Glossary of cryptography terms

CA

Certificate authority, the entity that issues digital certificates.

CAAM

Cryptographic Accelerator and Assurance Module, a hardware module on the System-On-Chip which provides hardware-accelerated crypto capabilities.

CSF

Command Sequence File, a binary blob attached to signed U-Boot images that contains the signatures, certificates, and commands to configure the CAAM for the decryption and authentication processes.

DEK

Data Encryption Key, secret key used in the encryption of U-Boot and the Linux kernel.

HAB

High Assurance Boot, firmware in the processor's boot ROM in charge of authenticating boot images.

OTP

One-Time Programmable bits, also referred to as electronic fuses or eFuses.

OTPMK

One-Time Programmable Master Key, a unique key stored by the CPU manufacturer on the CPU's OTP bits used by the CAAM on closed devices.

PKI

Public Key Infrastructure, a set of certificates and private keys that Digi Embedded Yocto uses to sign the firmware images.

RSA

The Rivest-Shamir-Adleman cryptosystem for public-key encryption.

SRK

Super Root Keys, stored as hashes in the CPU's OTP bits and used by the HAB for image authentication.