ATSGA204A データシートの表示(PDF) - Microchip Technology
部品番号
コンポーネント説明
メーカー
ATSGA204A Datasheet PDF : 93 Pages
| |||
ATSHA204A
Device Organization
Table 2-7. Write Configuration Bits — Write Command
Bit 15 Bit 14 Bit 13
0
0
0
X
0
1
Mode
Name
Always
Never
Description
Clear text writes are always permitted on this slot. Slots set to “always” should
never be used as key storage. Either 4 or 32 bytes may be written to this slot.
Writes are never permitted on this slot using the Write command
Slots set to “never” can still be used as key storage.
1
0
X
Never
Writes are never permitted on this slot using the Write command
Slots set to “never” can still be used as key storage.
Writes to this slot require a properly computed MAC and the input data must
X
1
X
Encrypt
be encrypted by the system with WriteKey using the encryption algorithm
documented in the Write command description Section (8.5.18 Write
Command). 4-byte writes to this slot are prohibited.
The 4-bit WriteConfig field is interpreted by the Write command as shown in Table Write Configuration
Bits —Write Command, where X means don’t care.
The tables overlap. For example, a code of 0b0110 indicates that a slot can be written in encrypted form
by using the Write command and it can also be the target of an unauthorized DeriveKey command
with the target as the source.
The IsSecret bit controls internal circuitry necessary for proper security for slots in which reads and/or
writes must be encrypted or are prohibited altogether. It must also be set for all slots that are to be used
as keys, including those created or modified with DeriveKey. Specifically, to enable proper device
operation, this bit must be set unless WriteConfig is “Always”. 4-byte accesses are prohibited to/from slots
in which this bit is set.
Slots used to store key values should always have IsSecret set to one and EncryptRead set to zero
(reads prohibited) for maximum security. For fixed key values, WriteConfig should be set to “Never”.
When configured in this way, there is no way to read or write the key after the Data zone is locked. It may
only be used for crypto operations.
Some security policies require secrets to be updated from time to time. The ATSHA204A supports this
capability in the following way:
• WriteConfig for the particular slot should be set to “Encrypt” and SlotConfig.WriteKey should point
back to the same slot by setting WriteKey to the slot ID. A standard Write command can be then
used to write a new value to this slot provided that the authentication MAC is computed using the
old (current) key value.
2.1.2.15 Special Memory Values in the Configuration Zone (Bytes 0 – 12)
Various fixed information is included in the ATSHA204A that can never be written under any
circumstances and can always be read, regardless of the state of the lock bits.
• SerialNum
Nine bytes (SN<0:8>) which together form a unique value that is never repeated for any device in
the CryptoAuthentication family. The serial number is divided into two groups:
1.1. SN<0:1> and SN<8>
The values of these bits are fixed at manufacturing time in most versions of the
ATSHA204A. Their default value is (0x01 0x23 0xEE). These 24 bits are always included
in the SHA-256 computations made by the ATSHA204A.
© 2018 Microchip Technology Inc.
DS40002025A-page 14
Share Link: 