Microchip logo
Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

Secure Boot use case with ATECC608A

Why would you use a secure element for Secure Boot ?

Secure Boot
SECURE BOOT
Code
CODE
IP Protection
IP PROTECTION
Revenue Protection
REVENUE PROTECTION
Very often the intellectual property (IP) of an embedded product lives within the code of the microcontroller. In today's market place, it only takes a few weeks to extract that code despite the usage of traditional "code protect" features. At a moderate expense, many third party options are widely available on the internet who are capable to obtain HEX files from the microcontroller. This type of conterfeit puts in danger companies IP and could consequently lead to significant revenue loss or open various backdoors to malicious firmware.

Validate your application code with a trusted secure element

Secure Boot for small microcontrollers

trustedstorage
The ATECC608A offers a particularly interesting new set of features that enable secure boot capabilities to standard microcontrollers. Secure boot is now possible also for small and cost efficient micontrollers.
securebootboard
physical protection cryptography
The example illustrated in the application note available in the "Getting Started" tab, will walk you through a use case using the ATSAMD21 (Cortex-M0+) and the ATECC608A. Once the system is booting, the secure element that holds the public key will use it to verify the image digest of the code has been signed by the matching and genuine private key. The signing process of the application image happens during the manufacturing phase.
provisioning
With this type of implementation, the public key used in the example becomes truly immutable by benefiting of the anti-tampering protections the ATECC608A offers against possible physical attacks and side channel attacks.

20 Years of Experience in Secure Provisioning

Microchip is here all the way through

Trust cannot rely only on the device but also on the manufacturing process. Exploiting third party weaknesses is one of the top targets for hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can leave this burden to Microchip's secure factories and leverage our trusted provisioning service already used by thousands of companies.

prototype Prototype
  • Educate yourself about the secure boot use case using a secure element
  • Understand why private key isolation is vital to your design
  • Learn how to code with CryptoAuthLib library
  • Learn how to configure the memory zone and set your expected policies
personalize Personalize
  • Memory configuration is defined and locked
  • Your public/private key pair is decided
  • Secret Exchange with Microchip completed
  • The ATECC608A is setup with your customized part number
mass production Mass Production
  • All the provisioning – keys/certificates generation and manipulation is done within Microchip secure factories
  • Public key are protected and immutable in the ATECC608A
  • Elimination of any software or manufacturing backdoors
  • The device ships pre-provisioned with the secrets

Tools and Software

Firmware and provisioning script downloadable HERE

Buy the hardware to start with HERE

The user guide to get started is available HERE