Glossary of cryptography terms

CA
Certificate authority, the entity that issues digital certificates.
CAAM
Cryptographic Accelerator and Assurance Module, a hardware module on the System-On-Chip which provides hardware-accelerated crypto capabilities.
CSF
Command Sequence File, a binary blob attached to signed U-Boot images that contains the signatures, certificates, and commands to configure the CAAM for the decryption and authentication processes.
DEK
Data Encryption Key, secret key used in the encryption of U-Boot and the Linux kernel.
HAB
High Assurance Boot, firmware in the processor's boot ROM in charge of authenticating boot images.
OTP
One-Time Programmable bits, also referred to as electronic fuses or eFuses.
OTPMK
One-Time Programmable Master Key, a unique key stored by the CPU manufacturer on the CPU's OTP bits used by the CAAM on closed devices.
PKI
Public Key Infrastructure, a set of certificates and private keys that Digi Embedded Yocto uses to sign the firmware images.
RSA
The Rivest-Shamir-Adleman cryptosystem for public-key encryption.
SRK
Super Root Keys, stored as hashes in the CPU's OTP bits and used by the HAB for image authentication.