7.6.5.6.3 Context Specification for Key Operations

The context input for Key operations is used to specify the properties of a key, and enables the explicit differentiation of keys that have distinct purposes. Under no circumstance must the same context be used on the same device for keys with different properties or purposes.

For Get Key operations, the combination of the intrinsic PUF key and the context uniquely defines the key that is output. If the same context is used, the same key is produced.

For Wrap and Wrap Generated Random operations, the combination of the intrinsic PUF key and context uniquely determines which keys are used to protect the wrapped data. Each key code is still unique, even when the same data and context are used.

Table 7-14. Fields in the Context for Key Operations
Word IndexBit RangeValueDescription
0[31:24]0Reserved. Must always be 0.
[23:16]0x10Context for key operations
[15:13]0Reserved. Must always be 0.
[12:0]N x 64 (with N= 1..16),

2048, 3072, 4096

Length of the key in bits.

The key length is not necessarily the same as the security strength.

1[31:16]0Must always be 0.
[15:10]0Reserved. Must always be 0.
[9]0

Reserved. Must always be 0.

[8]0, 1Defines the allowed key destinations, when PUF is in the Started state:

0: Key cannot be available via PUF_DOR

1: Key can be available via PUF_DOR

[7:2]0Reserved. Must always be 0.
[1]0

Reserved. Must always be 0.

[0]0, 1Defines the allowed key destinations, when PUF is in the Enrolled state:

1: Key is available via PUF_DOR

2[31:0]AnyUser context for key derivation; available bits are restricted by the value read in PUF_HW_RUC0.
3[31:0]AnyUser context for key derivation; available bits are restricted by the value read in PUF_HW_RUC1.