We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

Why Would You Use a Secure Element for Secure Boot?


This solution is archived and will no longer be updated. We recommend that you use the TrustFLEX ATECC608A-TFLXTLS instead.

Very often the intellectual property (IP) of an embedded product lives within the code of the microcontroller. In today's market place, it only takes a few weeks to extract that code despite the usage of traditional "code protect" features. At a moderate expense, many third party options are widely available on the internet who are capable to obtain HEX files from the microcontroller. This type of conterfeit puts in danger companies IP and could consequently lead to significant revenue loss or open various backdoors to malicious firmware.

Secure Boot for Small Microcontrollers

Learn with Microchip how to implement a secure boot architecture on very small microcontrollers using the ATECC608A secure element. Keys are protected from users, factory operators and equipment as well as software. 

Validate Your Application Code with a Trusted Secure Element


Secure boot for small microcontrollers:

The ATECC608A offers a particularly interesting set of features that enable secure boot capabilities to standard microcontrollers. Secure boot is now possible also for small and cost-efficient micontrollers.

The example illustrated in the application note available in the "Getting Started" section will walk you through a use case using the SAM D21 Arm® Cortex®-M0+ based MCU and the ATECC608A. Once the system is booting, the secure element that holds the public key will use it to verify the image digest of the code has been signed by the matching and genuine private key. The signing process of the application image happens during the manufacturing phase.

With this type of implementation, the public key used in the example becomes truly immutable by benefiting of the anti-tampering protections the ATECC608A offers against possible physical attacks and side channel attacks.

20 Years of Experience in Secure Provisioning


Microchip is here the all way through.

Trust cannot rely only on the device but also on the manufacturing process. Exploiting third party weaknesses is one of the top targets for hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can leave this burden to Microchip's secure factories and leverage our trusted provisioning service already used by thousands of companies.

Prototype

  • Educate yourself about the secure boot use case using a secure element
  • Understand why private key isolation is vital to your design
  • Learn how to code with CryptoAuthLib library
  • Learn how to configure the memory zone and set your expected policies

Personalize

  • Memory configuration is defined and locked
  • Your public/private key pair is decided
  • Secret exchange with Microchip completed
  • The ATECC608A is setup with your customized part number

Mass Production

  • All the provisioning—keys/certificates generation and manipulation—is done within Microchip's secure factories
  • Public key are protected and immutable in the ATECC608A
  • Elimination of any software or manufacturing backdoors
  • The device ships pre-provisioned with the secrets

Secure Elements for Secure Boot


View All Parametrics
Product Status 5K Pricing Algorithm Type Zones Key Size Density Configuration RNG Unique ID Interface Type TempNo Range Min (deg C) TempNo Range Max (deg C) Operating Current Typical (mA) Operating Voltage Min (Vcc) Operating Voltage Max (Vcc) Secure Provisioning Service Standby Typical (uA) Packages
ATECC608A Not Recommended for new designs Consider: ATECC608B $0.50 ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Standard FIPS 72 bit serial number Single-wire; I2C -40 85 1 2 5.5 Yes 0.04 8/UDFN, 8/SOIC, 4/WLCSP
ATECC608A-TCSM Not Recommended for new designs Consider: ATECC608B-TCSM $0.84 ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Standard FIPS 72 bit serial number Single-wire; I2C -40 85 1 2 5.5 Yes 0.04 8/UDFN, 8/SOIC
ATECC608A-TFLXLORA Not Recommended for new designs Consider: ATECC608B-TNGLORA Call for pricing ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Pre-configured FIPS 72 bit serial number Single-wire; I2C -40 85 1 2 5.5 Yes 0.04 Please call for package information
ATECC608A-TFLXTLS Not Recommended for new designs Consider: ATECC608B-TFLXTLS $0.79 ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Pre-configured FIPS 72 bit serial number Single-wire; I2C -40 0 1 2 5.5 Yes 0.04 8/UDFN, 8/SOIC
ATECC608A-TNGACT Not Recommended for new designs Consider: ATECC608B-TNGACT $0.88 ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Pre-provisioned FIPS 72 bit serial number Single-wire; I2C -40 85 1 2 5.5 Yes 0.04 Please call for package information
ATECC608A-TNGLORA Not Recommended for new designs Consider: ATECC608B-TNGLORA $0.88 ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Pre-provisioned FIPS 72 bit serial number Single-wire; I2C -40 0 1 2 5.5 Yes 0.04 Please call for package information
ATECC608A-TNGTLS Not Recommended for new designs Consider: ATECC608B-TNGTLS $0.75 ECC P256 (ECDH and ECDSA), SHA256, AES-GCM 16 256 10.5Kb Pre-provisioned FIPS 72 bit serial number Single-wire; I2C -40 85 1 2 5.5 Yes 0.04 8/UDFN, 8/SOIC

Getting Started