7 Appendix C: Device Provisioning

For SAM9X60 MPUs in Secure Boot mode, device provisioning involves initializing the device with keying material needed throughout its lifecycle. This process establishes the device’s Root of Trust, ensuring that the ROM code will boot only signed and ciphered code.

In Secure Boot mode, provisioning typically includes writing cryptographic keys and certificate hashes into the device’s OTP memory matrix. These are then used by the ROM code for authentication and decryption of the second-stage boot loader or embedded application.

The provisioning process should be carried out using programming tools like SAM-BA. Once provisioned, access to the provisioning interface must be locked to prevent tampering. See Locking the Secure Boot Mode Configuration and Locking Secure Boot Mode for details. The SAM9X60 MPU can then operate as a hardware Root of Trust — protecting firmware and data against unauthorized modification or disclosure.