Secure boot within an FPGA environment is traditionally implemented using hardwired embedded cryptographic primitives and NVM-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during startup. The power-on process of an FPGA loads an unencrypted bitstream into the programmable logic portion which embeds the self-authenticating PUF architecture. Challenges are applied to the components of the PUF engine both as a means of generating a key and performing self-authentication. Any modifications made to the PUF architecture results in key generation failure, and failure of subsequent stages of the secure boot process. The generated key is used in the second stage of the boot process to decrypt the programmable logic portion of the design as well as components of the software, e.g., Linux operating system and applications, that run on the processor side of the FPGA.