2.1.1 SecureBoot Command
The SecureBoot command verifies the user application code
during booting. This command supports three modes:
- Full Mode:
- The signature and the digest are passed to the ATECC608B. The public key in the slot verifies
the sent signature and digest. The response may be a Boolean or a MAC, depending
on the
SecureBootcommand. - FullStore Mode:
- In FullStore mode, the digest or the signature is stored in the slot. If the digest is stored in the slot, it is sent to the device for verification. If the signature is stored in the slot, the digest is transmitted to the device, which verifies it with the stored signature and the public key.
- FullCopy Mode:
- This mode is run when the secure boot code updates the user application. Both the digest and the signature are sent to the device, which verifies them with the stored public key. Once the command is executed successfully, either the digest or the signature is copied to the slot, depending on the secure boot settings in the configuration zone.
In a scenario where wire(s) protection is needed, the command has the option to inform the device that the encrypted digest is sent. In this case, the digest is encrypted using the I/O protection key and TempKey. The value returned from the device is either the validating MAC or the status code based on the selection of the digest encryption. When the encrypted digest is sent, the MAC is returned from the device. The host also calculates the MAC using the I/O protection key, the nonce and the digest, and verifies the returned MAC. If the mode is FullStore Signature, the signature is also included for calculating the MAC, and the host verifies the returned MAC. The command has the option to prohibit the secure boot function until the next power cycle.