AM6412: Secure boot backup-key usage

Part Number: AM6412

Tool/software:

Hi Team

What is the intended usage of the backup-key ?

We think key revocation. However, this does not make much sense from our point of view as long as the backup-key has to be programmed at the same time as the secondary key. As far as we understand, there is no way to program the backup-key after(!) the chip moved from HS-FS to HS-SE. This implies that we must always generate the backup key in advance and safely store it in our local HSM. If we suffer e.g. key theft, then most probably both keys will be compromised unless we store the backup key at different physical and logical locations. Same is true, if the secondary key becomes vulnerable due to advanced attack algorithms. Lets say RSA4096 becomes vulnerable. There is no possibility to switch to a more advanced algorithm.

All this causes us to think, that using the backup-key for key revocation support has very little benefit in reality.

We would be glad if you could explain us how key revocation should be implemented.

Regards

Walter

  • Hi Water,
    Yes, all secure boot keys (SMPK/SMEK/BMPK/BMEK) need to be programmed using the OTP keywriter which runs on HS-FS at factory time. One of reason is protecting symmetric key (SMEK/BMEK) with the FEK is supported only with the OTP keywriter.
    One remedy would be storing the primary key set and the backup key set securely and independently.
    Best,
    -Hong