The Verify
, ECDH
, , and
KDF
commands can optionally use the I/O protection feature to
encrypt some parameters and validate (via MAC) some responses. This is to help protect
against man-in-the-middle attacks on the physical I2C bus. However, before
this feature can be used, the MCU and ATECC608A-TNGLoRaWAN need
to generate and save a unique I/O protection key, essentially pairing the MCU and ATECC608A-TNGLoRaWAN devices to each other. The pairing process
must happen on first boot.
I/O Protection Key Generation:
As a pairing check, the MCU could use the MAC
command to
issue a challenge to the I/O protection key and verify the I/O protection key stored in
Flash matches the one in the ATECC608A-TNGLoRaWAN.