atmel at88sa100s atmel cryptoaut h entication battery authentication chip datasheet features ? secure battery authentication ? superior sha - 256 hash algorithm ? best in class 256 - bit key length ? guaranteed unique 48- bit serial number ? high speed single wire interfa ce ? supply voltage : 2. 7 ? 5. 2 5 v ? < 150 na sleep current ? green compliant (exceeds rohs) 3 - pin sot - 23 package and 8 - lead tssop or soic applications ? cell phones ? pda and smart phones ? portable media players ? digital cameras & camcorders ? cordless tools ? handheld d evices figure 1. p in configurations pin name function signal serial data , single - wire clock, and data gnd ground vcc power supply nc nc nc gnd 1 2 3 4 8 7 6 5 8-lead soic vcc nc nc signal 3 2 1 gnd vcc signal 3-lead sot-23 nc nc nc gnd 1 2 3 4 8 7 6 5 8-lead tssop vcc nc nc signal 8558f ? crypto ? 9 /11
atmel at88sa100s [ datasheet ] 2 8558f ? crypto ? 9 /11 1. introduction the atmel ? at88 sa100s is a small authentication chip that can be used to validate battery packs and other replaceable items that contain a power source. it uses the industry leading sha - 256 hash algorithm to provide the ultimate level of security. an ind ustry leading key length of 256 - bits prevents exhaustive attacks while multiple physical security fea tures prevent unauthorized disclosure of the secret key stored within the chip . this key is automatically erased when power is removed from the at88sa100s . it is ship ped with a guaranteed unique 48 - bit serial number that is used in combination with an inpu t challenge and the stored secret key to generate a response that is unique for every individual at88sa100s . the chip also includes 8 0 one - time fuses that can be used to configure the system and/or retain permanent status. the values in these fuses can als o be locked to prevent modification. 1.1 memory resources sram 256- bits of sram are used for storage of a key. the loadsram command provides a mechanism to securely initialize this block during personalization . this memory will retain its value when the chi p is put/goes to sleep, so long as a supply voltage in excess of v retain is still supplied to the chip. memvalid a single bit that tells whether or not sram contains valid data. it?s cleared when power is lost and set when the sram is loaded with a secre t key. fuse block of 128 - fuse bits that can be read and written through the one wire interface. the first 8- bits are lock bits that control burn ability on 16 - bit words of the array. fuse[88-95] are part of the manufacturing id values fixed by atmel. f use[96 - 127] are part of the serial number programmed by atmel which is guaranteed to be unique. see section 1.3 for more details on the manufacturing id and serial number. rom metal mask programmed memory. u nrestricted read s are permitted on the first 64 - bits of this array. the physical rom will be larger and will contain other information that cannot be read. rom mfr id two bytes of rom that specifies part of the manufacturing id code. this value is assigne d by atmel and is always the same for all chips of a particular model number. for the at88sa100s, this value is 0x 23 01. (appears on the bus: 0x01 23) , rom mfrid can be read by accessing rom bytes 0 and 1 of address 0. rom sn two bytes of rom that can be used to identify chips among others on the wafer. these bits reduce the number of fuses necessary to construct a unique serial number. the rom sn is read by accessing rom bytes 2 and 3 of address 0. the serial number can always be read by the system and is optionally included in the message digested by the mac command. revnum four bytes of rom that are used by atmel to identify the design revision of the at88sa100s chip. these bytes can be freely read as the four bytes returned from rom a ddress 1, however system code should not depend on this value as it may change from time to time.
