Initial Key Loading

When a device is blank, there are no user secrets on the device that can be used to encrypt the bitstream to load user keys. On the devices, there are three approaches for handling this:

The KLK based approach provides customer not concerned with bitstream security a simple method for programming devices that does not require the SPPS. Because all the devices support the ECDH based scheme, DFK mode is mainly reserved as an alternative quantum-safe mode, in case, quantum computing makes elliptic curve cryptography obsolete. Until then, in most cases, users equipped with the SPPS may want to use the ECDH-based key scheme.