Page MenuHomePhabricator

Simulate HW key provisioning
Open, NormalPublic


Current key handling strategy in TF-M

  • Crypto keys are embedded at compile time and they are part of the secure image or bootloader.
  • This behaviour is unlikely in a real device.
  • It is expected that some mandatory crypto keys is provisioned to immutable memory at the factory floor.

The scope of the task is to simulate the real-life key provisioning with:

  • Define a new flash area per target device to store keys there
  • Create a binary object at compile time which contains the necessary crypto keys: HUK, attestation private key, image signing key(s).
  • Update documentation how to load the key object to device memory.
  • Modify platform example code to not contain any embedded crypto key instead retrieving the keys from dedicated flash area.

Event Timeline

tamasban triaged this task as Normal priority.Jul 17 2019, 8:53 AM
tamasban created this task.