Glossary of cryptography terms
- CA
- Certificate authority, the entity that issues digital certificates.
- CAAM
- Cryptographic Accelerator and Assurance Module, a hardware module on the System-On-Chip which provides hardware-accelerated crypto capabilities.
- CSF
- Command Sequence File, a binary blob attached to signed U-Boot images that contains the signatures, certificates, and commands to configure the CAAM for the decryption and authentication processes.
- DEK
- Data Encryption Key, secret key used in the encryption of U-Boot and the Linux kernel.
- HAB
- High Assurance Boot, firmware in the processor's boot ROM in charge of authenticating boot images.
- OTP
- One-Time Programmable bits, also referred to as electronic fuses or eFuses.
- OTPMK
- One-Time Programmable Master Key, a unique key stored by the CPU manufacturer on the CPU's OTP bits used by the CAAM on closed devices.
- PKI
- Public Key Infrastructure, a set of certificates and private keys that Digi Embedded Yocto uses to sign the firmware images.
- RSA
- The Rivest-Shamir-Adleman cryptosystem for public-key encryption.
- SRK
- Super Root Keys, stored as hashes in the CPU's OTP bits and used by the HAB for image authentication.