The
ECC608-TFLXWPC default configuration for WPC uses
only the information associated with WPC Slot 0. All information in the device slots
associated with WPC Slot 0 is mandatory as part of the authentication procedure or
certificate chain, with the exception of the WPC Slot 0 digest stored in Slot 3.
Attention: Check with Microchip
prior to using features beyond the default WPC Slot 0 configuration as not all
features are initially implemented in the provisioning systems.
The
ECC608-TFLXWPC provides flexibility in two
areas.
- Whether slots are permanently
locked or slot lockable.
- Whether secure boot is
connected to keys and the persistent latch.
Slot Locking Options
Slot locking options are called out for each individual slot and will be one of two
types:
- Slot Lockable
- A slot that has the slot lock option set allows the end user to lock the
slot at some point in the future after the initial manufacturing phase. This
can be used to allow for a key to be set during a subsequent manufacturing
step outside of Microchip or by the end user. The slot can be locked using
the
Lock command. Once the slot is locked, no future
modifications to the data in the slot is possible.
- Permanent Lock
- A permanently locked slot can never be updated once it leaves the Microchip
manufacturing facilities. The correct data or key must be provided to
Microchip prior to the provisioning of these devices.
Secure Boot Option
The secure boot access policies provide an option to limit what commands are run
prior to a successful secure boot or to provide unlimited command access. The ECC
private keys in Slot 0, 1 and 2 may be set to require a secure boot before these
keys are authorized for use for most commands. To use this feature, a change to the
secure boot configuration settings and to the key configuration values is required.
These configuration changes will set the persistent latch upon a successful secure
boot. The slot access policy changes for Slot 0 tie use of the key to the persistent
latch being set.
Persistent Latch Operation
The persistent latch will retain its state even during Idle and Sleep modes. This
allows for a single secure boot operation to be run only once after initial
power-up. If the device supply voltage goes below the minimum allowed value, the
persistent latch will be reset and a new secure boot operation will need to be
performed.
Prototype Units
Prototype units come with a specific default
configuration that cannot be changed. The default configuration has all the Slots’
options set to Slot Lockable. This provides maximum flexibility when developing
software to reprogram keys by an application. The final configuration does not need
to be set this way. The secure boot option is not available with the prototype
units. This option can only be selected for production units. Prototype units are
only available with an I2C interface.
Detailed Slot
Configurations
The following tables provide a more detailed description of the slot configuration
and key configuration settings for each configured slot on the device. Relevant
commands and command modes applicable to each configured slot are included. The table provides all allowed key and slot
configuration values available for the ECC608-TFLXWPC device on a slot by slot basis.
Table 3-6. Slot 0 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 0 |
Option 1: Not Connected
to Persistent Latch |
|
Key: |
|
WPC Slot 0 ECC Private Key
- Contains
P-256 NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
|
| Slot: |
|
- Slot is
secret
- Can sign
external messages
|
| Option 2: Connected to Persistent
Latch |
| Key: |
|
Same as above plus:
- Secure boot
must be run before this key can be used
|
| Slot: |
|
Same as above |
Table 3-7. Slot 1 Configuration
Information
| Slot |
Configuration Value |
Description of Enabled
Features |
| 1 |
Option 1: Not Connected
to Persistent Latch |
|
Key: |
|
WPC Slot 1 ECC Private Key
- Contains
P-256 NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
|
| Slot: |
|
- Slot is
secret
- Can sign
external messages
|
| Option 2: Connected to Persistent
Latch |
| Key: |
|
Same as above plus:
- Secure boot
must be run before this key can be used
|
| Slot: |
|
Same as above |
Table 3-8. Slot 2 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 2 |
Option 1: Not
Connected to Persistent Latch |
|
Key: |
|
TLS Session Private Key
- Contains
P-256 NIST ECC private key
- The
corresponding public key can always be generated
- Random nonce
is required
|
| Slot: |
|
- Slot is
secret
- Can sign
external messages
- Can use with
ECDH command
|
| Option 2:
Connected to Persistent Latch |
| Key: |
|
- Same as
Option 1
- Persistent
Disable Option Enabled
|
| Slot: |
|
|
Table 3-9. Slot 3 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 3 |
Option 1:
Permanently Locked |
|
Key: |
|
WPC Slot 0 Digest
- Contains
32-byte digest of WPC Slot 0 certificate chain
- This slot is
permanently locked
|
| Slot: |
|
- Can always be
read in the clear
- Permanent
|
| Option 2:
Slot Lockable and Writable |
| Key: |
|
|
| Slot: |
|
- Slot can be
written in the clear
- Slot can
always be read
|
Table 3-10. Slot 4 Configuration Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 4 |
Option 1: Permanent
Data |
|
Key: |
|
WPC Slot Other Data
- Used to store
WPC Slot 0 other data
- Slot is
permanent
|
| Slot: |
|
- Can always be
read in the clear
- Permanent
|
| Option 2:
Slot Lockable and Writable |
| Key: |
|
- Used to store
WPC Slot 0 other data
- Slot is
writable
|
| Slot: |
|
- Can always be
read in the clear
- Slot can be
locked
|
Table 3-11. Slot 5 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 5 |
Option 1: Permanent
Data |
|
Key: |
|
WPC Slot 0 Other Data (Cont)
- Used to store
WPC Slot 0 other data
- Slot is
permanent
|
| Slot: |
|
- Can always be
read in the clear
- Permanent
|
| Option 2:
Slot Lockable and Writable |
| Key: |
|
- Used to store
WPC Slot 0 other data
- Slot is
writable
|
| Slot: |
|
- Can always be
read in the clear
- Slot can be
locked
|
Table 3-12. Slot 6 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 6 |
Option 1: Slot is
Lockable |
|
Key: |
|
I/O Protection Key
- Can contain a
SHA-256 symmetric key or other data. If the I/O protection
key is not used, this slot can be used for other data.
