8.13.5.6.3 Context Specification for Key Operations
The context input for Key operations is used to specify the properties of a key, and enables the explicit differentiation of keys that have distinct purposes. Under no circumstance must the same context be used on the same device for keys with different properties or purposes.
For Get Key operations, the combination of the intrinsic PUF key and the context uniquely defines the key that is output. If the same context is used, the same key is produced.
For Wrap and Wrap Generated Random operations, the combination of the intrinsic PUF key and context uniquely determines which keys are used to protect the wrapped data. Each key code is still unique, even when the same data and context are used.
| Word Index | Bit Range | Value | Description |
|---|---|---|---|
| 0 | [31:24] | 0 | Reserved. Must always be 0. |
| [23:16] | 0x10 | Context for key operations | |
| [15:13] | 0 | Reserved. Must always be 0. | |
| [12:0] | N x 64 (with
N= 1..16), 2048, 3072, 4096 | Length of the
key in bits. The key length is not necessarily the same as the security strength. | |
| 1 | [31:16] | 0 | Must always be 0. |
| [15:10] | 0 | Reserved. Must always be 0. | |
| [9] | 0, 1 |
Defines the allowed key destinations, when PUF is in the Started state: 0: Key cannot be available via private key bus 1: Key can be available via the private key bus interface | |
| [8] | 0, 1 | Defines the
allowed key destinations, when PUF is in the Started state: 0: Key cannot be available via PUF_DOR 1: Key can be available via PUF_DOR | |
| [7:2] | 0 | Reserved. Must always be 0. | |
| [1] | 0, 1 |
Defines the allowed key destinations, when PUF is in the Enrolled state: 1: Key is available via the private key bus interface. | |
| [0] | 0, 1 | Defines the
allowed key destinations, when PUF is in the Enrolled state: 1: Key is available via PUF_DOR | |
| 2 | [31:0] | Any | User context for
key derivation; available bits are restricted by the value read in
PUF_HW_RUC0. Bit [3:0]: index passed to private key bus interface |
| 3 | [31:0] | Any | User context for key derivation; available bits are restricted by the value read in PUF_HW_RUC1. |