1.2 CryptoAuthentication Trust&GO vs. TrustMANAGER vs. TrustFLEX vs. TrustCUSTOM Files

The manifest files contain only public information related to the secure sub-system device, such as the serial number, certificates and public information for each slot. Depending on the configuration, the information in Trust&GO, TrustMANAGER, TrustFLEX and TrustCUSTOM files varies as follows:

Trust&GOTrustMANAGERTrustFLEXTrustCUSTOM
  • Slot 0 public key information (immutable)
  • Device and signer certificates signed by Microchip CA (immutable)
  • Slot 0 public key information (immutable)
  • Slot 0 public key information (immutable)
  • Device and signer certificates signed by Microchip or customer CA based on custom PKI selection
  • Slot 1-4 public key information
  • Slot 13-15 public key information
  • Custom information due to unique configuration

Certificate Slots in TrustFLEX Devices

When the user opts to create a custom certificate chain on a TrustFLEX secure sub-system device, the factory-provisioned certificates are overwritten. The Trust Platform Design Suite scripts/notebook provide the option to back up default certificates to a local folder before overwriting custom certificates on the device. However, if the board changes hands after provisioning, the new user will not have access to the backup certificates and will be unable to restore the factory defaults.