atmel at88sa100s [ datasheet ] 3 8558f ? crypto ? 9 /11 1.2 fuse map the at88 sa100s chip incorporates 128 one - time fuses within the chip. once burned, there is no way to reset the value of a fuse. fuses, with the exception of th e manufacturing id and serial number bits , which are initialized by atmel, have a value of one when shipped from the atmel factory and transition to a zero when they are burned. table 1 -1. the 128 fuses in the atmel at88 sa100s chip are arranged i n t he following mann er : fuse # name description 0 ? 7 fuse lock bits each bit , when zero , locks the current value of the corres ponding 16 - bit block of the fuse array, see below for more details 8 ? 83 status fuses these fuses can be written with the burn fuse command and can always be read with the read command . they are totally user - defined 84 ? 87 status fuses these fuses can be written with the burnfuse command and can always be read with the read command . they are user - defined, but have special significance for the pau se long command . see s ection 6.3 87 fuse disable the mac command ignores the values of fuse[0 - 86] while this fuse is an one once it is burned to zero, the burnsecure command is disabled 88 ? 95 fuse mfrid see section 1.3 . set by atmel, cannot be modified in the field 96 ? 127 fuse sn see section 1.3 . set by atmel, cannot be modified in the field fuse lock bits these eight fuses ca n be used to prevent further writing of the status fuses. bit 0 , when burned, locks fuse[0 - 15] from being modified, bit[1] locks fuse[16- 31] and so on up through bit five , which locks fuse[80 - 87]. fuse[88- 127] can never be modified with the burnfuse comman d. note: b urning bit zero has the effect of preventing any changes to the current value of the lock bits status fuses these fuses can be used to store various information which are not secret . t heir value can always be determined using the read co mmand. they can be individually burned using the burnfuse command. two common usage models for these fuses are : 1. consumption logging, i.e. burn one bit after every n uses, the host system keeps track of the number of uses so far for this serial number since the last fuse burn . 2. model number information. in this situation, the bits are written at the factory and their value is locked to prevent modifications in the field. this method can also be used for feature enabling. 1.3 chip identification the chip includes a total of 72 - bits of information that can be used to distinguish between individual chips in a reliable manner. the information is distributed between the rom and fuse blocks in the following manner. serial number this 48 - bit v alue is composed of rom sn (16 - bits) and fuse sn (32- bits). together they form a serial number that is guaranteed to be unique for all devices ever manufactured within the atmel cryptoauthentication ? family. this value is optionally included in the mac calculation. manufacturing id this 24 - bit val ue is composed of rom mfrid (16 - bits) and fuse mfrid (8 - bits). typically this value is the same for all chips of a given type. it is always included in the cryptographic computations.
atmel at88sa100s [ datasheet ] 4 8558f ? crypto ? 9 /11 1.4 sha - 256 computation this chip perform s only one cry ptographic calculation ? a key ed digest of an input challenge using the sha - 256 algorithm, d ocumented here: http://csrc.nist.gov/publications/fips/fips180 - 2/fips180 - 2.pdf 1.4.1 sha c omputation example in order to ensure that there is no ambiguity, the following example vector is provided in addition to the sample vectors in the nist document. in this example, all values are listed in hex. for all but the key, bytes are listed in the o rder that they appear on the bus ? first on the left. key is listed in the same order, so the 01 at the left of the key string is the first byte passed to sha - 256. sha computation example key 01030507090b0d0f11131517191b1d1f21232527292b2d2f31333537393b 3d3f challenge 020406080a0c0e10121416181a1c1e20222426282a2c2e30323436383a3c3e40 opcode 0 8 mode 40 (include serial number in message) param2 0000 fuse mfrid 77 fuse s/n 8899aabb rom mfrid ccdd rom sn eeff the 88 - bytes over which the digest i s calculated are : 0103?3d3f0204?3e4001400000?eeff digest : 7d38245733717a488575b9f794f7bcafe033a3848d39430da25141fdebeaa1c2 a read command executed on a ddress 0 of the rom ( rom mfrid , rom sn ) would return cc dd ee ff, with cc being the first byt e on the bus and ff being the last. throughout this document, the compl ete message processed by the sa1 00s chip is documented. according to the above specification, this always includes a single bit of ?1? pad afte r the message, followed by a 64 - bit value representing the total number of bits being hashed (less pad and length). if the length is less than 447 (512 -64 - 1) then the necessary number of ?0? bits are included between the ?1? pad and ?length? to stretch th e last message block out to 512 - bits. when using standard libraries to calculate the sha - 256 digest, these pad and length bits should probably not be passed to the library as most standard software implementations of the algorithm add them in automatically. 1.5 security features th e at88sa100s incorp orates a number of physical security features designed to protect the key from unauthorized release. these include an active shield over the entire surface of the internal memory encryption, internal clock generation, glitch protection, voltage tamper dete ction and other physical design features. both the clock and logic supply voltage are internally generated, preventing any direct attack via the pins on these two sign als.
atmel at88sa100s [ datasheet ] 5 8558f ? crypto ? 9 /11 2. io protocol communications to and from th e at88sa100s take place over a single asyn chronously timed wire uses a pulse count scheme . the overall communications structure is a hierarchy: table 2 -1. io hierarchy tokens implement a single data bit transmitted on the bus, or the wake - up event flags comprised of eight tokens (bits) which convey the dire ction and meaning of the next group of bits (i f any) which may be transmitted blocks of data follow the command and transmit flags. they incorporate both a byte count and a checksum to ensure proper data transmission packets of bytes form the core of the block without the count and crc. they are either the input or output parameters of an atmel at88sa100s chip command or status information from the at88sa100s chip 2.1 io tokens there are a number of io tokens input: (to at88sa100s ) that may be transmitted along the bus: wake wake at88sa100s up from sleep (low power) state zero send a single bit from system to the at88sa100s with a value of zero one send a single bit from system to the at88sa100s with a value of one output: (from at88sa100s ) zeroout send a single bit from the at88sa100s to the system with a value of zero oneout send a single bit from the at88sa100s to the system with a value of one the waveforms are the same in either direction, however there are some differences in timing based on the ex pectation that the host has a very accurate and consistent clock while the at88sa100s has significant variation in its internal clock generator due to normal manufacturing and environmental fluctuations . the bit timings are designed to permit a standard ua rt running at 230.4 k baud to transmit and receive the tokens efficiently. each byte transmitted or received by the uart corresponds to a single bit received or transmitted by the at88sa100s . refer to applications n otes on the atmel website for more detai ls describing how the uart should be controlled.
