ATSHA204 ATMEL [ATMEL Corporation], ATSHA204 Datasheet - Page 9

ATSHA204

Manufacturer Part Number

ATSHA204

Description

Atmel CryptoAuthentication

Manufacturer

ATMEL [ATMEL Corporation]

Datasheet

1.ATSHA204.pdf (65 pages)

Available stocks

Company

Part Number

Manufacturer

Quantity

Price

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204-MAH-DA-T

Manufacturer:

NVIDIA

Quantity:

340

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204-SH-DA-B

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204-SH-DA-T

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204-TSU-T

Manufacturer:

EPSON

Quantity:

418

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204-TSU-T

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204A

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204A-MAHDA-T

Manufacturer:

Quantity:

20 000

Company:

H&T Electronics

Part Number:

ATSHA204A-MAHFD-T

Quantity:

14 270

Company:

H&T Electronics

Part Number:

ATSHA204A-MAHMF-S

Quantity:

2 973

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204A-SSHDA-B

Manufacturer:

ATMEL

Quantity:

3 450

Company:

BOSTOCK HK LIMITED

Part Number:

ATSHA204A-SSHDA-B

Manufacturer:

Quantity:

21 810

Company:

H&T Electronics

Part Number:

ATSHA204A-SSHDA-B

Quantity:

50 000

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204A-SSHDA-T

Manufacturer:

ATMEL

Quantity:

3 450

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204A-STUCZ-T

Manufacturer:

ATMEL

Quantity:

12 000

Company:

H&T Electronics

Part Number:

ATSHA204A-TSU-T

Quantity:

569

Company:

H&T Electronics

Part Number:

ATSHA204A-XHDA-T

Quantity:

3 360

Current page: 9 of 65
Download datasheet (2Mb)

2.1.1.2 Special Memory Values in the Config Zone (Bytes 0 – 12)

2.1.2

The IsSecret bit controls internal circuitry necessary for proper security for slots in which reads and/or writes must be

encrypted or are prohibited altogether. It must also be set for all slots that are to be used as keys, including those created or

modified with DeriveKey. Specifically, to enable proper device operation, this bit must be set unless WriteConfig is “always.”

4-byte accesses are prohibited to/from slots in which this bit is set.

Slots used to store key values should always have IsSecret set to one and EncryptRead set to zero (reads prohibited) for

maximum security. For fixed key values, WriteConfig should be set to “never.” When configured in this way, there is no way to

read or write the key after the data zone is locked – it may only be used for crypto operations.

Some security policies require that secrets be updated from time to time. The ATSHA204 supports this capability in the

following way: WriteConfig for the particular slot should be set to “Encrypt” and SlotConfig.WriteKey should point back to the

same slot by setting WriteKey to the slot ID. A standard Write command can be then used to write a new value to this slot

provided that the authentication MAC is computed using the old (current) key value.

Various fixed information is included in the ATSHA204 that can never be written under any circumstances and can always be

read, regardless of the state of the lock bits.

Device Locking

There are two separate lock states for the device:

These lock bits are stored within separate bytes in the configuration zone, and can be modified only through the Lock

command. After a memory zone is locked, there is no way to unlock it.

The device should be personalized at the system manufacturer with the desired configuration information, after which the

configuration zone should be locked. When this lock is complete, all necessary writes of public and secret information into the

EEPROM slots should be performed, using encrypted writes if appropriate. Upon completion of any writes, the data and OTP

sections should be locked. Contact Atmel for optional secure personalization services.

It is vital that the data and OTP sections be locked prior to release of the system containing the device into the field. Failure to

lock these zones may permit modification of any secret keys and may lead to other security problems.

Any attempt to read or write the data or OTP sections prior to locking the configuration section causes the device to return an

error.

•

SerialNum

RevNum

One to lock the configuration zone (controlled by LockConfig, byte 87)

Second to lock both the OTP and data zones (controlled by LockValue, byte 86)

Nine bytes (SN[0:8]) which together form a unique value that is never repeated for any device in the

CryptoAuthentication family. The serial number is divided into two groups:

Four bytes of information that are used by Atmel to provide manufacturing revision information. These bytes can be

freely read as RevNum[0:3], but should never be used by system software, as they may vary from time to time.

SN[0:1] and SN[8]

The values of these bits are fixed at manufacturing time in most versions of the Atmel ATSHA204. Their

default value is 0x01 23 EE. These 24 bits are always included in the SHA-256 computations made by the

Atmel ATSHA204.

SN[2:3] and SN[4:7]

The values of these bits are programmed by Atmel during the manufacturing process and are different for

every die. These 48 bits are optionally included in some SHA-256 computations made by the Atmel

ATSHA204.

Atmel ATSHA204 [DATASHEET]

8740D−CRYPTO−3/12

ATSHA204 ATMEL [ATMEL Corporation], ATSHA204 Datasheet - Page 9

ATSHA204

Available stocks

Related parts for ATSHA204