Good key management practices includes minimizing the use of secret or private keys. This can be accomplished using the OP key option enabled in bootgen. When enabled, the encrypted secure header in the FSBL will contain nothing more than the OP key, which is user specified, and the initialization vector (IV) needed for the first block of the configuration file. The result is that the AES key stored on the device, in either the BBRAM or eFUSEs, is used for only 384 bits, which significantly limits its exposure to side channel attacks. This Figure explains how the OP key is used to minimize the use of the AES device key and integrate into the key rolling technique described in DPA Resistance.
The device key is used to decrypt the secure header which results in the OP key and the IV of the first block of the FSBL. The first encrypted block of the FSBL (shown as Block0-CT) is then decrypted using the IV and OP key. The result is the decrypted version of the first FSBL block (shown as Block0-PT) and the key and IV needed to decrypt the next block. This process continues until the entire FSBL is decrypted. Note that this process is entirely transparent. The bootgen option and the value of the OP key are user specified, but the rest is handled automatically by the tools and silicon.
Once the OP key is used, it becomes the device key and the device key selection cannot be changed back to the BBRAM or eFUSE key without a POR. The user can still choose between the KUP and the OP key (see This Figure). When bootgen creates a single boot image with multiple encrypted partitions, it automatically encrypts the partitions with the OP key. However, if a customer chooses to create multiple boot images with encrypted partitions, the customer must provide bootgen the OP key value as the AES key so the partitions are encrypted correctly.