, however you are comparing that with the 2018.2.2 update.
Can you verify it with the public key for 2018.2 instead?
02-20-2020 11:49 AM
I know this is an old thread, but I'm seeing the same issue. I'm setting up 2018.2 on a new machine (version required to support a production design).
I have verified that the xilinx-master-signing-key.asc for 2018.2, 2018.2.1 and 2019.2 are all identical. I get the same values the OP does when I import the key.
Thanks in advance!