Validating the coprocessor software loads
When the coprocessor is shipped from the factory, it has within it the public key that is needed to validate replacement software for Segment 1.
To load code into coprocessor Segment 2 and Segment 3, for each
segment follow these steps:
- Identify an owner for the segment by using an Establish Owner command. The owner identifier is only accepted if the digital signature associated with this identifier can be validated by the public key that is residing with the immediately lower segment. Once established, ownership remains in effect until a Surrender Owner command is processed by the coprocessor.
- Load the segment to the code. Two different commands are available.
- Initially use the Load command. The Load command
data includes a public key certificate that must be validated by the
public key that is present on the next lower segment. The coprocessor
accepts the code and retains the validated public key for the segment
if one of the condition is satisfied:
- The certificate is validated.
- The data of the owner identifier in the Load command matches the current ownership that is held by the coprocessor for the segment.
- The complete data in the Load command can be validated by the public key in the certificate that was used for validation.
- If a segment already has a public key, a Reload command can be used to replace the code in a segment. The coprocessor actions are the same as for a Load command, except that the included certificate must be validated by the public key associated with the target segment rather than the key associated with the next lower segment.
- Initially use the Load command. The Load command
data includes a public key certificate that must be validated by the
public key that is present on the next lower segment. The coprocessor
accepts the code and retains the validated public key for the segment
if one of the condition is satisfied:
The embedded operating system, working with the coprocessor hardware, can store security-relevant data items (SRDIs) on behalf of itself and an application in Segment 3. The SRDIs are zeroized upon tamper detection, loading of segment software, or processing a Surrender Owner command of a segment. The SRDIs for a segment are not zeroized when the Reload command is used. The CCA application stores the master keys, the function control vector (FCV), the access control tables, and the retained RSA private keys as SRDI information that is associated with Segment 3.
IBM® signs its own software. If another vendor
intends to supply software for the coprocessor, that vendor's Establish
Owner command and the code-signing public key certificate must
be signed by IBM under a suitable contract. These restrictions
make sure that the following conditions are satisfied:
- Only authorized code can be loaded into the coprocessor.
- Government restrictions are met relating to the import and export of cryptographic implementations.
1 In this publication, the terms load and reload are
used. Other documentation might refer to these operations as emergency
burn (EmBurn), and regular burn or remote
burn (RemBurn).