2.2.4 ATECC608B-TFLXTLS Detailed Slot Access Policies

Additional flexibility has been built into the Slot Access Policies of the ATECC608B-TFLXTLS device over that of the ATECC608A-TNGTLS. This flexibility occurs in two areas:
  1. Whether slots are permanently locked or slot lockable.
  2. Whether Secure Boot is connected to a key and the Persistent Latch.

Slot Locking Options

Slot locking options are called out for each individual slot and will be one of two types.

Slot Lockable
A slot that has the slot lock option set allows for the end user to lock the slot at some point in the future after the initial manufacturing phase. This can be used to allow for a key to be set during a subsequent manufacturing step outside of Microchip or by the end user. The slot can be locked using the Lock command. Once the slot has been locked, no future modifications to the data in the slot is possible.
Permanent Lock
A permanently locked slot is never able to be updated once it leaves the Microchip manufacturing facilities. The correct data or key must be provided to Microchip prior to the provisioning of these devices.

Secure Boot Option

The Secure Boot Access Policies provide an option to limit what commands are run prior to a successful secure boot or to provide unlimited command access. The Private Key in Slot 0 may be set to require a Secure Boot before this key will be authorized for use for most commands. To use this feature, a change to the SecureBoot Configuration Settings and to the Key Configuration values are required. These configuration changes will set the Persistent Latch upon a successful Secure Boot. The Slot Access Policy changes for Slot 0 tie usage of the key to the Persistent Latch being set.

Persistent Latch Operation

The Persistent Latch will retain state even during Idle and Sleep modes. This allows for a single Secure Boot operation to be run only once after initial power-up. If the device supply voltage goes below the minimum allowed value, the Persistent Latch will be reset and a new Secure Boot operation will need to be performed.

Prototype Units

Prototype units come with a specific default configuration that cannot be changed. The default configuration have all slots options set to Slot Lockable. This provides maximum flexibility when developing software to reprogram keys by an application. The final configuration does not need to be set this way. The Secure Boot option is not available with the prototype units. This option can only be selected for production units. Prototype units are also only available with an I2C interface.

Detailed Slot Configurations

The following tables provide a more detailed description of the slot configuration and key configuration settings for each configured slot on the device. Relevant commands and command modes applicable to each configured slot are included. The table provides all allowed Key and Slot Configuration Values available for the ATECC608B-TFLXTLS device on a slot by slot basis. These options are available for both I2C and SWI options.

