主权项 |
1. A method of provisioning a module with cryptographic parameters, wherein the module comprises a first nonvolatile memory, a second nonvolatile memory, a third nonvolatile memory, and a processor, the method comprising:
storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory; and storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, wherein the first program is configured to:
generate, within the module and using the processor, a memory protection key and a bootstrap key;encrypt, within the module, the memory protection key using the bootstrap key, whereby encrypting the memory protection key with the bootstrap key generates an encrypted memory protection key and a first authenticator;store, within the first nonvolatile memory, the encrypted memory protection key and the first authenticator; andstore, within the second nonvolatile memory, the bootstrap key; andpass the encrypted memory protection key outside the module using a first program command; receiving, via an interface, the encrypted memory protection key as a returned encrypted memory protection key; and storing the returned encrypted memory protection key in a third nonvolatile memory. |