Access Conditions to configuration & firmware update

Address : 02F0 (bank 2, register F0)

Size : 4 bytes

Default : 00000000

Content

Byte 0 : Master Cards and user interactions

Bit    Role Values
7 Load Factory Config button 0 : The Load Factory Config hardware button or sequence (if some) is enabled
1 : The Load Factory Config hardware button or sequence (if some) is disabled
6-4 RFU
3 Master cards access to ATECC 0 : Master cards may write (private) keys in the ATECC
1 : Master cards have no access to the ATECC
2 Master cards access to SAM AV 0 : Master cards may write (secret) keys in the SAM AV
1 : Master cards have no access to the SAM AV
1-0 Master cards activation options 0 : Master Cards are enabled without restriction
1 : Master Cards are enabled only during 2 seconds after power up
2 : RFU
3 : Master Cards are disabled

Byte 1 : Access Conditions for the Local (USB or Serial) host interface(s)

Remark : If the 'Limit sensitive instructions' bit is set in this byte, an authentication using HostCommAdminKey is required to

  • write all configuration registers

  • write (secret or private keys) in the Secure Elements

  • run the LOAD_FACTORY_CONFIG instruction

Bit    Role Values
7 Protect the firmware 0 : The firmware can be upgraded with no restriction through the Local host interface
1 : Authentication using HostCommAdminKey is required to upgrade the firmware
6 Limit sensitive instructions 0 : No restriction
1 : Authentication using HostCommAdminKey is required to run sensitive instructions
5-4 Configuration 0 : Full access (read/write)
1 : Write only
2 : Admin write only
3 : Locked
3 RFU
2 Makes the configuration always readable 0 : Enabled
1 : Disabled
1-0 Usage 0 : Free
1 : Authenticated
2 : Secure
3 : RFU

Byte 2 : Access Conditions for the Remote (BLE, network...) host interface(s)

Remark : If the 'Limit sensitive instructions' bit is set in this byte, an authentication using HostCommAdminKey is required to

  • write all configuration registers

  • write (secret or private keys) in the Secure Elements

  • run the LOAD_FACTORY_CONFIG instruction

Bit    Role Values
7 Protect the firmware 0 : The firmware can be upgraded with no restriction through the Remote host interface
1 : Authentication using HostCommAdminKey is required to upgrade the firmware
6 Limit sensitive instructions 0 : No restriction
1 : Authentication using HostCommAdminKey is required to run sensitive instructions
5-4 Configuration 0 : Full access (read/write)
1 : Write only
2 : Admin write only
3 : Locked
3 Disable Admin key 0 : Remote host can authenticate using HostCommAdminKey
1 : Authentication using HostCommAdminKey is forbidden
2 Disable User key 0 : Remote host can authenticate using HostCommUserKey
1 : Authentication using HostCommUserKey is forbidden
1-0 Usage 0 : Free
1 : Authenticated
2 : Secure
3 : RFU

Byte 3 : Access Conditions for the Remote console (Telnet)

Bit    Role Values
7-6 RFU
5-4 Configuration 0 : The configuration is readable and writable through the Remote console
1 : The configuration is only writable through the Remote console
2 : Authentication using Admin Password is required to gain write access to the configuration
3 : The configuration is locked (no read / no write over the Remote console)
3 Disable Admin password 0 : Remote user can authenticate using Admin Password
1 : Authentication using Admin Password is forbidden
2 Disable User password 0 : Remote user can authenticate using User Password
1 : Authentication using User Password is forbidden
1 RFU
0 Telnet access 0 : Telnet accces is enabled
1 : Telnet accces is disabled

Note