-
BK: Blob Key, a random 256-bit AES-CCM key that encrypts the data on a CAAM blob.
-
BKEK: Blob Key Encryption Key, a 256-bit AES-ECB derived key that encrypts the BK in CAAM blobs.
-
CA: Certificate Authority, the entity that issues digital certificates.
-
CAAM: Cryptographic Accelerator and Assurance Module, a hardware module on the System-On-Chip which provides hardware-accelerated crypto capabilities.
-
CSF: Command Sequence File, a binary blob attached to signed U-Boot images that contains the signatures, certificates, and commands to configure the CAAM for the decryption and authentication processes.
-
DEK: Data Encryption Key, secret key used in the encryption of boot artifacts (such as U-Boot, Linux images, device tree blobs and bootscripts).
-
HAB: High Assurance Boot, firmware in the processor’s boot ROM in charge of authenticating boot images.
-
NVTK: Non-Volatile Test Key, a 256-bit key hardwired into the CAAM that is used on open (not secure enabled) devices as a replacement for the OTPMK. The NVTK value is public knowledge and is common to all parts, so its usage is not secure: it should only be used for testing.
-
OTP: One-Time Programmable bits, also referred to as electronic fuses or eFuses.
-
OTPMK: One-Time Programmable Master Key, a unique 256-bit key stored by the CPU manufacturer on the CPU’s OTP bits and used by the CAAM only on closed (secure boot enabled) devices.
-
PKI: Public Key Infrastructure, a set of certificates and private keys that Digi Embedded Yocto uses to sign the firmware images.
-
RSA: The Rivest-Shamir-Adleman cryptosystem for public-key encryption.
-
SRK: Super Root Keys, stored as hashes in the CPU’s OTP bits and used by the HAB for image authentication.
- Get started
-
Digi Embedded Yocto
- Application development
- Yocto system development
- Known issues and limitations
- Recover your device
- Enable support for a Fusion display
-
Linux kernel BSP
- Device tree files
- Pin multiplexing (IOMUX)
- ADC
- Audio
- Bluetooth
- Camera
- CAN
- Cellular
- Cryptochip
- Cryptographic accelerator
- Ethernet
- GPIO
- I2C
- MMC/SD/SDIO
- OTP bits
- PCI Express (PCIe)
- DA9063 Power Management IC
- Power management
- PWM
- Real-Time Clock (RTC)
- SATA
- SPI
- Touch screen
- UART
- USB
- Video
- Watchdog
- Wi-Fi
- XBee socket
- Digi TrustFence for Yocto
- Hardware
- Additional resources
Glossary of cryptography terms
On this page:
This topic for another platform?