From 95c9fbff7a131fcf892d687d200142e9ce6c5300 Mon Sep 17 00:00:00 2001
From: Brad Campbell <bradjc5@gmail.com>
Date: Tue, 16 Jun 2026 15:28:48 -0400
Subject: [PATCH] kernel attrs: document public keys

---
 src/doc/kernel_attributes.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/doc/kernel_attributes.md b/src/doc/kernel_attributes.md
index 5ba090a..f840c63 100644
--- a/src/doc/kernel_attributes.md
+++ b/src/doc/kernel_attributes.md
@@ -131,6 +131,30 @@ Specifies the current version of the Tock kernel.
   1 indicates a development release, where 2 means alpha, 3 means beta, etc.
   Little endian.
 
+### Public Key (0x0104)
+
+Encodes a public key the kernel can use for encrypting or signature
+verification. Having a TLV for public keys simplifies adding a key to an
+existing kernel binary.
+
+```text
+0          1          2          3          4 (bytes)
++----------+----------+----------+----------+
+| Metadata                                  |
++----------+----------+----------+----------+
+| Reserved            | Algorithm           |
++----------+----------+----------+----------+
+| Type = 0x0104       | Length = 8          |
++----------+----------+----------+----------+
+```
+
+- Algorithm: `u16`. The key algorithm. Little endian. List of known algorithms:
+  - `0x06`: ECDSAP256
+- Reserved: `u16`. Reserved field.
+- Metadata: `u32`. A metadata identifier for the key. This allows the kernel to
+  identify they key, and associate privileges or permissions associated with the
+  key. Little endian.
+
 ## Kernel Attributes Location
 
 Kernel attributes are stored at the end of the kernel's flash region and