4.2 Microchip ATECC508A

The ATECC608B is designed to be fully compatible with the ATECC508A devices with the limited exception of the functions listed below. If the ATECC608B is properly configured, software written for the ATECC508A will work with the ATECC608B without any required changes, again with the exception of the functions listed below.

Note: Most elements of the configuration zone in the ATECC608B are identical in both location and value with the ATECC508A. However, the initial values that had been stored in the LastKeyUse field may need to be changed to conform to the new definition of those bytes which can be found in this document. That field contained the initial count for the Slot 15 limited use function which is supported in the ATECC608B via the monotonic counters.
CAUTION: The execution times of commands have changed between the ATECC608B and the ATECC508A. These changes will not cause an issue if polling has been implemented. If fixed timing has been used, this must be evaluated and updated as required.

New Features in ATECC608B vs. ATECC508A

  • Secure boot function with IO encryption and authentication
  • KDF command, supporting PRF, HKDF, AES
  • AES command, including encrypt/decrypt
  • GFM calculation function for GCM AEAD mode of AES
  • Updated NIST SP800-90 A/B/C Random Number Generator
  • Flexible SHA/HMAC command with context save/restore
  • SHA command execution time significantly reduced
  • Volatile Key Permitting to prevent device transfer
  • Transport Key Locking to protect programmed devices during delivery
  • Counter Limit Match function
  • Ephemeral key generation in SRAM, also supported with ECDH and KDF
  • Verify command output can be validated with a MAC
  • Encrypted output for ECDH
  • Added self test command, optional automatic power-on self test
  • Unaligned public key for built-in X.509 cert key validation
  • Optional power reduction at increased execution time
  • Programmable I2C address after data (secret) zone lock

Features Eliminated in ATECC608B vs. ATECC508A

  • HMAC command removed, replaced via new more powerful SHA command
  • OTP consumption mode eliminated, now read only
  • Pause command eliminated along with related Selector function in UpdateExtra
  • Slot 15 special limited use eliminated, replaced with standard monotonic counter limited use
  • SHA command no longer uses TempKey during the digest calculation and the result in TempKey is unchanged throughout the SHA operation. TempKey can however still be used to initialize the SHA for the HMAC_Start or to store the final digest.