Digi Embedded Yocto provides different mechanisms to generate signed and encrypted firmware images. We distinguish between the following environments:
Development, where keys are exposed to the development team. A development environment should not generate production images.
Production, where final signed/encrypted images are generated with one of the four available keys.
Manufacturing, where the signed images and public keys are programmed into the devices.
In a development environment, your project can be configured to generate signed images providing a PKI tree directly on the development machine. Developers have direct access to all four (main and backups) sets of keys used, so Digi recommends you separate the development and signing of the firmware so the keys are not exposed.
The production environment is a secure environment with access to just one of the four available keys. If this key is compromised and revoked, the production environment must be updated with the new key. See Revoke a key for more information.
A production environment can be set up in one of two ways:
The production build server is a secured development server that uses a TrustFence-enabled project that generates signed images ready for deployment.
The firmware images are not secured and are generated by a development server, but are signed externally in a secure environment using the standalone signing scripts.
In any case, the manufacturing facility will be provided with:
Signed firmware images. The manufacturing facilities need to make sure that the Data Encryption Key is properly protected.