ROT_STATE Features
The ROT_STATE provides:
- A managed life cycle for devices, ensuring that only specific functionality is available in each life cycle state (LCS)
- Some features, such as debug access, are turned off by default in certain life cycle states.
- If a feature is required in a specific LCS that has been disabled, it can be granted using cryptographically secure certificates.
- A secure boot facility whereby any firmware being executed by the ROM must be cryptographically verified and authenticated
- Secure debug facilities where the debug port can only be enabled via the use of cryptographically secure certificates
- A secure storage area for assets that are used to control the LCS behavior, and includes such items as:
- The RoT hash, provisioning key, and code encryption key are specific to each RoT in the system.
- RSL15 supports two distinct Roots of Trust.
- The Root of Trust (RoT) hash value, which allows for certificate authentication (HBK0/1)
- The storage of provisioning keys, to allow secure assets to be introduced to the system (Kpicv/Kcp)
- The storage of code encryption keys, allowing code to be decrypted from flash to RAM during the ROM startup (Kceicv/Kce)
- The Hardware Unique Key (HUK), which is an identifier unique to each device
- The SOC ID is an externally visible identifier that can be used to uniquely identify the device. This is a 128-bit value derived from other properties of the device. The SOC ID can be used in two different ways, depending on the device state.
- A secure mechanism to introduce debug certificates to the system, and the ability to revoke their use
- Anti-rollback measures to ensure older software cannot be executed on the device
The ROT_STATE cannot be revoked once a device has been transitioned into it. The device cannot be reverted back to EH_STATE.