14.6.1.3 Security Key Setup

The setup of the key is prepared by setting the AES_MODE bit in the AES_CTRL register (AES_CTRL-AES_MODE) to '1'. Afterwards the 128-bit key must be written to the AES_KEY registers. It is recommended to combine the setting of AES_CTRL register and the 128-bit key transfer using only one SRAM access starting from address 0x83.

The address space for the 128-bit key and 128-bit data is identical from programming point of view. However, both use different pages which are selected by the AES_MODE bits in the AES_CTRL register (AES_CTRL.AEC_MODE) before storing the data.

A read access to the AES_KEY registers (0x84 – 0x93) returns the last round key of the preceding security operation. After an ECB encryption operation, this is the key that is required for the corresponding ECB decryption operation. However, the initial AES key, written to the security module in advance of an AES run (step one ithe AES Engine Configuration Steps table) is not modified during the AES operation. This initial key is used for the next AES run even it cannot be read from AES_KEY.

Note: ECB decryption is not required for IEEE 802.15.4 or ZigBee security processing. The AT86RF212B provides this functionality as an additional feature.