UM2262 Rev 6 71/94
UM2262 Cryptographic schemes handling
93
Appendix D Cryptographic schemes handling
Four cryptographic schemes are provided as example to illustrate the cryptographic
operations. The default cryptographic scheme uses both symmetric (AES-CBC) and
asymmetric (ECDSA) cryptography. So, it handles a private key (AES128 private key) as
well as a public key (ECC key).
Two alternate schemes are provided. They are selected by means of a SECoreBin compiler
switch (named "SECBOOT_CRYPTO_SCHEME").
The X509 certificate-based asymmetric scheme is configured in STSAFE-A variant.
D.1 Cryptographic schemes contained in this package
Table 8 shows the cryptographic scheme selected with the SECBOOT_CRYPTO_SCHEME
compiler switch.
Table 8. Cryptographic scheme list
SECBOOT_CRYPTO_SCHEME value Authentication Confidentiality Integrity
SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256 (default) ECDSA AES128-CBC SHA256
SECBOOT_ECCDSA_WITH_AES128_CTR_SHA256
(1)
ECDSA AES128-CTR SHA256
SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256 ECDSA None
(2)
SHA256
SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM
(3)
AES-GCM
SECBOOT_X509_ECDSA_WITHOUT_ENCRYPT_SHA256 ECDSA
None
(2)
SHA256
1. This cryptographic scheme is selected for products with external Flash and OTFDEC support.
2. The SBSFU project must also be configured to deal with a clear firmware image by setting the
SFU_IMAGE_PROGRAMMING_TYPE compiler switch to the value SFU_CLEAR_IMAGE.
3. For the symmetric cryptographic scheme, it is highly recommended to configure a unique symmetric key for each product.
To Next Page
Loading...
