3.2.3 ATECC608C-TFLXTLS Slot Configuration Summary

The ATECC608C-TFLXTLS has 16 slots that are configured for different use cases. Below is a summary of those slots with their configuration and proposed uses for the ATECC608C-TFLXTLS:

SlotUse CaseDescriptionPrimary Configuration
0Primary private keyPrimary authentication key.Permanent, Ext Sign, ECDH
1Internal sign private keyPrivate key that can only be used to attest to the internal keys and state of the device. It cannot be used to sign arbitrary messages.Permanent, Int Sign
2Secondary private key 1Secondary private key for other uses.Updatable, Ext Sign, ECDH, Lockable
3Secondary private key 2Secondary private key for other uses. Updatable, Ext Sign, ECDH, Lockable
4Secondary private key 3Secondary private key for other uses. Updatable, Ext Sign, ECDH, Lockable
5Secret keyStorage for a secret key.No Read, Encrypted write (6), Lockable, AES key
6IO protection key Key used to protect the I2C bus communication (IO) of certain commands. Requires setup before use. No read, Always write, Lockable
7Secure boot digest Storage location for secure boot digest. This is an internal function, so no reads or writes are enabled.No read, No write
8General dataGeneral purpose data storage (416 bytes).Clear read, Always write, Lockable
9AES keyIntermediate key storage for ECDH and KDF output.No read, Always write, AES key
10Device compressed certificateCertificate primary public key in the CryptoAuthentication compressed format.Clear read, No write or writable depending on access policies set.
11Signer public keyPublic key for the CA (signer) that signed the device cert.Clear read, No write or writable depending on access policies set.
12Signer compressed certificateCertificate for the CA (signer) certificate for the device certificate in the CryptoAuthentication compressed format.Clear read, No write or writable depending on access policies set.
13Parent public key or general dataParent public key for validating/invalidating the validated public key. It can also be used just as a public key or general data storage (72 bytes).Clear read, Always write, Lockable
14Validated public keyValidated public key cannot be used (Verify command) or changed without authorization via the parent public key.Clear read, Writable after being invalidated, Validated using key in Slot 13
15Secure boot public keySecure boot public key.Clear read, Always write, Lockable