Skip to content

SecureBoot Features

Jump to bottom
KalyanCManukonda edited this page Jan 24, 2019 · 1 revision

The ATECC608A provides a mechanism to support secure boot operations in a connected MCU. On power-up, the boot code within the host MCU sends the code digest and the appropriate signature to the ATECC608A device. Then, ATECC608A validates the digest by using the public key stored in the device.

If the code to be validated at boot is relatively small, then the Secure Hash Algorithm (SHA) computation engine can be used to calculate the code digest by sending the code bytes to ATECC608A.

The ATECC608A SecureBoot feature provides options for speed optimization and wire protection.

Speed Optimization

The ATECC608A SecureBoot feature includes the option to store the signature and/or the digest within the protected boundary of ATECC608A, in order to reduce the execution time. The signature and/or digest can be updated through a mode switch on the normal secure boot command, which verifies the signature and stores the signature/digest in a designated slot. Storing the signature reduces the boot time by limiting the size of the IO block that needs to be sent to the ATECC608A.

If the digest is stored, then the ATECC608A device does only a digest comparison between the host code digest in the input array and the stored digest in the designated slot. This reduces the boot time by eliminating the computation delay for the ECC verification.

Wire Protection

In some applications, it may be necessary to protect the system against an adversary who might cut the wire(s) between the ATECC608A device and the host MCU, in order to replace the results of the Verify operation with a fraudulent “success” signal. If this scenario is indicated by the mode parameter of the SecureBoot command, the input code digest can be encrypted via an XOR of the code digest, with a digest of a nonce and the IO protection secret.

Configurations and Commands

ATECC608A configuration zone controls the operation of the SecureBoot functionality of the device. In general, the SecureBoot command makes use of these configuration bits to ensure that the proper sequences are executed.

The SecureBoot feature can be configured for 3 modes of operation:

  1. Full Secure Boot(FullBoth): both the digest and the signature are transferred to the ATECC608A device.
  2. Stored Secure Boot (FullSig): the signature is stored and the digest is verified with the ECC Verify function.
  3. Stored Secure Boot (FullDig): the digest is stored and will be compared without ECC verification.

The SecureBoot command enables 3 modes of operation:

  1. Full: both the digest and the signature are sent to ATECC608A. The digest is verified using the signature and the public key.
  2. FullStore: the digest will be sent to the ATECC608A device. The digest is verified using the signature OR the digest is stored in the device.
  3. FullCopy: this command is identical to the Full command, except digest/signature is copied to the device only on successful validation.
  1. Home
  2. ATECC608A Applications
  3. SecureBoot Features
  4. SAM-BA Monitor
  5. Software Implementation
    1. Using SAM-BA Monitor Application
    2. Running SAM-BA
  6. Running the Example Application
    1. Building and Downloading the SAM-BA Monitor Application
    2. Building and Downloading the User Application
    3. Provisioning the ATECC608A Device
    4. Binding the Target Board to the ATECC608A Device
    5. Verifying the SecureBoot Feature
  7. Porting to other Bootloaders
Clone this wiki locally