The ECC608-TMNGTLS slot access policies for each data slot are completely configured. Each slot has a designated purpose. In most cases, all slots are required for proper operation and security for a given use case. The slots are divided into K-slots, which are primarily used by Kudelski as part of the keySTREAM SaaS operational environment. The C-slots are for specific use by the customer.
Slot Locking Options
Slot locking options are called out for each individual slot and will be one of two types.
- Slot Lockable
- A slot that has the slot lock option set allows for the end user to lock the slot at some point in the future after the initial manufacturing phase. This can be used to allow for a key or data to be set during a subsequent manufacturing step outside of Microchip or by the end user. The slot can be locked using the
Lock command. Once the slot is locked, no future modifications to the data in the slot are possible. - Permanent Lock
- A permanently locked slot cannot be updated once it leaves the Microchip manufacturing facilities. The correct data or key must be provided to Microchip prior to the provisioning of these devices.
Detailed Slot Configurations
The following tables provide a more detailed description of the slot configuration and key configuration settings for each configured slot on the device. Relevant information for the key and slot configuration are provided as part of the Description of Enabled Features. The specific key type is shown in () after the key name. Key Type Descriptions can be found in the ECC608-TMNGTLS Slot Configuration Summary.
Table 3-3. Slot 0: Device Identity Key (P)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 0 | Key: | | - Contains the P256 NIST ECC private key.
- The private key can be generated.
- The Public Key can be generated from the private key.
- Random nonce is required before commands are run.
- Slot can be individually locked.
|
| Slot: | | - Slot is secret.
- Can be used to sign external messages.
- Can be used to generate a session key with
ECDH command.
|
Table 3-4. Slot 1: Attestation Key (K)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 1 | Key: | | - Contains P256 NIST ECC private key.
- Key is written at time of provisioning.
- The corresponding public key can never be generated.
|
| Slot: | | - Slot is secret.
- Can sign messages internally generated by the GenDig or GenKey command.
|
Table 3-5. Slot 2: Seal Identity ID (K)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 2 | Key: | | - Contains data used to identify the user and will contain the device profile UID.
- Slot can be individually locked.
|
| Slot: | | - Clear text reads are always permitted.
- Clear text writes are always permitted.
|
Table 3-6. Slot 3: Asymmetric Key (K)Note: This slot is only for use only by Kudelski IoT.
| Slot | Configuration Value | Description of Enabled Features |
|---|
| 3 | Key: | | - Contains P256 NIST ECC private key.
- The corresponding public key can always be generated.
- Random nonce is required.
- Slot can be individually locked.
|
| Slot: | | - GenKey can be used to generate a new ECC private key in this slot prior to locking.
- Slot is secret.
- Can sign external messages.
- Can be used to generate a session key with
ECDH command.
|
Table 3-7. Slot 4: Symmetric Key (K)Note: This slot is only for use only by Kudelski IoT.
| Slot | Configuration Value | Description of Enabled Features |
|---|
| 4 | Key: | | - Slot will contain an AES session key.
- Slot holds the output of the ECDH command using the key stored in Slot 3.
- Slot is not individually lockable.
|
| Slot: | | - Slot is secret and cannot be read.
- Slot can be directly written.
|
Table 3-8. Slot 5: Symmetric Key for In-field Provisioning (R)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 5 | Key: | | - Contains an AES Key.
- A random nonce is always required.
|
| Slot: | | - Contents are secret and can never be read.
- Encrypted data can be written to this slot using the key in Slot 6.
- Encrypted write requires a MAC.
|
Table 3-9. Slot 6: Encrypt Write Key (R)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 6 | Key: | | - Contains a key for encrypting data.
- A random nonce is required when this key is used.
- This slot is permanently locked.
|
| Slot: | | - Reads are not permitted from this slot.
- Writes are never permitted to this slot.
|
Table 3-10. Slot 7: IO Protection Key (C)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 7 | Key: | | - Contains a key for encrypting I/O data.
- A random nonce is required prior to using this key.
- Slot can be individually locked.
|
| Slot: | | - This slot cannot be read.
- Clear text writes are permitted to this slot.
|
CAUTION: In general, the I/O protection key stored in Slot 7 must be left to be Slot Lockable. In most cases, the I/O protection key is often unique to each device. If, for some use case, the I/O protection key is the same for all devices, a Permanent Lock Option can be selected.
Table 3-11. Slot 8: keySTREAM™ SaaS Onboarding Data (K)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 8 | Key: | | - Data slot reserved for use by Kudelski to onboard customers.
- Slot is lockable.
|
| Slot: | | - Clear text reads are permitted from this slot.
- Clear Text Writes are allowed to this slot if not locked.
|
Table 3-12. Slot 9: Symmetric Key| Slot | Configuration Value | Description of Enabled Features |
|---|
| 9 | Key: | | - Slot can store up to four AES 128-bit symmetric keys.
|
| Slot: | | - Slot is secret and Keys can not be read.
- Clear text writes are allowed to this slot.
|
Table 3-13. Slot 10: Device Compressed Certificate (P)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 10 | Key: | | - Slot defined to store other data.
- Slot can be individually locked.
|
| Slot: | | - Data can always be read in the clear.
- Data can be written in the clear unless slot is locked.
|
Table 3-14. Slot 11: Signer Public Key (P)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 11 | Key: | | - P256 NIST ECC Public key associated with Signer Certificate stored in this slot.
- Slot can be locked.
|
| Slot: | | - Data can always be read in the clear.
- Data can be written in the clear unless the slot is locked.
|
Table 3-15. Slot 12: Signer Compressed Certificate (P)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 12 | Key: | | - Slot defined to store other data.
- Slot can be individually locked.
|
| Slot: | | - Data can always be read in the clear.
- Data can be written in the clear unless the slot is locked.
|
Table 3-16. Slot 13: Secure Boot Digest (P)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 13 | Key: | | - Slot is defined to hold the Secure Boot Digest.
- Slot cannot be individually locked.
|
| Slot: | | - Data cannot be read from this slot.
- Data cannot be directly written to the slot. The Digest can be stored using the Secure Boot command.
|
Table 3-17. Slot 14: Public Key for in-field programming. (R)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 14 | Key: | | - P256 NIST ECC customer Public key associated for use in in-field programming.
- Slot is unlocked at time of provisioning.
|
| Slot: | | - Data can always be read in the clear.
- Data can be written to the slot using an encrypted write using the key in Slot 6.
- Encrypted write must include a MAC.
|
Table 3-18. Slot 15: Secure Boot Public key or C-Data (P)| Slot | Configuration Value | Description of Enabled Features |
|---|
| 15 | Key: | | - P256 NIST ECC customer Public key for validating secure boot operation with the Verify command.
- Slot can be individually locked.
|
| Slot: | | - Data can always be read in the clear.
- Data can be written in the clear unless the slot is locked.
|
