黑密钥存储解决方案使用加密强度极高的密钥加密密钥 (KEK)(从 PUF 生成)来加密用户密钥。随后,生成的黑密钥可存储在 eFUSE 中或者包含在经过身份验证的启动头文件内。示例:
test:
{
bh_kek_iv = black_iv.txt
bh_keyfile = black_key.txt
puf_file = pufdata.txt
boot_config {puf4kmode}
image
{
{type=bootloader, encryption = aes, keysrc=bh_blk_key, pufhd_bh, aeskeyfile = red_grey.nky, file=plm.elf}
{type=pmcdata,load=0xf2000000, aeskeyfile = pmcdata.nky, file=pmc_data.cdo}
{core=psm, file=psm.elf}
{type=cdo, file=ps_data.cdo}
{type=cdo, file=subsystem.cdo}
{core=a72-0, exception_level = el-3, file=hello_world.elf}
}
}