Device Configuration
Device Address: (7 Bit Hex Value)
Device interface:	I2C SWI
Enable IO Levels to fixed reference:
Enable RNG Health Test Auto Clear:
Enable Enhanced SelfTest:
Serial Number
SN[0:1]
SN[8]
Monotonic Counter Configuration
Allowed counts:
Limited Key Use:	HMAC Key Disabled

IMPORTANT NOTE: The above User settings cannot be changed once its written and locked by this configurator.
So, it is recommended to set higher counts for Monotonic Counter and correct Limited Key Use setting.

Data Slots

Click on individual slots for more info.

Slot Number

Slot Use-case

Description

Slot Property

Slot 0

IO protection key

Key used to protect the I2C bus communication (IO) of certain commands. Requires setup before use.

No read, Always write, Lockable, Symmetric Key

Slot Description:
Using the IO protection features is optional, but the IO protection key is saved here. The idea is that on first boot, a random key will be generated and saved to this slot and the MCU's NVM, then the slot locked. Locking may not be necessary, if key rotation is needed for this key, but it does open up the device to a DOS attack where the key is changed unexpectedly. It is required to load and lock this slot for Checkmac-MAC response to work. Otherwise, only Checkmac-boolean response is allowed.

Provisioning:
The data entered in the below step will be stored in the device slot during provisioning.

Provisioning data input method:
Slot Unused
Enter HEX data
Upload data through .pem file

Disable slot write:

If checked, the contents of the slot cannot be modified under any circumstances.

Slot 1

User Data

General public data storage (320 bytes)

Clear read, Always write, Lockable

Slot Description:
This slot is used for public data storage, data can be written/read in clear text(Not encrypted). This slot should not be used for storing secrets.

Provisioning:
The data entered in the below step will be stored into the device slot during provisioning.

Provisioning data input method:
Slot Unused
Enter HEX data

Disable slot write:

If the checkbox is checked, the contents of the slot cannot be modified under any circumstances.

Slot 2

User Data

General public data storage (64 bytes)

Clear read, Always write, Lockable

Disable slot write:

If the checkbox is checked, the contents of the slot cannot be modified under any circumstances.

Slot 3

Secret key

Storage for a secret key

No read, Always write, Lockable, Symmetric Key

Slot Description:
This slot provides a storage location for a symmetric key to use with the SHA104-TFLXAUTH's symmetric key commands. The primary use case is to support symmetric authentication for Accessory / Disposable authentication. If the Configuration Zone is set as locked at provisioning, Slot cannot be updated. If the slot in the Data Zone is set as unlocked, then Slot can be updated. If the slot in the DataZone is set as locked, you will need to encrypt the updated key and execute a NONCE command

Provisioning:
The data entered in the below step will be stored in the device slot during provisioning.

Provisioning data input method:
Slot Unused
Enter HEX data
Upload data through .pem file

Diversified key:		If checked, the slot will be provisioned with a Diversified Symmetric Key (based on Master Symmetric Key + Serial Number + Random Number). If unchecked, Master Symmetric Key will be provisioned.
Enable Encrypted Write for HMAC Key:		If checked, the contents of the slot is written in the encrypted format.
Disable slot write:		If checked, the contents of the slot cannot be modified under any circumstances.

Prototyping

PROTOTYPE package is meant only for understanding and prototyping. It should NOT be shared as secrets are available in plain text. Alternatively, you may use dummy secrets.

Click here to provision the SHA104-TFLXAUTH-PROTO with the data/information provided in the above slots.

Production

Production package must be used to generate the Secure Provisioning Package to be sent to Microchip Provisioning Service (through Microchip Technical Support Portal). You will be prompted to add the HSM encryption keys when starting the generation process.

Both "Generate Provisioning Package" buttons compile all the data provided in the above slots into a zip package containing files that holds device configuration and user data to be loaded into the SHA104-TFLXAUTH slots. In the prototyping package, all user data are in unencrypted plain text whereas in the production package, user data are encrypted.

SHA104 TFLXAUTH SECURE PROVISIONING PROCESS

Select Use Cases :

SHA104 TFLXAUTH XML Generator

Device Configuration

Serial Number

Monotonic Counter Configuration

IMPORTANT NOTE: The above User settings cannot be changed once its written and locked by this configurator.
So, it is recommended to set higher counts for Monotonic Counter and correct Limited Key Use setting.

Data Slots

Prototyping

Production

MICROCHIP

SHA104 TFLXAUTH SECURE PROVISIONING PROCESS

Select Use Cases :

SHA104 TFLXAUTH XML Generator

Device Configuration

Serial Number

Monotonic Counter Configuration

IMPORTANT NOTE: The above User settings cannot be changed once its written and locked by this configurator. So, it is recommended to set higher counts for Monotonic Counter and correct Limited Key Use setting.

Data Slots

Prototyping

Production

MICROCHIP

IMPORTANT NOTE: The above User settings cannot be changed once its written and locked by this configurator.
So, it is recommended to set higher counts for Monotonic Counter and correct Limited Key Use setting.