Security Features

On-Chip Secure Boot Flash Configurable as an Immutable Root-of-Trust
- Parts of the Flash memory can be configured as OTP
Capable of:
- Secure boot support: Validation of host code image and host code signature validation
- Secure update support for host code: Secure encryption key storage and image decryption
- X.509 certification storage, parsing, validation and revocation, supporting both ECC and RSA
128-bit Unique Device Serial Number for Identification (UUID)
Support for Secure Use Cases:
- Secure boot
- Key Storage in IRT/Immutable secure boot region for realizing:
  - Secure boot
  - Secure firmware update
  - Secure debug
Flash Protection
- Configuration of up to eight Flash protection regions across ranges of Flash addresses
- Regions can be configured as:
  - Immutable Root-of-Trust (IRT)
  - OTP region
  - A combination of R/W/X protections
- Regions can be:
  - Made permanent
  - Locked until device Reset
  - Enabled/disabled during code execution
- Flash protection regions can apply to the active partition, the inactive partition or both
Cryptographic Accelerator
- AES-128, AES-192 and AES-256: Fully compliant with NIST FIPS 197
  - ECB, CBC, CFB, OFB, CTR, GCM, CCM, XTS and CMAC modes
- HASH/HMAC
  - SHA-1, SHA-256, SHA-224, SHA-384 and SHA-512 capability
- Public Key Cryptography: RSA, DSA and ECC
  - RSA with/without Chinese Remainder Theorem (CRT); up to a 4096-bit key length
  - DSA support up to a 2048-bit key length
  - ECDSA Sign/Verify with:
    - Prime field P-192, P-224, P-256, P-384, P-521
    - Binary field K-163, K-233, K-283, K-409, K-571
    - Binary field B-163, B-233, B-283, B-409, B-571
  - EdDSA with Edwards Curves
  - JPAKE and SRP-based password authenticated key exchange protocols
  - Rabin Miller primality test
  - Elliptic Curve Diffie Hellman (ECDH/ECDHE) key agreement
- NIST-800-22 and NIST-800-90B compliant True Random Number Generator (TRNG)
- Key generation compliant with NIST-800-133 and NIST-186-4
- CAVP certification capable