Device Identity and Keys#
In order to maintain integrity, authenticity, and confidentiality, embedded processors can be programmed with symmetric or asymmetric key pairs.
Keys can be used in signatures and certificates to authenticate the boot code stored in external memory to check that it has not been tampered with or hacked.
Code signing and Encryption#
In TI’s ARM based processors, the authentication process in the secure boot flow is achieved through asymmetric cryptography. The user comes up with a pair of public and private keys, the public key is fused into the device, and the private key is programmed into the x509 certificate. The Secure Boot section has more details on the secure boot flow.
For hands-on steps for using the private and public key set for generating the x509 certificate and keywriting on the device, refer to Step 2: Generate the x509 Certificate.
The table below contains definitions for the keys used for authentication and encryption on a TI ARM based processor.
Key/ID |
Definition |
Description |
|---|---|---|
SMPK |
Secondary Manufacturer Public Key |
SMPK is 4096-bit cust RSA signing key |
BMPK |
Backup Manufacturer Public Key |
BMPK is 4096-bit cust RSA signing key |
SMEK |
Secondary Manufacturer Encryption Key |
256-bit Customer Encryption for encrypted boot |
BMEK |
Backup Manufacturer Encryption Key |
256-bit Customer Encryption for encrypted boot |
UID |
Unique Identity |
Each device has a unique ID associated with it. |