atmel at88sa100s [ datasheet ] 6 8558f ? crypto ? 9 /11 2.2 ac parameters figure 2 -2. ac parameters t start t zhi t zlo data comm wake logic ? t start t bit logic 1 t lignore t hignore noise suppresion t wlo t whi 3. absolute maximum ratings * operating temperature .................... ? 40c to +85c storage temperature ................... ? 65c to + 150c voltage on a ny pin with respect to ground ................ ? 0.5 to v cc +0.5 v * notice: st resses beyond those listed under ?absolute maximum ratings? may cause permanent damage to the device. this is a stress rating only and functional operation of the device at these or any other condition beyond those indicated in the operational sections of this specification is not implied. exposure to absolute maximum rating conditions for extended periods of time may affect device reliability.
atmel at88sa100s [ datasheet ] 7 8558f ? crypto ? 9 /11 4. ac parameters table 4 -1. ac parameters parameter symbol direction min typ max uni t notes wake low duration t wlo to a tmel cryptoauthentication 60 - s signal can be stable in either high or low levels during extended sleep intervals. wake delay to data comm. t whi to atmel cryptoauthentication 2.5 45 ms signal should be stable high for this entire duration. t whi must not exceed t timeout or the chip will transition to sleep. start pulse duration t start to atmel cryptoauthentication 4.1 4.34 4.5 6 s from cryptoauthentication 4.6 6.0 8.6 s zero transmission high pulse t zhi to atmel cryptoauthentication 4.1 4.34 4.5 6 s from atmel cryptoauthentication 4.6 6.0 8.6 s zero transmission low pulse t zlo to atmel cryptoauthentication 4.1 4.34 4.5 6 s from atmel cryptoauthentication 4.6 6.0 8.6 s bit time t bit to atmel cryptoauthentication 37 39 - s if t he bit time exceeds t timeout then the atmel cryptoauthentication will enter sleep mode and the w ake token must be resent. from atmel cryptoauthentication 4 1 54 7 8 s turn around delay t turnaround from atmel cryptoauthentication 2 8 60 95 s atmel cr yptoauthentication will initiate the first low going transition after this time interval following the end of the transmit flag to atmel cryptoauthentication 15 s 45ms after atmel cryptoauthentication transmits the last bit of a block, system must wai t this interval before sending the first bit of a flag high side glitch filter @ active t hignore_a to atmel cryptoauthentication 45 ns pulses shorter than this in width will be ignored by the chip, regardless of its state when active low side glitch f ilter @ active t lignore_a to atmel cryptoauthentication 45 ns pulses shorter than this in width will be ignored by the chip, regardless of its state when active low side glitch filter @ sleep t lignore_s to atmel cryptoauthentication 500 ns pulses sh orter than this in width will be ignored by the chip when in sleep mode io timeout t timeout to atmel cryptoauthentication 45 65 85 ms refer to section 5.4.1 watchdog reset t w atchdog to atmel cryptoauthentication 3 4 5. 7 s max. time from w ake until chip is forced into s leep mode see watchdog failsafe , section 5.5
atmel at88sa100s [ datasheet ] 8 8558f ? crypto ? 9 /11 5. dc parameters table 5 -1. dc parameters parameter symbol min typ max unit notes operating temperature t a -40 85 c power supply voltage v cc 2. 7 5. 2 5 v fuse burning voltage v burn 3. 0 5. 2 5 v voltage applied to v cc pin. see s ection 6.3 active power supply current i cc - 6 ma sleep power supply current @ - 40 to 55 c i sleep 150 na when chip is in sleep mode, v cc = 5.25 v, vsig = 0.0 to 0.3 v, or vsig = v cc - 0.3 v to v cc sleep power supply current @ 85 c i sleep 1 a when chip is in sleep mode, v cc = 5.25 v, vsig = 0.0 to 0.3 v, or vsig = v cc - 0.3 v to v cc input low voltage @ v cc = 5.25 v v il - 0.5 0.75 v voltage levels for w ake token when chip is in sleep mode input low voltage @ v cc = 2.7 v v il - 0.5 0.5 v vo ltage levels for w ake token when chip is in sleep mode input high voltage @ v cc = 5.25 v v ih 1.5 5.25 v voltage levels for w ake token when chip is in sleep mode input high voltage @ v cc = 2.7 v v ih 1.25 3.0 v voltage levels for w ake token when chip i s in sleep mode input low voltage when active v il - 0.5 0. 5 v when chip is in active mode, v cc = 2. 7 ? 5. 2 5 v input high voltage when active v ih 1.2 5.25 v when chip is in active mode, v cc = 2. 7 ? 5. 2 5 v output low voltage v ol 0.4 v when chip is in active mode, v cc = 2. 7 ? 5. 2 5 v maximum input voltage v max 5.25 v 5.1 io flags the host system is always the bus master, so before any io transaction, the system must first send an 8 - bit flag value to the chip to indicate the io operation that is to be perform ed, as follows: name meaning 0x77 command after this flag, the system starts sending a command block to the chip. the first bit of the block can follow immediately after the last bit of the flag. 0x88 transmit after a turn - around delay, the chip w ill start transmitting the response for a previously transmitted command block. 0xcc sleep upon receipt of a sleep flag, the chip will enter a low power mode until the next w ake token is received. all other values are reserved and will be ignored.
