Factory ECC Key

The Factory ECC Key (KFP) is the device unique 384-bit private NIST P-384 elliptic curve key. The corresponding public key (KFPK), unique for each device, is certified in the device's X.509 supply chain assurance certificate.

The primary use model is to support initial loading of user keys, wherein an ECDH operation is executed to derive a shared secret key to encrypt a bitstream containing the user keys. Since the public key is certified by Microchip in the supply chain assurance certificate, the user can be assured that the communication transpires with an authentic device and not a clone or a man-in-the-middle. KFP can also be used as a signing key for device-generated certificates via Digital Signature system service. For more information, see PolarFire FPGA and PolarFire SoC FPGA System Services User Guide. Therefore, the authenticity of any such certificate can be checked using the public key from the supply chain assurance certificate, providing a strong cryptographic chain to Microchip and the device PUF.

To utilize KFP and the associated public-key method to provision user keys into a device requires use of the optional Secure Production Programming Solution (SPPS) available from Microchip.

There are two available key modes based on factory ECC key: