• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 99 subscribers
  • Views 409 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

PROCESSOR-SDK-AM64X: MEK MPK Secure Boot

Christopher Holland
Intellectual 310 points

Part Number: PROCESSOR-SDK-AM64X

Tool/software:

Hi,

Referring to the following figure as described here https://software-dl.ti.com/tisci/esd/latest/6_topic_user_guides/secure_boot_signing.html

Are there 2 separate sets of keys being used for encryption?

I understand PKI, where they use both a public and private key and that is what I am assuming is being used in the figure.

I think that MPK and MEK are 2 different public keys and inside the AM64x, there are 2 different private keys or am I wrong and MEK is a private key.

This is the Public Key: MPK: Public Key
Is this the Private Key, or another Public Key: MEK: Manufacturer Encryption Key

Thank you,

  • 0
    TI__Guru* 76950 points

    The diagram is for code signing process by user to sign, and optionally encrypt binary blob.
    - (S)MPK is RSA key which is used to sign x.509 certificate for integrity check
    - (S)MEK is symmetric key which is used to encrypt binary blob for confidentiality protection.
    Best,
    -Hong