2.2 EEPROM Configuration Zone

The SHA104-TFLXAUTH configuration is largely fixed and cannot be modified by the customer. Relevant information about how the device is configured is shown below, as well as the parameters that may be modified with the TPDS tools.

Device Configuration Information

  • The serial number for each device is unique and stored in bytes [0:8] of configuration subzone #1. Default values of bytes [0:1] are 0x01 0x23 and byte[8] is 0xEE. All other bytes are unique.
  • The default 7-bit I2C address is 0x41. The I2C address can be overwritten by writing CSZ3.
  • The I/O levels are set to be VCC referenced by default. This allows for the full operating voltage range to be available.
  • Maximum command speed is enabled by setting the clock speed of the device to divide by 1.
  • Monotonic counters are available for use by the system. By default, the counter is not attached to any keys.
  • The SelfTest mode is set to standard operation, which does not require the self tests to be run prior to executing a command.
  • A Health Test Failure will be cleared after any time that a command fails as a result of a health test failure. If the failure symptom is transient, the command is expected to pass when run a second time.
  • By default, Slot[3] can be written in the clear.

Modifiable Configuration Information

Through use of the TPDS tools, the following parameters may be modified provided the zones were not already locked.

  • I2C address
  • I/O levels can be modified to have a fixed reference. This allows for the I2C Bus to run at a lower voltage level than the SHA104-TFLXAUTH supply. Supply is limited to a minimum of 2.0V in this mode.
  • Data Slot[3] can be required to only allow encrypted writes.
  • The initial Counter value can be limited to something less than 10,000.
  • Health Tests can be set to require manual clearing through use of a power-up or sleep-wake cycle.
  • Monotonic Counters can be attached to the symmetric key to limit the total number of uses of the device.
  • Serial Number byte[8] can be modified from the default values to uniquely identify a given customer or application. The specific value used will be assigned by Microchip.
    Important: For proper operation, the SN[0:1] and SN[8] bytes must be identical between the host side security devices and the client side devices as they are automatically included in some cryptographic operations. SN[2:7] bytes will always be unique between all devices.