⚠️ Caution: This tool is based on storing a randomly generated device secret in the One-Time Programmable (OTP) memory of the Raspberry Pi SoC. The initialization of this secret is irreversible. Please make sure you understand the provided security guarantees before using it for anything serious.
Upon initialization, a randomly generated 256-bit device secret is stored in the OTP memory of the Raspberry Pi SoC. Note that the OTP memory on any board can be programmed only once. This secret is then used as input key material for the HKDF key derivation algorithm using SHA3-512 as the hash function. This enables the derivation of multiple keys from the device secret. Each key is derived from the device secret and additional info material (see HKDF). The device secret should be kept secret and rpi-derive-key does not provide any means of reading it directly. Using it and the info material, any key can be reconstructed. Note that the Raspberry Pi SoC does not provide a hardware-protected store for the secret. Any user in the video group and anyone with physical access to the board can obtain the secret (unless secure boot is used). Via secure boot it is indeed possible to prevent any unauthorized access when deploying Raspberry Pi's in untrusted environments.
If you are interested in commercial support, please contact us.
Irreversibly initialize the device secret:
rpi-derive-key init
The initialization may fail if the firmware does not support storing a private key in OTP memory. You may need to update the firmware or use the generic customer-programable OTP registers instead with:
rpi-derive-key --customer-otp init
To derive a key use
rpi-derive-key gen <BYTES> <INFO>
where <BYTES> is the key size in bytes and <INFO> is some arbitrary string.
For instance:
rpi-derive-key gen 32 fs.root.encryption
By using different values for <INFO> you can generate multiple independent keys.
For testing and debugging purposes, you can fake a device secret by setting the FAKE_RPI_DERIVE_KEY_SECRET environment variable to any secret you like. Please never use this variable in production.
Setting this variable also bypasses initialization via rpi-derive-key init.
Imagine you would like to derive a unique public ID and a secret identification token for each device.
You can derive a Universally Unique Identifier (UUID), using device.id as info material, with:
rpi-derive-key uuid device.id
You can now safely use the resulting UUID as a public device identifier. You do not have to keep it secret because it is impossible to reconstruct other keys or the device secret from it.
In addition to the public ID, you can derive a 256-bit (32 bytes) secret token with:
rpi-derive-key hex 32 device.secret.token
This secret token is supposed to be shared only with trustworthy entities, e.g., it may be sent in HTTP headers to prove the device's identity to a webserver providing device configurations:
wget --header "X-Secret-Token: <SECRET-TOKEN>" https://example.com/<DEVICE-ID>/config.tar.gz
📌 Tip: You should use different keys (with different info material) for different purposes (e.g., fetching updates or configurations). That way, if a key for a given purpose is compromised, all other keys remain secure.
RPi Derive Key is licensed under either MIT or Apache 2.0 at your opinion. Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this project by you, as defined in the Apache 2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Made with ❤️ for OSS by Silitics.