TI provides a OTP Key Writer package which enables the transitioning of the Secure
device life cycle from HS-FS (development variant without security enforcement) to
HS-KP (temporary lifecycle with key provisioned). These provisioning flows are
end-to-end secured and can be utilized for non-secure factory floor
provisioning.
List of Features Supported by Key
Provisioning Flow
This is the support available in 1.01.00 release of
F29x-TIFS-SDK.
- Signed Key writer firmware for
HSM which accepts x.509 customer keys certificate with all Flash OTP fields
configured.
- Supports programming keys at
one-pass customer key certificates.
- Supports RSA-4K, ECDSA secp256R1,
secp384R1, secp521r1, brainpool512r1 based Key Provisioning.
- Supports UART modes for key
programming.
- Supports OpenSSL v3.0.2 and
above.
- Encryption keys (SMEK and BMEK)
are made optional. Public keys (SMPK and BMPK) are mandatory fields.
- Option of using Python script for
generating x.509 certificate.
- Following are the keys
programmable:
- MSV
- SMPK, SMEK
- BMPK, BMEK
- EXT OTP
- KEY COUNT
- SWREV-HSM, SWREV-APP,
SWREV-SBL, SWREV-SSU
- KEY REV