2.2.5 Factory ECC Key
(Ask a Question)The Factory ECC Key (KFP) is the device unique 384-bit private NIST P-384 elliptic curve key. The corresponding public key (KFPK), unique for each device, is certified in the device's X.509 supply chain assurance certificate.
The primary use model is to support initial loading of user keys, wherein an ECDH operation is executed to derive a shared secret key to encrypt a bitstream containing the user keys. Since the public key is certified by Microchip in the supply chain assurance certificate, the user can be assured that the communication transpires with an authentic device and not a clone or a man-in-the-middle. KFP can also be used as a signing key for device-generated certificates via Digital Signature system service. For more information, see PolarFire FPGA and PolarFire SoC FPGA System Services User Guide. Therefore, the authenticity of any such certificate can be checked using the public key from the supply chain assurance certificate, providing a strong cryptographic chain to Microchip and the device PUF.
To utilize KFP and the associated public-key method to provision user keys into a device requires use of the optional Secure Production Programming Solution (SPPS) available from Microchip.
There are two available key modes based on factory ECC key:
- One key mode is KFP, in which the device uses the certified key pair and the HSM uses a randomly generated ephemeral key pair. They follow the ECDH protocol to derive the shared secret key.
- The other key mode is KFPE, in which the device uses the certified key pair along with a second randomly generated ephemeral key pair, and the HSM uses two randomly generated ephemeral key pairs. In this case, the ECDH protocol is run twice, which results in two shared secret keys that are used in another round of key derivation to generate a single shared secret key. This key mode is preferred over KFP key mode, since it uses randomly generated key pairs and therefore is more secure. However, this key mode takes longer, because there are two ECDH operations and key generations.