ROT_STATE Features

The ROT_STATE provides:

  • A managed life cycle for devices, ensuring that only specific functionality is available in each life cycle state (LCS)
    • Some features, such as debug access, are turned off by default in certain life cycle states.
    • If a feature is required in a specific LCS that has been disabled, it can be granted using cryptographically secure certificates.
  • A secure boot facility whereby any firmware being executed by the ROM must be cryptographically verified and authenticated
  • Secure debug facilities where the debug port can only be enabled via the use of cryptographically secure certificates
  • A secure storage area for assets that are used to control the LCS behavior, and includes such items as:
    •  
    • The RoT hash, provisioning key, and code encryption key are specific to each RoT in the system.
    • RSL15 supports two distinct Roots of Trust.
    • The Root of Trust (RoT) hash value, which allows for certificate authentication (HBK0/1)
    • The storage of provisioning keys, to allow secure assets to be introduced to the system (Kpicv/Kcp)
    • The storage of code encryption keys, allowing code to be decrypted from flash to RAM during the ROM startup (Kceicv/Kce)
    • The Hardware Unique Key (HUK), which is an identifier unique to each device
    • The SOC ID is an externally visible identifier that can be used to uniquely identify the device. This is a 128-bit value derived from other properties of the device. The SOC ID can be used in two different ways, depending on the device state.
  • A secure mechanism to introduce debug certificates to the system, and the ability to revoke their use
  • Anti-rollback measures to ensure older software cannot be executed on the device

The ROT_STATE cannot be revoked once a device has been transitioned into it. The device cannot be reverted back to EH_STATE.