4.2.3 SecureBoot Command

The SecureBoot command provides support for secure boot of an external MCU or MPU. The general approach is that the boot code within the system will use the ECC608-TFLXWPC to assist in validating the application code that is to be subsequently executed. The ECC608-TFLXWPC device is configured to operate in the SecureBoot, Stored Digest mode. The digest will be stored in Slot 7 and the public key required to verify the SecureBoot is stored in Slot 15. The device can optionally be configured to use the persistent latch. Depending on the option selected, the SecureBoot may or may not be tied to power-up. See Secure Boot Option.

In lieu of a return code, a MAC can optionally be generated from a nonce written to TempKey, the IO protection secret and various other data, dependent upon the mode of the command, to prevent tampering with the wire between the host and the ECC608-TFLXWPC.