3.2.1.6 I/O Protection Key

The Verify, ECDH, SecureBoot and KDF commands can optionally use the I/O protection feature to encrypt some parameters and validate (via MAC) some responses. This is to help protect against man-in-the-middle attacks on the physical I²C bus. During Secure Boot, the I/O protection key can also be useful in preventing replay attacks. However, before this feature can be used, the MCU and ECC608-TMNGTLS need to generate and save a unique I/O protection key, essentially pairing the MCU and ECC608-TMNGTLS devices to each other. The pairing process must happen at the customer production facility.

I/O protection key generation:

1. MCU uses a random command to generate a random 32-byte I/O protection key.
2. MCU saves the I/O protection key in its internal Flash.
3. MCU writes the I/O protection key to the I/O protection key slot.
4. MCU slot locks that slot to make the I/O protection key permanent.

As a pairing check, the MCU could use the MAC command to issue a challenge to the I/O protection key and verify that the I/O protection key stored in Flash matches the one in the ECC608-TMNGTLS.