7.1 Provisioning Customer Keys

The ROM code Secure Monitor for SAM9X60 supports basic commands to provision the device with customer keys. The customer symmetric key and initialization vector, used to encrypt the boot image or embedded application along with the symmetric key if the CMAC authentication mode is selected, are encrypted using a ROM code secret key. They form the “customer key message”. This message is used as a parameter in the customer key command from the ROM code Secure Monitor:

sam-ba -p secure –device sam9x60 -m write_customer_key:../src/data/cstm_key_msg_sam9x60.cip

Figure 7-1. Customer Keys Provisioning

This is all that needs to be done to provision the device if the CMAC authentication mode is selected.