atmel at88sa100s [ datasheet ] 9 8558f ? crypto ? 9 /11 5.1.1 comman d timing after a command flag is transmitted, a command block should be sent to the chip. during parsing of the parameters and subsequent execution of a properly received command, the chip will be busy and not respond to transitions on the signal pin. the delays for these operations are listed in the table below: table 5 -2. command timing (guaranteed by design; not tested) parameter symbol max unit notes parsingdelay t parse 100 s delay to check crc and parse opcode and parameters before an error indication will be available memorydelay t exec_mem 3 ms delay to execute read, write and/or sramlock commands fusedelay t exec_fuse 700 s delay to execute burnfuse command s ee section 6.3 for more details macdelay t exec_mac 30 ms delay to execute mac command personalizedelay t person 13 ms delay to execute genpersonalizationkey or loadsram in this document, t exec is used as shorthand for the delay corresponding to whatever command has been sent to the chip. 5.1.2 transmit flag the t ransmit fl ag is used to turn around the signal so that the at88sa100s can send data back to the system, depending on its current state. the bytes that the at88sa100s returns to the system, depending on its current state as follows: table 5 -3. return codes state description err or/status description after w ake, but prior to first command 0x11 indication that a proper w ake token has been received by the at88sa100s . after successful command execution ? return bytes per ?output parameters? in section 6 , command s of this document. in some cases this is a single byte with a value of 0x00 indicating success. the t ransmit flag can be resent to the at88sa100s repeatedly if a re - read of the output is necessary. execution error 0x0f command wa s properly received but could not be executed by the at88 sa100s chip . changes in the at88 sa100s chip state or the value of the command bits must happen before it is re - attempted. after crc or other parsing error 0xff command was not properly received by a t88sa100s and should be re - issued by the system. the at88sa100s always transmits complete blocks to the system, so in the above table the status/error bytes result in 4 - bytes going to the system ? count, error, crc x 2. after receipt of a command block, the at88sa100s will parse the command for errors, a process which takes t parse ( see section 5.1.1 ). after this interval the system can send a t ransmit token to the at88sa100s ? if there was an error then the at 88sa100s will respond with an error code. if there is no error then the at88sa100s internally transitions automatically from t parse to t exec and will not respond to any t ransmit tokens until both delays are complete. 5.1.3 sleep flag the sleep flag is used to tr ansition the at88sa100s to the low power state, which causes a complete reset of the at88sa100s ? internal command engine and input/output buffer. it can be sent to the at88sa100s at any time when the at88sa100s will accept a flag.
