1.1.5 I/O Protection Key

The ATECC608B provides a method to protect the I/O transmissions between this device and the host MCU for ECDH, KDF, Verify and Secure Boot commands. The I/O protection key is a randomly-generated secret key stored in the slot and is shared between the host MCU and the device.

For example, the premaster key generated from ECDH or the generated KDF key are encrypted by the I/O protection key. The encrypted key is sent to the host and the host decrypts it with the I/O protection key. In the secure boot and the signature verification process, a MAC is sent to the host to provide additional security. This MAC is generated by including the I/O protection key.

AN3539

1.1.5 I/O Protection Key