I want to understand key-protection approaches from an implementation standpoint choices against physical-security on general-purpose devices. Assume levels similar to FIPS 140: L1: None → Low, L2: Low → Medium, L3: Medium → High and L4: High → Critical.
Do the following implementation approaches sound reasonable?
- L1 (Basic - no physical attacks considered): Encryption of private cryptographic keys at rest in user space (e.g., openCryptoki sw only) using FIPS-validated crypto user space libraries with a software PRNG.
- L2 (Tamper Evidence): Trusted execution environment with CPU-isolated storage for private keys, with a (software or hardware?) PRNG/TRNG.
- L3 (Tamper Resistance): TPM2 or SE for hw-isolated keys.
- L4: SE or HSM for hw-isolated keys.