atmel at88sa100s [ datasheet ] 10 8558f ? crypto ? 9 /11 to achieve the specified i sleep , atmel recommends that the input signal be brought below v il when the chip is asleep. to achieve i sleep if the sleep state of the input pin is high, the voltage on the i nput signal should be within 0.3 v of v cc to avoid additional leakage on the inpu t circuit of the chip. 5.1.4 pause state the pause state is entered via the pauselong command and can be exited only when the watchdog timer has expired and the chip transitions to a sleep state. when in the pause state, the chip ignores all transitions on the s ignal pin but does not enter a low power consumption mode. the pause state provides a mechanism for multiple at88 sa10 0 s chips on the same wire to be selected and to exchange data with the host microprocessor. the pauselong command includes an optional addr ess field which is compared to the values in fuses 84 - 87. if the two matches , then the chip enter s the pause state, otherwise , it continues to monitor the bus for subsequent commands. the host would selectively put all but one at88 sa10 0 s in the pause state before executing the mac command on the active chip. after the end of the watchdog interval all the chips will have entered the sleep state and the selection process can be started with a w ake token (which will then be honored by all chips) and selection of a subsequent chip. 5.2 io blocks commands are sent to the chip, and responses received from the chip, within a block that is constructed in the following way: byte number name meaning 0 count number of bytes to be transferred to the chip in the block, incl uding count, packet and checksum, so this byte should always have a value of (n+1). the maximum size block is 39 and the minimum size block is four . values outside this range will cause unpredictable operation. 1 to (n -2) packet command, param eters and da ta, or response see section 6 for more details n - 1, n checksum crc- 16 verification of the count and packet bytes . the crc polynomial is 0x8005, the initial register value should b e zero and after the last bit of the count and packet have been transmitted the internal crc register should have a value that matches that in the block. the first byte transmitted (n - 1) is the least significant byte of the crc value so the last byte of th e block is the most significant byte of the crc. 5.3 io flow the general io flow for a mac command is as follows: 1. system sends w ake token 2. system sends t ransmit flag 3. receive 0x11 value from the at88sa100s to verify proper wakeup synchronization 4. system sends co mmand flag 5. system sends command block 6. system waits t parse for the at88sa100s to check for command formation errors 7. system sends transmit flag . if command format is ok, the at88sa100s ignores this flag because the computation engine is busy. if there was an error, the at88sa100s responds with an error code 8. system waits t exec . see section 5.1.1 9. system sends transmit flag 10. receive output block from the at88sa100s , system checks crc 11. if crc from the at88sa100s is incor rect, indicating a transmission error, system res ends transmit flag 12. system sends sleep flag to the at88sa100s all commands other than m ac have a short execution delay. i n these cases the system should omit steps six , seven , and eight and replace this with a wait of duration t parse + t exec .
atmel at88sa100s [ datasheet ] 11 8558f ? crypto ? 9 /11 5.4 synchronization because the communications protocol is half duplex, there is the possibility that the system and the at88sa100s will fall out of synchronization with each other. in order to speed recovery, the at88sa100 s implements a timeout that forces the at88sa100s to sleep. see section 5.4.1. 5.4.1 io timeout after a leading transition for any data token has been received, the at88sa100s will expect the remaining bits of the token to be proper ly received by the chip within the t timeout interval. failure to send enough bits or the transmission of an illegal token (a low pulse exceeding t zlo ) will cause the chip to enter the sleep state after the t timeout interval. the same timeout applies during the transmission of the command block. after the transmission of a legal command flag, the io timeout circuitry is enabled until the last expected data bit is received. note: t he timeout counter is reset after every legal token, so the total time to transmi t the command may exceed the t timeout interval whil e the time between bits may not in order to limit the active current if the at88sa100s is inadverten t ly awakened, the io t imeout circuitry is also enabled when the at88sa100s receives a wake - up. if the fir st token does not come within the t timeout interval, then the at88sa100s will go back to the sleep mode without performing any operations. the io timeout circuitry is disabled when the chip is busy executing a command. 5.4.2 synchronization procedures when the s ystem and the at88sa100s fall out of synchronization, the system will ultimately end up sending a t ransmit flag which will not generate a response from the at88sa100s . the system should implement its own timeout which waits for t timeout during which time t he at88sa100s should go to sleep automatically. at this point, the system should send a wake token and after t wlo + t whi , a transmit token. the 0x11 status indicates that the resynchronization was successful. it may be possible that the system does not get the 0x11 code from the at88sa100s for one of the following reasons: 1. the system did not wait a full t timeout delay with the io signal idle in which case the at88sa100s may have interpreted the w ake token and t ransmit flag as a data bits. recommended resolu tion is to wait twice the t timeout de lay and re- issue the wake token. 2. the at88sa100s went into the sleep mode for some reason while the system was transmitting data. in this case, the at88sa100s will interpret the next data bit as a w ake token, but ignore some of the subsequently transmitted bits during its wake - up delay. if any bytes are transmitted after the wake - up delay, they may be interpreted as a legal flag, though the following bytes would not be interpreted as a legal command due to an incorrect co unt or the lack of a correct crc. recommended resolution is to wait the t timeout de lay and re- issue the wake token. 3. there is some internal error condition within the at88sa100s which will b e automatically reset after a t watchdog interval, see below. there is no way to externally reset the at88sa100s ? the system should leave the io pin idle for this in terval and issue the wake token. 5.5 watchdog failsafe after the w ake token has been received by the at88sa100s , a watchdog counter is s tarted within the chip. af ter t watchdog , the chip will enter sleep mode, regardless of whether it is in the middle of execution of a command and/or whether some io transmission is in progress. there is no way to reset the counter other than to put the chip to sleep and wake it up a gain. this is implemented as a fail - safe so that no matter what happens on either the system side or inside the various state machines of the at88sa100s including any io synchronization issue, power consumption will fall to the low sleep level automaticall y.
