PKCS#11 – Fuse-Derived Key Derivation Keys
The PKCS#11 environment automatically derives Key Derivation Keys (KDK) from the ODM_KDK0 fuse key available for client usage. PKCS#11 Library provides interfaces for key derivation using these keys
The three types of Fuse-Derived KDK keys are as follows:
- NV_OEM_KEY1 – This key is derived directly from ODM_KDK0
- NV_OEM_KEY2 – This key is a device-specific key derived from ODM_KDK0 and the Exclusive Chip ID (ECID)
- NV_OEM_KEY3[SSID] – This key is both device specific and PKCS#11 token specific. It is derived from OEM_KDK0, the ECID, and the PKCS#11 token’s associated Secure Storage ID (SSID).
ODM_KDK0 Root Key
ODM_KDK0 (also known as KDK0) is an ODM-defined root symmetric key from which all fuse-derived KDK keys described below derive. The PKCS#11 environment also uses ODM_KDK0 to derive internal symmetric keys used to wrap and store PKCS#11 objects. These internal keys are not exposed to PKCS#11 clients. ODM_KDK0 is designed to take its key value from the FUSE_KEYS_KDK0_0_0 fuse. Any platform that satisfies one of the following conditions will have the ODM_KDK0 root key value set to equal the FUSE_KEYS_KDK0_0_0 fuse value:
- FUSE_SECURITY_MODE fuse is burned
- FUSE_BOOT_SECURITY_INFO[9] (also known as OEM Key Valid) bit is burned The FUSE_KEYS_KDK0_0_0 fuse is burned by the OEM during the OEM factory fusing process
- FUSE_BOOT_SECURITY_INFO[9] (also known as OEM Key Valid) bit is burned The FUSE_KEYS_KDK0_0_0 fuse is burned by the OEM during the OEM factory fusing process.
Derivation Scheme
The Key Derivation Function(KDF) used to derive the Fused-Derived KDK keys follows a SP800-108-Counter-KDF-HMAC-SHA256(Key=FUSE_KEYS_KDK0_0_0 (ODM_KDK0), L=256, Label=<as_required>, Context=<as_required>) scheme.
- L is 4-byte length and is in big endian
- Counter variable (i) is 4-byte length and is in big endian
- You can find Label and Context in following sections.
- Hexadecimal - Values with the prefix of ‘0x’ indicate that they are hexadecimal.
NV_OEM_KEY1
The key NV_OEM_KEY1 is derived from ODM_KDK0 using SP800-108-Counter-KDF-HMAC-SHA256 scheme, and this key is same for all pre-production devices and for production devices having same ODM_KDK0.
Derivation Information
NV_OEM_KEY1 is derived from ODM_KDK0 key using SP800-108-Counter-KDF-HMAC-SHA256 scheme. Refer to the following table for input data required for NV_OEM_KEY1 derivation.
| Field | Value | Data Type | Size |
|---|---|---|---|
| Key Derivation Key | ODM_KDK0 | Byte Array | 32 bytes |
| Label | “NV_OEM_DERIVED_1” | String (Not NULL-terminated) | 16 bytes |
| Context | 0x00 | Byte Array | 1 byte |
| Key Length | 256 | Unsigned Integer | 4 bytes |
NV_OEM_KEY2
The key NV_OEM_KEY2 is also derived from ODM_KDK0 using SP800-108-Counter-KDF-HMAC-SHA256 scheme. NV_OEM_KEY2 is a device-specific key as ECID is used as the context for the derivation of this key.
Derivation Information
This key is derived from ODM_KDK0 key using SP800-108-Counter-KDF-HMAC-SHA256 scheme. Refer to the following table for input data for NV_OEM_KEY2 key derivation.
| Field | Value | Data Type | Size |
|---|---|---|---|
| Key Derivation Key | ODM_KDK0 | Byte Array | 32 bytes |
| Label | “NV_OEM_DERIVED_2” | String (Not NULL-terminated) | 16 bytes |
| Context | ECID | Byte Array | 16 bytes |
| Key Length | 256 | Unsigned Integer | 4 bytes |
NV_OEM_KEY3
The key NV_OEM_KEY3 is also derived from ODM_KDK0 using SP800-108-Counter-KDF-HMAC-SHA256 scheme. This key includes Secure Storage Instance ID along with ECID as Context during key derivation which makes the key as PKCS#11 token unique.
Derivation Information
This key is derived from ODM_KDK0 key using SP800-108-Counter-KDF-HMAC-SHA256 scheme. Refer to the following table for input data for NV_OEM_KEY3 key derivation.
| Field | Value | Data Type | Size |
|---|---|---|---|
| Key Derivation Key | ODM_KDK0 | Byte Array | 32 bytes |
| Label | “NV_OEM_DERIVED_3” | String (Not NULL-terminated) | 16 bytes |
| Context | ECID Secure Storage Instance | Byte Array | 20 bytes |
| Key Length | 256 | Unsigned Integer | 4 bytes |
The format of context for deriving NV_OEM_KEY3 is different from the one for NV_OEM_KEY2. The 4-byte Secure Storage instance ID is concatenated to 16-byte ECID in big endian.
Secure Storage Instance ID
Orin supports multiple PKCS#11 tokens, and each token has its assigned Secure Storage Instance ID. The value of Secure Storage Instance ID is a 4-byte byte array found with each token’s model name. Refer to the "PKCS#11 - Implementation Details" topic in this developer guide for details.