Secure State (LCS_SE)
The LCS_SE or secure state is the expected state for devices being delivered to final customers. In this LCS, all debug port is locked by default and application firmware must be authenticated prior to execution. Verification or authentication failures result in the device entering a failure state and no application being executed.
The only valid life cycle transition from this state is to LCS_RMA, which requires authentication from both the ICV and OEM RoTs.
LCS_SE to LCS_RMA and LCS_DM to LCS_RMA
The transition to LCS_RMA state follows the same process, whether it originates from LCS_DM or LCS_SE. This transition is handled after the devices have been manufactured, so the process is different from the provisioning processes outlined for previous LCS transitions. When transitioning to LCS_RMA, the expectation is that the device has an issue and must be returned to the manufacturer for fault analysis.
The device could be coming from the secure state, so its firmware might not be able to be updated; in such a case, some other mechanism needs to be employed to manage the transition. Since the debug port is likely to be locked, the transition can be handled via the introduction of special debug certificates that force the LCS transition instead of unlocking the device.
The return to RMA state requires acknowledgement from both possible RoTs in the system, so two debug certificates need to be loaded: one for the ICV RoT and one for the OEM RoT.
This transition is a multi-stage process:
- RMA Debug Enable certificates need to be generated for both ICV and OEM RoTs. These each contain a reference to the current LCS which must match the device LCS.
- For each RMA Debug Enable certificate, a new RMA Debug Developer certificate needs to be created.
- The OEM RMA Debug certificate needs to be loaded to the device, and the device then reset to allow the ROM to process the certificate.
- The ICV RMA Debug certificate needs to be loaded to the device, and the device then reset to allow the ROM to process the certificate.
- At this stage the device will boot into LCS_RMA on future resets.