atmel at88sa100s [ datasheet ] 12 8558f ? crypto ? 9 /11 5.6 byte and bit ordering the at88sa100s is a little - endian chip: ? all multi - byte aggregate elements within this spec are treated as arrays of bytes and are processed in the order received ? data is transferred to/from the at88sa100s least significant bit f irst on the bus ? in this document, the most significant bit appears towards the left hand side of the page 6. commands th e command packet is broken down in the following way: byte name meaning 0 opcode the command code 1 param1 the first parameter ? always present 2 -3 param2 the second parameter ? always present 4 + data optional remaining input data if a command fails because the crc within the block is incorrect, the opcode is invalid or one of the parameters is illegal, then immediately after t parse t he system will be able to retrieve an error response block containing a single byte packet. the value of that byte will be either 0x0f or 0xff depending on the source of the error. see section 5.1.2 . if a command is received s uccessfully then after the appropriate execution delay the system will be able to retrieve the output block as described in the individual command descriptions below. in the individual command description tables below, the size column describes the number of bytes in the parameter documented in each particular row . the total size of the block for each of the commands is fixed, though that value is different for each command. if the block size for a particular command is incorrect, the chip will not attempt the command execution and return an error.
atmel at88sa100s [ datasheet ] 13 8558f ? crypto ? 9 /11 6.1 mac computes a sha - 256 digest of the key, challenge and other fixed information on the chip to generate an output response. if memvalid is not set, indicating that no valid key is stored in the sram, then this command will return an error. the hashed message includes the following bytes, concatenated in this order: 256- bits key (stored in sram) 256- bits challenge 8 - bits opcode (always 0x0 8 ) 8 - bits mode input 16- bits param2 input 88- bits all zeros 8 - bits fuse mfrid ( fuse[88- 95] ) 32- bits fuse sn ( fuse[96 - 127] ) or zeros 16- bits rom mfrid 16- bits rom sn or zeros 1 - bit 1?s ? sha - 256 padding 255- bits 0?s ? sha - 256 padding 64- bits length (704) per sha - 256 table 6 -1. input parameters name size notes opcode mac 1 0x0 8 param1 mode 1 see table 6 -6 param2 zero 2 must be 0x00 00 data challenge 32 input portion of m essage to be digested table 6 -2. output parameters name size notes response 32 sha - 256 digest table 6 -3. mode encoding bit notes 6 if set, then the four bytes of fuse sn and the two bytes of rom sn will be included in the message, otherwise these bits will be set to zero in the message 0 - 5, 7 ignored, must be all zero
atmel at88sa100s [ datasheet ] 14 8558f ? crypto ? 9 /11 6.2 read reads four bytes from fuse , rom or memvalid. any attempt to present the chip with an illegal fuse address will result in an error return. table 6 -4. input parameters name size notes opcode read 1 0x02 param1 mode 1 fuse , rom or memvalid . see to table 12 param2 address 2 which 4 - bytes within array . bits 2 - 15 are ignored by the chip and should be zeros data ? 0 table 6 -5. output parameters name size notes contents 4 the contents of the specified memory location table 6 -6. mode encoding name value notes rom 0x00 reads four bytes from the rom. bit 1 of the address pa rameter must be zero fuse 0x01 reads the value of 32 - fuses memvalid 0x03 returns four bytes. the lsb of the first byte indicates whether or not the contents of the sram are valid. all other bits in all bytes have a value of zero . the address parameter i s ignored
atmel at88sa100s [ datasheet ] 15 8558f ? crypto ? 9 /11 6.3 burnfuse burns one of the 88 user accessible fuse bits. the values in fuses # 8 8 - 127 are reserved for fuse mfr id and fuse sn and cannot be blown via this command. all addresses above 0x 57 (87) will result in an error. fuses, with the exception of those initialized by atmel , have a value of one on shipment from the atmel factory and transition to a zero when they are b urned . fuse bits zero through seven of the fuse array are word lock bits. b urning one of these has the effect of loc king the corresponding 16 - bit word within fuse . bit 0 locks fuses 0 - 15, bit 1 locks fuses 16 - 31 and so on. if bit 0 is burned, then the value of the lock bits can no longer be changed. the values of lock bits six and seven are ignored by the chip. the powe r supply pin must meet the v burn specificat ion during the entire burnfuse command in order to burn fuses reliably. if vcc is greater than or equal to 3.7 v , then the burntime parameter should be set to 0x00 and the internal burn time will be 250 s. if vcc is less than 3.7 v but greater than v burn then the burntim e parameter should be set to 0xffff and the internal burn time will be up to 262 ms. the chip does not internally check the supply voltage level. there is a very small interval during t exec_burn when the fuse element is actually being burned. during this interval, t he power supply must not be removed and the watchdog timer must not be allowed to expire or the fuse may end up in a state where it reads as un - burned but cannot be burned. table 6 -7. input parameter s name size notes opcode burnfuse 1 0x04 param1 fusenum 1 which bit within fuse array, mini mum value is 0, and maximum value is 87 param2 burntime 2 must be 0x00 00 if vcc > =3.7 v; must be 0xff ff otherwise data ? 0 table 6 -8. output parameters name size notes success 1 upon successful completion, a value of 0 will be returned by the atmel at88sa100s
