KUP Key Mode

KUP is the 384-bit NIST P-384 user private ECC key. It is protected by SRAM-PUF, neither leaves the device nor is it ever exported to the user of the FPGA internally. The key is randomly generated by the device during the initial key loading process using SPPS. This key can be used for secure initial loading of User keys (such as UEK1 and UEK2) using SPPS. The corresponding public ECC key can be exported. When the public key is exported, it is signed by the device's factory certified ECC private key. This provides a verifiable method of creating a NIST ECC P-384 key pair and securely exporting the public key in a way that can avoid man-in-the-middle attacks on it.