Operational States
RSL15 can operate in a number of distinct states governed by the contents of internal status information stored in non-volatile memory.
A device manufacturer can choose how they wish the device to operate: in the energy harvesting state, which is a low-power less-secure state; or in the Root of Trust fully-secured state.
These two states have certain trade-offs which need to be accounted for in any design.
- Energy Harvesting State (EH_STATE)
- Fast power-up times
- Lower power operation
- Security hardware can be disabled if not required
- Ability to secure the device debug port using a 128-bit key
- Easier to configure and use
- Less secure implementation, but good enough for some applications
- RoT Secure State (ROT_STATE)
- Longer power-up times as more work needs to be done to validate and authenticate the firmware being executed
- Cryptographically secure Root of Trust embedded in hardware
- Potentially two independent Roots of Trust are available.
- Managed life cycle ensures that the devices, once secured, are protected.
- Manufacturing requires more configuration, and potentially more provisioning infrastructure
- Care must be taken to manage keys and certificates appropriately.
If you choose to release a product in energy harvesting state, take care to lock the device in that state. For RoT state, follow the proper flow to lock the device in that state. The EH_STATE locking procedure is described in Locking Process, and the RoT locking procedure is described in Secure Provisioning. Further information about releasing a device in EH_STATE is described in Device States.