When RSA authentication fails due to this issue, the result is the same as for a valid authentication failure. If fallback is enabled, the fallback bitstream is loaded. If fallback is not enabled, the configuration logic disables the configuration interface, blocking any access to the FPGA. Pulsing the PROGRAM_B signal or power-on-reset is required to reset the configuration interface.
For an alternative configuration bitstream authentication method, the UltraScale FPGAs also support Advanced Encryption Standard (AES) decryption and authentication using the Galois/Counter Mode (GCM) algorithm. The AES GCM feature is supported in all configuration modes in all Virtex UltraScale and Kintex UltraScale FPGAs including the KU025 FPGA. Based on your security requirements, evaluate if AES-GCM is a suitable alternative. The AES-GCM is a symmetric key encryption algorithm that includes authentication, whereas RSA is an asymmetric authentication algorithm.
See (UG570) for implications to the FPGA configuration functions when using AES GCM encryption.