Using HSM Mode - 2024.1 English

Bootgen User Guide (UG1283)

Document ID
UG1283
Release Date
2024-05-30
Version
2024.1 English

In current cryptography, all the algorithms are public, so it becomes critical to protect the private/secret key. The hardware security module (HSM) is a dedicated crypto-processing device that is specifically designed for the protection of the crypto key lifecycle. This module increases key handling security, because only public keys are passed to the Bootgen and not the private/secure keys.

In some organizations, an infosec staff is responsible for the production release of a secure embedded product. The infosec staff might use the HSM for digital signatures and a separate secure server for encryption. The HSM and secure server typically reside in a secure area. The HSM is a secure key/signature generation device that generates private keys, signs the partitions using the private key, and provides the public part of the RSA key to Bootgen. The private keys reside in the HSM only.

Bootgen in HSM mode uses only public keys and the signatures that were created by the HSM to generate the boot image. The HSM accepts hash values of partitions generated by Bootgen and returns a signature block, based on the hash and the secret key.

In contrast to the HSM mode, Bootgen in its Standard mode uses AES encryption keys and the Secret keys provided through the BIF file, to encrypt and authenticate the partitions in the image, respectively. The output is a single boot image, which is encrypted and authenticated. For authentication, the user has to provide both sets of public and private/secret keys. The private/secret keys are used by the Bootgen to sign the partitions and create signatures. These signatures along with the public keys are embedded into the final boot image.

For more information about the HSM mode for FPGAs, see the HSM Mode.

Using Advanced Key Management Options

The public keys associated with the private keys are ppk.pub and spk.pub. The HSM accepts hash values of partitions generated by Bootgen and returns a signature block, based on the hash and the secret key.

Note: HSM flow is not supported for mcs format boot image generation.