15.2.8.3 HSM Server Functionality
(Ask a Question)SPPS uses the User and Manufacturer HSM server types.
The User HSM allows the OE to generate keys and use them to generate programming bitstreams.
15.2.8.3.1 User HSM
(Ask a Question)The U-HSM provides the following functionality:
- Generated user keys
- User encryption keys
- User passcodes
- Base Keys (for derivation of per-device encryption keys and passcodes, see Per-Device Protocol)
- Encrypt programming bitstreams
- Generate data for security protocols (see the Libero SoC Design Flow User Guide )
- Creation of Job Tickets
- Creation of Programming Jobs
- Validation of programming results (see Device Certificate of Conformance (CoC))
- Validation of programming job completion (see Job End Certifier Protocol)
- Preparation of device manufacturing data for the M-HSM, such as DFK DB and manufacturing keys (see the User HSM Installation and Setup User Guide )
- Test Job Execution (M-HSM function of U-HSM)
- Complete functionality of the M-HSM
- Support for all underlying cryptographic algorithms and generation of cryptographic-quality true random numbers needed above
15.2.8.3.2 Manufacturer HSM
(Ask a Question)The M-HSM has software and firmware that is limited to job execution. The M-HSM is designed to be used by Production for the following:
- Creation of Job Tickets with binding to the physical HSM module (serving Job Requests)
- Generation of protocol data (see the Libero SoC Design Flow User Guide )
- Device authenticity check (see Device Authenticity Check Protocol)
- Overbuild protection
- Secured initial key loading
- Providing job status
- Providing proof of job completion
- Collection of CoCs (see Device Certificate of Conformance (CoC))
- Support for all underlying cryptographic algorithms and generation of cryptographic-quality true random numbers needed above