Non-volatile memory Configuration Security Access Conditions
March 25, 2024 at 8:46 AMAccess Conditions to configuration & firmware update
Address : 02F0 (bank 2, register F0)
Size : 4 bytes
Default : 00000000
Content
Byte 0 : Master Cards and user interactions
| Bit | Role | Values |
|---|---|---|
| 7 | Load Factory Config button | 0 : The Load Factory Config hardware button or sequence (if some) is enabled1 : The Load Factory Config hardware button or sequence (if some) is disabled |
| 6-4 | RFU | |
| 3 | Master Cards access to ATECC | 0 : Master Cards may write (private) keys in the ATECC1 : Master Cards have no access to the ATECC |
| 2 | Master Cards access to SAM AV | 0 : Master Cards may write (secret) keys in the SAM AV1 : Master Cards have no access to the SAM AV |
| 1-0 | Master Cards activation options | 0 : Master Cards are enabled without restriction1 : Master Cards are enabled only during 2 seconds after power up2 : RFU3 : Master Cards are disabled |
Byte 1 : Access Conditions for the Local (USB or Serial) host interface(s)
Remark : If the ‘Limit sensitive instructions’ bit is set in this byte, an authentication using HostCommAdminKey is required to
-
write all configuration registers
-
write (secret or private keys) in the Secure Elements
-
run the LOAD_FACTORY_CONFIG instruction
| Bit | Role | Values |
|---|---|---|
| 7 | Protect the firmware | 0 : The firmware can be upgraded with no restriction through the Local host interface1 : Authentication using HostCommAdminKey is required to upgrade the firmware |
| 6 | Limit sensitive instructions | 0 : No restriction1 : Authentication using HostCommAdminKey is required to run sensitive instructions |
| 5-4 | Configuration | 0 : Full access (read/write)1 : Write only2 : Admin write only3 : Locked |
| 3 | RFU | |
| 2 | Makes the configuration always readable | 0 : Enabled1 : Disabled |
| 1-0 | Usage | 0 : Free1 : Authenticated2 : Secure3 : RFU |
Byte 2 : Access Conditions for the Remote (BLE, network…) host interface(s)
Remark : If the ‘Limit sensitive instructions’ bit is set in this byte, an authentication using HostCommAdminKey is required to
-
write all configuration registers
-
write (secret or private keys) in the Secure Elements
-
run the LOAD_FACTORY_CONFIG instruction
| Bit | Role | Values |
|---|---|---|
| 7 | Protect the firmware | 0 : The firmware can be upgraded with no restriction through the Remote host interface1 : Authentication using HostCommAdminKey is required to upgrade the firmware |
| 6 | Limit sensitive instructions | 0 : No restriction1 : Authentication using HostCommAdminKey is required to run sensitive instructions |
| 5-4 | Configuration | 0 : Full access (read/write)1 : Write only2 : Admin write only3 : Locked |
| 3 | Disable Admin key | 0 : Remote host can authenticate using HostCommAdminKey1 : Authentication using HostCommAdminKey is forbidden |
| 2 | Disable User key | 0 : Remote host can authenticate using HostCommUserKey1 : Authentication using HostCommUserKey is forbidden |
| 1-0 | Usage | 0 : Free1 : Authenticated2 : Secure3 : RFU |
Byte 3 : Access Conditions for the Remote console (Telnet)
| Bit | Role | Values |
|---|---|---|
| 7-6 | RFU | |
| 5-4 | Configuration | 0 : The configuration is readable and writable through the Remote console1 : The configuration is only writable through the Remote console2 : Authentication using Admin Password is required to gain write access to the configuration3 : The configuration is locked (no read / no write over the Remote console) |
| 3 | Disable Admin password | 0 : Remote user can authenticate using Admin Password1 : Authentication using Admin Password is forbidden |
| 2 | Disable User password | 0 : Remote user can authenticate using User Password1 : Authentication using User Password is forbidden |
| 1 | RFU | |
| 0 | Telnet access | 0 : Telnet accces is enabled1 : Telnet accces is disabled |