atmel at88sa100s [ datasheet ] 16 8558f ? crypto ? 9 /11 6.4 genpersonalizationkey this command generates a decryption digest that will be used by the subsequent command (loadsram) to decrypt the key value that i s to be written into the sram. this command must be run immediately prior to loadsram within the same watchdog cycle. this command l oads a transport key from an internal secure storage location and then uses that key along with an input seed to generate a decryption digest using sha - 256. neither the transport key nor the decryption digest can be read from the chip. upon completion, an internal bit is set indicating that the decryption digest has been generated and is ready to use by loadsram. this bit is cl eared (and the digest lost) when the watchdog timer expires , the chip goes to sleep or the power is cycled. table 6 -9. input parameters name size notes opcode genpers 1 0x2 0 param1 zero 1 must be 0x00 param2 keyid 2 identification number of the personalization ke y to be loaded data seed 16 seed for digest generation. the least significant bit of the last byte is ignored table 6 -10. output parameter name size notes success 1 upon successful execution, a value of 0 will be returned by the at88 sa100s chip the sha - 256 messag e body used to create the decryption digest which is internally stored in the chi p consists of the following 512- bits: 256- bits stored key[keyid] 64- bits all ones 127- bits input seed 1 - bit ?1? pad 64- bits length of message in bits, fixed at 447
atmel at88sa100s [ datasheet ] 17 8558f ? crypto ? 9 /11 6.5 loadsram writes 256 - bits into the battery backed sram and locks this memory against further modification. the value in the battery backed sram cannot be read, it must be verified via the mac command. if the secret value in the sram is already val id then this command will fail with an error response. the only way to unlock the sram is to remove power from the at88sa100s . the input data (secret key) is always decrypted using the decryption digest previously generated by genpersonalizationkey prior t o being written into the battery backed sram. note: b oth the genpersonalizationkey and loadsram commands must be run consecutively within a single w ake cycle prior to the expiration of the watchdog timer. if any command is inserted between these two operations then loadsram will fail. table 6 -11. input parameters name size notes opcode loadsram 1 0x1 0 param1 zero1 1 must be 0x00 param2 zero2 2 must be 0x00 00 data key 32 encrypted value to be written into the sram table 6 -12. output parameter name size notes success 1 upon succes sful execution, a value of 0 will be returned by the at88 sa100s chip the at88 sa100s chip executes the following sequence on receipt of this command. 1. if the internal flag (indicating that a personalization key has been loaded) is not set, then return erro r. if the memvalid f lag is set, return error 2. successively xor each byte in the data (secret key) parameter with the corresponding byte from the personalization key gen erated by genpersonalizationkey 3. transfer the resulting b ytes to the battery backed sram 4. s et memvalid (internal flag) to one
atmel at88sa100s [ datasheet ] 18 8558f ? crypto ? 9 /11 6.6 pauselong forces the chip into the pause state until the watchdog timer expires, after which it will automatically enter into the sleep state. during execution of this command the chip will ignore all activity on the io signal. this command is used to prevent bus conflicts in a system that also includes the cryptoauthentication host chip sharing the same signal wire. table 6 -13. input parameters name size notes opode pauselong 1 0x0 1 param1 selector 1 which chip to put i nt o the pause state , 0x00 for all chips param2 zero 2 must be 0x00 00 data ignored 0 table 6 -14. output parameter name size notes success 1 if the command indicates that some other chip should go in to the pause state , a value of zero will be returned by th is at88 sa100s chip . if this chip goes into the pause state no value will be returned . the selector parameter provides a mechanism to select which at88sa100s will pause if there are multiple devices on the bus: ? if the selector parameter is 0x00, then every chip receiving this command will go in to the pause state and no chip will return a success code . ? if any of the bits of the selector parameter are set , then the chip will read the values of fuse[ 84- 8 7] and go to sleep only if those fuse values match the least si gnificant four bits of the selector parameter. if the chip does not go in to the pause state , it returns a n error code of 0x0f. o therwise , it goes in to the pause state and never returns any code .
