Operational States

RSL15 can operate in a number of distinct states governed by the contents of internal status information stored in non-volatile memory.

A device manufacturer can choose how they wish the device to operate: in the energy harvesting state, which is a low-power less-secure state; or in the Root of Trust fully-secured state.

These two states have certain trade-offs which need to be accounted for in any design.

  • Energy Harvesting State (EH_STATE)
    • Fast power-up times
    • Lower power operation
    • Security hardware can be disabled if not required
    • Ability to secure the device debug port using a 128-bit key
    • Easier to configure and use
    • Less secure implementation, but good enough for some applications
  • RoT Secure State (ROT_STATE)
    • Longer power-up times as more work needs to be done to validate and authenticate the firmware being executed
    • Cryptographically secure Root of Trust embedded in hardware
    • Potentially two independent Roots of Trust are available.
    • Managed life cycle ensures that the devices, once secured, are protected.
    • Manufacturing requires more configuration, and potentially more provisioning infrastructure
    • Care must be taken to manage keys and certificates appropriately.

If you choose to release a product in energy harvesting state, take care to lock the device in that state. For RoT state, follow the proper flow to lock the device in that state. The EH_STATE locking procedure is described in Locking Process, and the RoT locking procedure is described in Secure Provisioning. Further information about releasing a device in EH_STATE is described in Device States.