- A random
nonce is required when this key is used
- This slot can
be individually locked
|
| Slot: |
|
- Data can be
written in the clear
- The contents
of this slot are secret and cannot be read
- Slot cannot
be used for the
CheckMac Copy command
|
| Option 2:
Permanent Lock |
| Key: |
|
- Same as
Option 1 except the slot is permanently locked
|
| Slot: |
|
- Same as
Option 1 except the slot cannot be written
|
Important: In general, the I/O protection key stored in Slot 6
must be left to be slot lockable. In most cases, the I/O protection key is often
unique to each device. If for some use case the I/O protection key is the same for
all devices, a Permanent Lock option can be selected.
Table 3-13. Slot 7 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 7 |
Key: |
|
Secure Boot Digest
- This slot is
designated to be used for other data
|
| Slot: |
|
- This slot
cannot be directly written or read
- This slot is
secret and cannot be used by the
MAC
command
- This slot
cannot be used for
CheckMac Copy
command
|
Table 3-14. Slot 8 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 8 |
Option 1: Slot
Lockable |
|
Key: |
|
WPC Slot 1 Data
- This slot is
designated for WPC Slot 1 data
- Slot is
lockable
|
|
Slot: |
|
- Clear text
writes and reads are permitted to this slot
- Slot cannot
be used for the
CheckMac Copy command
|
|
Option 2:
Permanent Lock |
|
Key: |
|
- Same as
Option 1 except the slot is permanently locked
|
|
Slot: |
|
- Same as
Option 1 except the slot cannot be written
|
Table 3-15. Slot 9 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 9 |
Option 1: Permanently
Locked |
|
Key: |
|
WPC Slot 0 Public Key
- Slot is
defined for ECC key
- ECC key is a
public key
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
|
Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
|
| Key: |
|
- All features
as shown in Option 1
- Slot is
lockable
|
| Slot: |
|
- Same as
Option 1 except the slot can be written
|
Table 3-16. Slot 10 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 10 |
Option 1: Permanently
Locked |
|
Key: |
|
Device Compressed Certificate
- Slot defined
to store other data
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
|
Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
|
| Key: |
|
- All features
as shown in Option 1
- Slot is
lockable
|
| Slot: |
|
- Same as
Option 1 except the slot can be written
|
Table 3-17. Slot 11 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 11 |
Option 1: Permanently
Locked |
|
Key: |
|
Signer Public Key
- Slot is
defined for ECC key
- ECC key is a
public key
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
|
Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
|
| Key: |
|
- All features
as shown in Option 1
- Slot is
lockable
|
| Slot: |
|
- Same as
Option 1 except the slot can be written
|
Table 3-18. Slot 12 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 12 |
Option 1: Permanently
Locked |
|
Key: |
|
Signer Compressed Certificate
- Slot defined
to store other data
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
|
Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
|
| Key: |
|
- All features
as shown in Option 1
- Slot is
lockable
|
| Slot: |
|
- Same as
Option 1 except the slot can be written
|
Table 3-19. Slot 13 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 13 |
Option 1: Permanently
Locked |
|
Key: |
|
WPC Slot 0 Device Compressed Certificate
- Slot defined
to store other data
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
|
Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
|
| Key: |
|
- All features
as shown in Option 1
- Slot is
lockable
|
| Slot: |
|
- Same as
Option 1 except the slot can be written
|
Table 3-20. Slot 14 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 14 |
Option 1: Permanently
Locked |
|
Key: |
|
WPC Slot 0 MFG Compressed Certificate
- Slot defined
to store other data
|
| Slot: |
|
- Data cannot
be overwritten
- Data can be
read in the clear
|
|
Option 2: Slot Lockable
Note: This Configuration is Used for Prototype Units
|
| Key: |
|
- All features
as shown in Option 1
- Slot is
lockable
|
| Slot: |
|
- Same as
Option 1 except the slot can be written
|
Table 3-21. Slot 15 Configuration
Information
| Slot |
Configuration
Value |
Description of Enabled Features |
| 15 |
Option 1: Slot is
Lockable |
|
Key: |
|
Secure Boot Public Key
- Slot is
defined for ECC key
- Slot is
lockable
|
| Slot: |
|
- Always
writable unless locked
- Slot can
always be read
|
| Option 2:
Permanently Locked |
| Key: |
|
- Same as
Option 1 except the slot is permanently locked
|
| Slot: |
|
- Same as
Option 1 except the slot cannot be written
|
