2.1 Boot ROM Features

The PIC32CM LS00/LS60 series incorporate a hardware or software cryptographic accelerator (CRYA) that facilitates Advanced Encryption Standard (AES) encryption and decryption, Secure Hash Algorithm 2 (SHA-256) authentication, and Galois Counter Mode (GCM) encryption and authentication through a suite of APIs.

The CRYA cryptographic accelerator is configured as a client on the IOBUS port and is controlled by the CPU through assembly code stored in the Boot ROM.

Advanced Encryption Standard (AES) adheres to the American Federal Information Processing Standard (FIPS) Publication 197 specification. AES processes data in 128-bit blocks. The key size for an AES cipher determines the number of transformation rounds required to convert the input plaintext into the final output, known as ciphertext. AES utilizes a symmetric-key algorithm, meaning the same key is employed for both encryption and decryption.

SHA-256 is a cryptographic hash function that generates a 256-bit hash from a data block, which is processed in 512-bit chunks.

Galois/Counter Mode (GCM) is an operational mode for AES that integrates the Counter (CTR) mode with an authentication hash function.