Secure build environments

Digi Embedded Yocto provides different mechanisms to generate signed and encrypted firmware images. We distinguish between the following environments:

Development, where keys are exposed to the development team. A development environment should not generate production images.
Production, where final signed/encrypted images are generated with one of the four available keys.
Manufacturing, where the signed images and keys are programmed into the devices.

Development environment

In a development environment, your project can be configured to generate signed and encrypted images providing a PKI tree and a Data Encryption Key (dek.bin) directly on the development machine. Developers have direct access to all four (main and backups) sets of keys used, so Digi recommends you separate the development and signing of the firmware so the keys are not exposed.

Production environment

The production environment is a secure environment with access to just one of the four available keys. If this key is compromised and revoked, the production environment must be updated with the new key. See Revoke a key for more information.

A production environment can be set up in one of two ways:

The production build server is a secured development server that uses a TrustFence-enabled project that generates signed (and encrypted) images ready for deployment.
The firmware images are not secured and are generated by a development server, but are signed externally in a secure environment using the standalone signing scripts.

Manufacturing environment

In any case, the manufacturing facility will be provided with:

Signed firmware images.
Plain text Data Encryption Key (dek.bin). The manufacturing facilities need to make sure that the Data Encryption Key is properly protected.