2.2.1.5 I/O Protection Key

The Verify, ECDH, and KDF commands can optionally use the I/O protection feature to encrypt some parameters and validate (via MAC) some responses. This is to help protect against man-in-the-middle attacks on the physical I2C bus. However, before this feature can be used, the MCU and ATECC608B-TNGTLS need to generate and save a unique I/O protection key, essentially pairing the MCU and ATECC608B-TNGTLS devices to each other. The pairing process must happen on the first boot.

I/O protection key generation:

  1. MCU uses a random command to generate a random 32-byte I/O protection key.
  2. MCU saves the I/O protection key in its internal Flash.
  3. MCU writes the I/O protection key to the I/O protection key slot.
  4. MCU slot locks that slot to make the I/O protection key permanent.

As a pairing check, the MCU could use the MAC command to issue a challenge to the I/O protection key and verify that the I/O protection key stored in Flash matches the one in the ATECC608B-TNGTLS.