Abstract: This document describes techniques and systems for providing trusted computing for digital devices. The techniques and systems may use cryptographic algorithms to provide trusted computing and processing. By doing so, the techniques help ensure authentic computation and prevent nefarious acts. For example, a method is described that receives a signature associated with a designee and validates the signature. The signature may be associated with a designee of a host computing device, and the signature may be generated according to firmware associated with an integrated circuit of the host computing device and a first private key of a first asymmetric key pair. Signature validation may be based on a second asymmetric key pair having a second private key and a second public key, the second private key stored in write-once memory of the host computing device.

Abstract: This document describes systems and techniques for deriving identity and root keys for embedded systems. In aspects, a boot process and key manager of an embedded system may implement a secure or trusted boot process for embedded systems in which code of next-level boot loader or software image is verified using root keys or other protected information before execution of the boot process is passed to the next stage in the boot process. Alternatively or additionally, the key manager may enable sealing and attestation of various levels of root and identity keys to enable respective verification of software or hardware throughout a life cycle of a device to prevent unauthorized access to protected or private code of an embedded system. By so doing, the described aspects may enable an embedded system with a secure boot process and robust identity and root key management system.