12.1.2. Attestation Key Provisioning Processes

Attestation key provisioning is the process that occurs in the factory or elsewhere to establish signing key material on the device and the validation key material off the device. Sometimes, this procedure is referred to as "personalization" or "customization".

When generating keys off-device in the factory or in the device, the use of a cryptographically strong sequence ([RFC4086], Section 6.2) needs consideration.

12.1.2.1. Off-Device Key Generation

One way to provision key material is to first generate it external to the device and then copy the key onto the device. In this case, confidentiality protection of the generator and the path over which the key is provisioned is necessary. The manufacturer needs to take care to protect corresponding key material with measures appropriate for its value.

The degree of protection afforded to this key material can vary by the intended function of the device and the specific practices of the device manufacturer or integrator. The confidentiality protection is fundamentally based upon some amount of physical protection. While encryption is often used to provide confidentiality when a key is conveyed across a factory where the attestation key is created or applied, it must be available in an unencrypted form. The physical protection can therefore vary from situations where the key is unencrypted only within carefully controlled secure enclaves within silicon to situations where an entire facility is considered secure by the simple means of locked doors and limited access.

The cryptography that is used to enable confidentiality protection of the attestation key comes with its own requirements to be secured. This results in recursive problems, as the key material used to provision attestation keys must again somehow have been provisioned securely beforehand (requiring an additional level of protection and so on).

Commonly, a combination of some physical security measures and some cryptographic measures are used to establish confidentiality protection.

12.1.2.2. On-Device Key Generation

When key material is generated within a device and the secret part of it never leaves the device, the problem may lessen. For public-key cryptography, it is not necessary to maintain confidentiality of the public key. However, integrity of the chain of custody of the public key is necessary in order to avoid attacks where an attacker is able to get a key endorsed that the attacker controls.

To summarize, attestation key provisioning must ensure that only valid attestation key material is established in Attesters.