6.1 Overview
The Secure Subsystem, combined with various device features, provides a hardened root of
trust with symmetric and asymmetric computation ability to facilitate a number of
security-related capabilities within an automotive, industrial and consumer system.
- Secure Boot Support:
- Code image and signature validation
- Secure encryption key storage and image encryption
- Authenticated update of the code validation public key
- X.509 Certificate Storage, Parsing, Validation and Revocation, Supporting both ECC and RSA
- Fully Internal Random Key Generation for RSA, ECC and AES
- Monotonic Counters Protected Against Tearing
- Elliptic Curves Support:
- P224 – ECDSA sign, verify, ECDH and ECBD
- P256 – ECDSA sign, verify and ECDH
- SECP256K1 (bitcoin/blockchain) – ECDSA support
- 256-bit Brainpool – ECDSA and ECDH
- P384 – ECDSA sign, verify and ECDH
- RSA Support:
- 1024-bit and 2048-bit RSA OAEP/MGF encrypt/decrypt
- 2048-bit RSA signature generation and verification
- 3072-bit RSA verification
- ECDH Key Management Capability with Integrated KDF, either PRF or HKDF
- NIST SP800-90 A/B/C High-Quality Cryptographic Random Number Generation (RNG)
- AES-CMAC Calculation and Validation
- AES-ECB and GCM Encrypt/Decrypt for General Purpose Use
- SHA-256 and SHA-HMAC Digest Calculation
- Input/Output Encryption and Authentication using AES-GCM, AES-CMAC and/or SHA-HMAC
- Flexible Self-Test Support to meet FIPS 140 Requirements
The Secure Subsystem contains two processing blocks:
- A main command processor that implements an Advanced Crypto Engine along with the management and session establishment functionality. The ACE can implement all symmetric and asymmetric crypto functions.
- A Fast Crypto Engine capable of implementing AES and SHA calculations in parallel with the operation of the main command processor.