Factory Key (FK)

The factory key (FK) is a 256-bit symmetric AES key unique to each device. It is a secure, quantum-safe alternative to KFP that can be used to load the user keys if it is selected as the root key for encryption and authentication of the bitstream component containing them. After the user's security settings are loaded, the factory key is automatically disabled for encryption purposes by a user lock bit without any action required by the user.

Since the factory key is a symmetric key, the programmer must know the related key (Diversified Factory Key for every device) in order to prepare bitstreams that can be decrypted by the devices, or to verify that the device is familiar with the factory key. This key mode requires the Microchip SPPS. Microchip customers who use the SPPS solution are given a database of the Diversified Factory Keys (DFKs) upon registering their U-HSM via the Microchip Portal. Upon registration, a UUID is assigned to the U-HSM. The Customer UUID is used to diversify the Diversified Factory Key Database for the customer. This prevents anyone else with a key database and HSM from decrypting another user's bitstream files.

FK is destroyed by the unrecoverable zeroization mode actions. See Zeroization for more information.