4.1.1.2.2 Updatable Code Signature Verification Keys

Some applications require the ability to update the code signing keys in the case of a key compromise. NIST SP 800-193 Section 3.5.1 states that “proper use of signatures thus necessitates provisions to recover from a key compromise.” In systems that require more robust key management, there are techniques to support recovering from key compromise. Key Rotation of Code Signing Public Keys and Key Revocation of Code Signing Public Keys use cases provide examples of how a system could recover from a key compromise, but other configurations can be created with the underlying dsPIC33A hardware or with the support of external secure elements depending on the system need.