Chip Manufacture State (LCS_CM)

LCS_CM is defined as the chip manufacture state, and is the default state when the NVM is empty. In this state, the debug port is open and firmware may be loaded to the board. There is no Root of Trust programmed in the system, so applications can not yet be authenticated against a known identity. However, it is possible to ensure that they are internally consistent and have not been corrupted.

This state has features very similar to the EH_STATE/LCS_EH, but has no facility to lock the debug port yet. It is not intended for delivery to end users; it is for performing initial application debugging and testing, and allows initial provisioning of the Initial Chip Vendor (ICV) Root of Trust.

The act of provisioning the ICV (Initial Chip Vendor) data establishes the first Root of Trust in the system.

LCS_CM to LCS_DM Transition

To transition a device from LCS_CM to LCS_DM, specific information needs to be created and written to the NVM. Once this data is written, the device powers up in the device manufacture state (LCS_DM), when the device is reset.

Once the device is transitioned to LCS_DM, no further provisioning of the LCS_CM information is possible.

The following data items are required when provisioning the ICV data:

  • HBK0: This is a 128-bit hash value generated by truncating to use the top 128 bits of a SHA-256 signature of an RSA public key.
    • The RSA public key is used to authenticate the first key certificate in any authentication operation.
    • The first key certificate is signed by the RSA private key corresponding to the public key.
    • This use of an asymmetric key pair allows authentication of the key certificate provider as the owner of the key pair.
  • Kpicv: This is a 128-bit AES key used when introducing secure assets to the device.
    • A secure asset is any unit of data that has been encrypted using the AES key and is being provided for storage on the device in a secure manner.
  • Kceicv: This is a 128-bit AES key, used when encrypting application data that needs to be decrypted to RAM  prior to execution.
    • RSL15 provides a mechanism to allow secure components of the system to be stored encrypted in flash, and then decrypted during the secure boot process.

In addition to these items, additional flag information and consistency bits are written to the NVM during the provisioning process.

The hardware unique key (HUK) is also calculated at this time, and stored in the NVM.

More details regarding these items are provided in Provisioning CM to DM.