As supply chains become ever more complex, confidence in the security of a system increasingly relies on being able to attest to the authenticity and provenance of all the components in that system. This includes low level firmware and hardware. Standards for robust and cryptographically secure attestation for hardware devices and associated firmware are maturing. However, there is a certification gap.A common element in many of these standards is a requirement for a unique public/private asymmetric key pair to be associated with each device. Many of these devices do not have secure on-board non-volatile storage in which to store the keys, requiring the same key pair to be derived each time the device is powered up. The US National Institute of Standards and Technology (NIST), who define standards used in designing and implementing cryptographic modules, does not define an approved mechanism for deterministic asymmetric key generation. This paper proposes a method for deterministically deriving asymmetric keys from cryptographic keys in order to address this certification gap.