2.2.1.2 Public Keys

Public keys are associated with the ECC private keys. Every ECC private key will have its own unique public key. A couple of slots have been set aside to store public keys for validation purposes. These are often used as secure storage of root-of-trust public keys. The slots for these keys can be operated in two different modes:

• Permanent Public Key - In this mode the required public key should be written to the slot labeled Parent Public Key and the slot locked to make it permanent. The Validated Public Key slot is not used in this mode.
• Securely Updatable Public Key - Here, a parent public key should be written and locked in the Parent Public Key slot. The public key to be validated must then be written to the Validated Public Key slot. Finally, the private key counterpart to the parent public key (off chip) needs to be used to validate the public key to enable its use and prevent unauthorized changes. See Section Validated Public Key for more details on this process.