Table 2-3. Slot 0 Configuration Information
Slot Configuration Value Description of Enabled Features
0 Option 1: Persistent Latch is not connected to Slot
Key: Primary Private Key
  • Contains P256 NIST ECC private key
  • The corresponding public key can always be generated
  • Random nonce is required
Slot:
  • Slot is secret
  • Can sign external messages
  • Can use with ECDH command
Option 2: Slot is Connected to Persistent Latch
Key:
  • Same as Option 1
  • Persistent Disable Option Enabled
Slot:
  • Same as Option 1
Table 2-4. Slot 1 Configuration Information
Slot Configuration Value Description of Enabled Features
1 Key: Internal Sign Private Key
  • Contains P256 NIST ECC private key
  • The corresponding public key can always be generated
  • Random nonce is required
Slot:
  • Slot is secret
  • Can sign internal messages generated by GenDig or GenKey
  • ECDH disabled
Table 2-5. Slot and Key Configuration Slots 2-4
Slot Configuration Value Description of Enabled Features
2,3 or 4 Option 1: Slot Lockable
Key: Secondary Private Keys 1-3
  • Contains P256 NIST ECC private key
  • The corresponding public key can always be generated
  • Random nonce is required
  • This slot can be individually locked
Slot:
  • GenKey can be used to generate a new ECC private key in this slot prior to locking
  • Slot is secret
  • Can sign external messages
  • Can use with ECDH command
Option 2: Permanent Key
Key:
  • Same as Option 1 except slot is permanently locked
Slot:
  • Same as Option 1 except GenKey can not be used
Table 2-6. Slot 5 Configuration Information
Slot Configuration Value Description of Enabled Features
5 Option #1 Slot Lockable
Key: Secret Key
  • Slot can store up to 2 AES 128-bit (16 byte) symmetric keys
  • This slot can be individually locked
Slot:
  • New symmetric key can be written with an encrypted write only
  • Key in slot 6 is the key used to encrypt the write
  • The contents of the slot are secret
  • Slot cannot be used for the CheckMac Copy command
Option #2 Permanent Key
Key:
  • Same as Option 1 except slot is permanently locked
Slot:
  • Same as Option 1 except an Encrypted Write can not be performed
Table 2-7. Slot 6 Configuration Information
Slot Configuration Value Description of Enabled Features
6 Option #1: Slot is Lockable
Key: IO Protection Key
  • Can contain a SHA256 symmetric key or other data. If the IO protection key is not used, this slot can be used for other data
  • A random nonce is required when this key is used
  • This slot can be individually locked
Slot:
  • Data can be written in the Clear
  • The contents of this slot are secret and cannot be read
  • Slot cannot be used for the CheckMac Copy command
Option 2: Permanent Lock
Key:
  • Same as Option 1 except slot is permanently locked
Slot:
  • Same as Option 1 except the slot cannot be written/
CAUTION: In general, the I/O protection key stored in Slot 6 must be left to be Slot Lockable. In most cases the I/O Protection key is often unique to each device. If for some use case the I/O Protection key is the same for all devices then a Permanent Lock Option can be selected.
Table 2-8. Slot 7 Configuration Information
Slot Configuration Value Description of Enabled Features
7 Key: Secure Boot Digest
  • This slot is designated to be used for other data.
Slot:
  • This slot cannot be directly written or read
  • This slot is secret and cannot be used by the MAC command
  • This slot cannot be used for CheckMac Copy command
Table 2-9. Slot 8 Configuration Information
Slot Configuration Value Description of Enabled Features
8 Option 1: Slot Lockable
Key: General Data
  • This slot is designated for use with general data
  • Slot is lockable
Slot:
  • Clear text writes and reads are permitted to this slot
  • Slot cannot be used for the CheckMac Copy command
Option 2: Permanent Lock
Key:
  • Same as Option 1 except slot is permanently locked
Slot:
  • Same as Option 1 except the slot cannot be written/
Table 2-10. Slot 9 Configuration Information
Slot Configuration Value Description of Enabled Features
9 Key: AES Key
  • Slot can store up to four AES 128-bit symmetric keys
Slot:
  • Clear text writes are allowed to this slot
  • This slot is secret
  • Slot cannot be used for the CheckMac Copy command
Table 2-11. Slot 10 Configuration Information
Slot Configuration Value Description of Enabled Features
10 Option 1: Permanently Locked
Key: Device Compressed Certificate
  • Slot defined to store other data
Slot:
  • Data cannot be overwritten
  • Data can be read in the clear

Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
Key:
  • All features as shown in Option 1
  • Slot is lockable
Slot:
  • Same as Option 1 except the slot can be written
Table 2-12. Slot 11 Configuration Information
Slot Configuration Value Description of Enabled Features
11 Option 1: Permanently Locked
Key: Signer Public Key
  • Slot is defined for ECC key
  • ECC key is a public key
Slot:
  • Data cannot be overwritten
  • Data can be read in the clear

Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
Key:
  • All features as shown in Option 1
  • Slot is lockable
Slot:
  • Same as Option 1 except the slot can be written
Table 2-13. Slot 12 Configuration Information
Slot Configuration Value Description of Enabled Features
12 Option 1: Permanently Locked
Key: Signer Compressed Certificate
  • Slot defined to store other data
Slot:
  • Data cannot be overwritten
  • Data can be read in the clear

Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
Key:
  • All features as shown in Option 1
  • Slot is lockable
Slot:
  • Same as Optoin 1 except the slot can be written
Table 2-14. Slot 13 Configuration Information
Slot Configuration Value Description of Enabled Features
13 Option 1: Slot Lockable
Key: Parent Public Key or General Data
  • Slot is defined for ECC key
  • Slot is lockable
Slot:
  • Slot can be written in the clear (unless locked)
  • Slot can always be read
Option 2: Permanently Locked
Key:
  • Same as Option 1 except the slot is permanently locked
Slot:
  • Same as Option 1 except the slot cannot be written
Important: If Slot 13 is configured as a Parent Public Key, in general it must be set to a Permanent Key and must not be updatable. For general data, either option can be selected.
Table 2-15. Slot 14 Configuration Information
Slot Configuration Value Description of Enabled Features
14 Key: Validated Public Key
  • Slot is defined for ECC key
  • Public key can be used by the Verify command if the key has been validated
Slot:
  • Write mode set to PubInvalid
  • Can write to slot if key is invalidated first
  • Slot can always be read in the clear
Table 2-16. Slot 15 Configuration Information
Slot Configuration Value Description of Enabled Features
15 Option 1: Slot is Lockable
Key: Secure Boot Public Key
  • Slot is defined for ECC key
  • Slot is lockable
Slot:
  • Always writable unless locked
  • Slot can always be read
Option 2: Permanently Locked
Key:
  • Same as Option 1 except the slot is permanently locked
Slot:
  • Same as Option 1 except the slot cannot be written