I am trying to generate a boot image with pre-signed partitions, so that the Private keys can be stored on a secure server and never get copied to the developer's machine, where bootgen is executed.
XAPP1175 describes the workflow for Zynq7000 devices and relies on the tool xil_rsa_sign to sign SHA256 hashes.
I am using a Zynq UltraScale+ device which, by default, uses SHA384 hashing (with RSA4096 keys). The tool mentioned above does not seem to support this.
Is there additional documentation on how to create such a workflow for UltraScale+ devices with another tool or (even better) using openssl?