The ATECC608A-TFLXTLS has 16 slots that are configured for different use cases. Below is a summary of those slots with their configuration and proposed uses for the ATECC608A-TFLXTLS:
| Slot | Use Case | Description | Primary Configuration |
|---|---|---|---|
| 0 | Primary private key | Primary authentication key. | Permanent, Ext Sign, ECDH |
| 1 | Internal sign private key | Private key that can only be used to attest to the internal keys and state of the device. It cannot be used to sign arbitrary messages. | Permanent, Int Sign |
| 2 | Secondary private key 1 | Secondary private key for other uses. | Updatable, Ext Sign, ECDH, Lockable |
| 3 | Secondary private key 2 | Secondary private key for other uses. | Updatable, Ext Sign, ECDH, Lockable |
| 4 | Secondary private key 3 | Secondary private key for other uses. | Updatable, Ext Sign, ECDH, Lockable |
| 5 | Secret key | Storage for a secret key. | No Read, Encrypted write (6), Lockable, AES key |
| 6 | IO protection key | Key used to protect the I2C bus communication (IO) of certain commands. Requires setup before use. | No read, Always write, Lockable |
| 7 | Secure boot digest | Storage location for secure boot digest. This is an internal function, so no reads or writes are enabled. | No read, No write |
| 8 | General data | General purpose data storage (416 bytes). | Clear read, Always write, Lockable |
| 9 | AES key | Intermediate key storage for ECDH and KDF output. | No read, Always write, AES key |
| 10 | Device compressed certificate | Certificate primary public key in the CryptoAuthentication™ compressed format. | Clear read, No write or writable depending on access policies set. |
| 11 | Signer public key | Public key for the CA (signer) that signed the device cert. | Clear read, No write or writable depending on access policies set. |
| 12 | Signer compressed certificate | Certificate for the CA (signer) certificate for the device certificate in the CryptoAuthentication™ compressed format. | Clear read, No write or writable depending on access policies set. |
| 13 | Parent public key or general data | Parent public key for validating/invalidating the validated public key. It can also be used just as a public key or general data storage (72 bytes). | Clear read, Always write, Lockable |
| 14 | Validated public key | Validated public key cannot be used
(Verify command) or changed without authorization
via the parent public key. |
Clear read, Writable after being invalidated, Validated using key in Slot 13 |
| 15 | Secure boot public key | Secure boot public key. | Clear read, Always write, Lockable |