Documentation of the configuration #44
Comments
|
Is the question about a specific configuration or configuring a device in general? The library provides APIs for the operations defined in the datasheets for the components. The API documentation is online: atcab_priv_write. The datasheets are the official documentation of product behavior; the datasheet for the ATECC508A section 9.14 says this about the PrivWrite command: The PrivWrite command is used to write externally generated ECC private keys into the device. Note: For best security, Microchip recommends that the PrivWrite command not be used, and that private keys be internally generated from the RNG using the GenKey(Create) command. The slot indicated by this command must be configured via KeyConfig.Private to contain an ECC private key, and SlotConfig.IsSecret must be set to one, or else this command will return an error. If the slot is individually locked using SlotLocked, then this command will also return an error. The private key data is always sent to the device as a 36 byte integer. It is passed to the device MSB first. The first four bytes (32 bits) should be zero. Prior to the data zone being locked, this command can be used to write the slot contents without regards to the SlotConfig value and/or the method by which TempKey was generated. The input data may or may not be encrypted based on the zone byte; if the input data is plain text then the MAC is ignored, but if it is encrypted then the MAC must be present and be properly computed. Prior to the configuration zone being locked, this command will always return an error. Once the Data zone is locked, the following is necessary for the write to complete:
KeyConfig.ReqRandom, KeyConfig.ReqAuth and KeyConfig.AuthKey are ignored by this command The library function will perform the proper steps per the datasheet when called. While this particular feature is available in the library as it is available in the device, the use of the function is often an indication that the target solution has not yet been evaluated for security as a complete system. For example the device can easily use a stored public key (that can made immutable) with ECDSA verify if that is the target solution (rather than having a common private key stored in all devices). The official product knowledge base is hosted on Microchip.com. The official channel for product support is via myMicrochip. Design support assistance can be obtained from your assigned FAE. If you don't have an FAE already you can reach out to the global design support team through myMicrochip as well. |
|
Thanks for your help! I just think there should be some examples in the library and maybe the exact location of all datasheets. Where do I find this kind of datasheet for the ATECC608A? I only have the short version and the references on the product page. |
|
@i7clock You may be interested in reviewing the comparison app note that details the differences between the 508 and 608 parts. The 608 is fully backwards compatible except for a few very rarely used features of the 508 and thus has the same behavior for common features. As the 608 summary datasheet notes the complete datasheet is under NDA currently so has to be requested through your sales channel. You can also submit a request via myMicrochip support if you don't currently have local sales support contacts. |
I couldn't find any information how exactly the configuration works and how I can use atcab_priv_write for example. Is there any information online? I think this should be part of the library since otherwise I don't know how to use parts of it.
Thanks and greetings,
i7clock
The text was updated successfully, but these errors were encountered: