Return Merchandise Authorization State (LCS_RMA)

In the RMA LCS, the device is destined to be returned to the manufacturer.

  • This state is irrevocable; the device must not be used when in this state.
  • This state allows application firmware to be executed if it can be verified and authenticated via one of the RoTs.
  • Any secret keys stored in the NVM have been erased, so it is not possible to perform any application decryption or use any secured assets.
  • Debug port is opened to allow fault analysis by the manufacturer.

If a device manufacturer wishes to ensure that the application code cannot be executed in RMA, the device certificates which form the RoT verification must be erased.

If a device manufacturer wishes to ensure that the application code cannot be read, the flash memory must be erased once the device has transitioned to the RMA state.