Device Manufacture State (LCS_DM)
LCS_DM is defined as the device manufacture state, and is the only valid state after LCS_CM. In this state, the debug port is locked by default, and debug certificates must be provided to open the debug port. The use of debug certificates is explained in Secure RoT Resources.
It is expected in LCS_DM that the ICV Root of Trust has been programmed in the system. In this state, any application firmware being executed as part of the secure boot process must be validated and authenticated against the HBK0 identity. This state is not intended for delivery to end users. It is provided for performing initial application debugging and testing, and to allow initial provisioning of the Original Equipment Manufacturer (OEM) Root of Trust.
The act of provisioning the OEM data establishes the second Root of Trust in the system.
LCS_DM to LCS_SE Transition
This transition is very similar to the LCS_CM to LCS_DM transition and requires very similar data to be provided. In order to transition a device from LCS_DM to LCS_SE, specific information needs to be created and written to the NVM. Once this is done, the device is reset and powers up in LCS_SE. When the device has transitioned to LCS_SE, no further provisioning of the LCS_DM information is possible.
The following data items are required when provisioning the OEM data:
- HBK1: This is a 128-bit hash value generated by truncating a SHA-256 signature of an RSA public key.
- The RSA public key is used to authenticate the first key certificate in any authentication operations.
- The first key certificate is signed by the RSA private key corresponding to the public key.
- This use of an asymmetric key pair allows authentication of the key certificate provider as the owner of the key pair.
- Kcp: This is a 128-bit AES key, used when introducing secure assets to the device.
- A secure asset is any unit of data that has been encrypted using the AES key and is being provided for storage on the device in a secure manner.
- Kce: This is a 128-bit AES key, used when encrypting application data that needs to be decrypted to RAM prior to execution.
- RSL15 provides a mechanism to allow secure components of the system to be stored encrypted in flash,and then decrypted during the secure boot process.
In addition to these items, more flag information and consistency bits are written to the NVM during the provisioning process.