2

Is there a way to reset the atecc508a from Microchip Technology to default? The configuration zone was already locked.

I would appreciate any help. Thank you very much.

Glorfindel
  • 1,245
  • 3
  • 15
  • 20
Habebit
  • 121
  • 1
  • 4
    The datasheet states: "Once the configuration zone has been locked it can never be unlocked and no values within the config zone can be updated via direct write commands." Therefore, it looks like you are out of luck. – Peter Smith Feb 25 '19 at 13:33
  • Sorry, that was not what I meant. I think the EEPROM of the microchip should be erasable in any way. – Habebit Feb 25 '19 at 14:37
  • 1
    it appears that part of the EEPROM is OTP and cannot be altered after it is programmed ..... having an EEPROM erase function would be a security risk .... if you need to make changes, then you have to replace the chip – jsotola Feb 25 '19 at 21:26

1 Answers1

4

I only have access to the unredacted 608A datasheet, but the ATECC508A and ATECC608A are supposed to be the same in this regard. Also since it's under NDA I'm only going to provide information that can be inferred from the CryptoAuthLib documentation. There seems to be enough in the source code (and some of their examples) to figure the rest out, but I don't want to risk my job.

Once a zone has been locked it is impossible to unlock that zone.

The OTP zone is one-time programmable, and cannot be erased.

The data zone cannot be erased once locked, but (at least for the 608A) individual slots can be set as updatable, if they contain an ECC public key and are individually locked.

A "parent" secp256r1 public key with SlotConfig.WriteConfig set to Never, and a "child" public key to update with its SlotConfig.WriteConfig set to "PubInvalid". You can use the atcab_verify_invalidate() function to invalidate the child public key with a message signed by the parent public key, then use atcab_write() to write a new child public key to the slot, and finally use atcab_verify_validate() to validate the new child key with a message signed by the parent key.

https://microchiptech.github.io/cryptoauthlib/html/a00916.html

So if you want to restore a chip to factory defaults you'll just have to throw it away and get a new one. But if you only want to update one of the public keys (and have configured it correctly to begin with) that is possible.

SAI Peregrinus
  • 141
  • 2