frphank's avatar
frphank 1 month ago
> they export the key to the insecure MCU once the boot is complete Why would they do that? An SE can sign on-chip which is its very purpose. Can you point me to the code in any open source firmware implementation where that happens? I don't even believe SEs have functionality to export persistent keys.
↑ Parent

Replies (2)

semisol's avatar
semisol semisol@nostr.land 1 month ago
They use an authenticated data storage slot. All of the ones using ATECC series do this. It has data storage slots & a few ECC key slots. Of course it’s P-256 only (not secp256k1) and only supports signing, so you get this. Same thing with Infineon Optiga based ones which can’t do the required algorithms for Bitcoin but can at least keep more types of keys on SE.
1 replies ↓
frphank's avatar
frphank 1 month ago
Oww #btcfail. Satoshi had to have his funky off-beat curve for no other reason than to be funky. SE050 does secp256k1 afaik so no excuses there.
1 replies ↓