6.5.6.4.3 Challenge-Response

The standard protocol uses a challenge-and-response mechanism that supports both unlocked and authenticated commands: the host sends a command, and the device responds with STATUS_CHALLENGE. The device then sends 128 bits of challenge data and waits for the 256 bits of response data. The host then performs an HMAC to generate the response.

CAUTION: This challenge-response protocol (i.e., KeyVal = Authenticated) is not properly supported by the PIC32CM PL10 family: These devices do not check the response and always return a status of STATUS_CMD_VALID. They will send any challenge, and the host can therefore send any response.

When the command is set to Locked, the device responds with STATUS_ARG_INVALID. The device does not process the command any further, and it waits for another command.