atmel at88sa100s [ datasheet ] 19 8558f ? crypto ? 9 /11 7. pinout table 7 -1. pin definitions soic/tssop sot -23 n ame description 5 1 signal io channel to the system, open drain output. it is expected that an external pull - up resistor will be provided to pull this signal up to v cc for proper communications. when the chip is not in use this pin can be pulled to eithe r v cc or gnd . 8 2 v cc power supply, 2. 7 ? 5. 2 5 v . this pin should be bypassed with a high quality 0.1 f capacitor close to this pin with a short trace to gnd additional applications information at www.atmel.com 4 3 g nd connect to system ground 1,2,3,6,7 -- nc not connected
atmel at88sa100s [ datasheet ] 20 8558f ? crypto ? 9 /11 8. package drawing s 3ts1 ? shrink sot p a c k a g e d r a w i n g c o n t a c t : p a c k a g e d r a w i n g s @ a t m e l . c o m t i t l e d r a w i n g n o . g p c r r e v . 3 t s 1 1 2 / 1 1 / 0 9 c o m m o n d i m e n s i o n s ( u n i t o f m e a s u r e = m m ) s y m b o l m i n n o m m a x n o t e e n d v i e w s i d e v i e w t o p v i e w 3 t s 1 , 3 - l e a d , 1 . 3 0 m m b o d y , p l a s t i c t h i n s h r i n k s m a l l o u t l i n e p a c k a g e ( s h r i n k s o t ) b t b g 0.89 0.01 0.88 2.80 2.10 1.20 0.30 a a1 a2 d e e1 l1 e1 b - - - 2.90 - 1.30 0.54 ref 1.90 bsc - 1.12 0.10 1.02 3.04 2.64 1.40 0.50 1,2 1,2 3 notes: 1. dimension d does not include mold flash, protrusions or gate burrs. mold flash, protrusions or gate burrs shall not exceed 0.25mm per end. dimension e1 does not include interlead flash or protrusion. interlead flash or protrusi on shall not exceed 0.25mm per side. 2. the package top may be smaller than the package bottom. dimensions d and e1 are determined at the outermost extremes of the plastic body exclusive of mold flash, tie bar burrs, gate burrs and interlead flash, but including any mismatch between the top and bottom of the plastic body. 3. these dimensions apply to the flat section of the lead between 0.08 mm and 0.15mm from the lead tip. this drawing is for general information only. refer to jed ec drawing to-236, variation ab for additional information. c l l1 3 e e1 1 2 e1 seating plane b a2 a a1 e d gnd sd a v cc signal
atmel at88sa100s [ datasheet ] 21 8558f ? crypto ? 9 /11 8 x ? tssop package drawing contact: packagedrawings@atmel.com dr a wing n o . re v . title gpc common dimensions (unit of measure = mm) symbo l min nom max note a - - 1.20 a1 0.05 - 0.15 a2 0.80 1.00 1.05 d 2.90 3.00 3.10 2, 5 e 6.40 bsc e1 4.30 4.40 4.50 3, 5 b 0.19 ? 0.30 4 e 0.65 bsc l 0.45 0.60 0.75 l1 1.00 ref c 0.09 - 0.20 side v iew end v iew t op v iew a2 a l l1 d 1 e1 n b pin 1 indicator� this corner e e notes: 1. this drawing is for general information onl y . refer to jedec drawing mo-153, v ariation aa, for proper dimensions, tolerances, datums, etc. 2. dimension d does not include mold flash, protrusions or gate burrs. mold flash, protrusions and gate burrs shall not exceed 0.15mm (0.006in) per side. 3. dimension e1 does not include inter-lead flash or protrusions. inter-lead flash and protrusions shall not exceed 0.25mm (0.010in) per side. 4. dimension b does not include dambar protrusion. allowable dambar protrusion shall be 0.08 mm total in excess of the b dimension at maximum material condition. dambar cannot be located on the lower radius of the foot. minimum space between protrusion and adjacent lead is 0.07mm. 5. dimension d and e1 to be determined at datum plane h. 8x d 6/22/11 8x, 8-lead 4.4mm bod y , plastic thin shrink small outline package (tssop) tnr c a1
atmel at88sa100s [ datasheet ] 22 8558f ? crypto ? 9 /11 8s1 ? jedec soic package drawing contact: packagedrawings@atmel.com dra wing no . rev . title gpc common dimensions (unit of measure = mm) symbol min nom max note a1 0.10 ? 0.25 a 1.35 ? 1.75 b 0.31 ? 0.51 c 0.17 ? 0.25 d 4.80 ? 5.05 e1 3.81 ? 3.99 e 5.79 ? 6.20 e 1.27 bsc l 0.40 ? 1.27 0 ? 8 ? e 1 n top view c e1 end view a b l a1 e d side view 8s1 g 6/22/11 notes: this drawing is for general information onl y . refer to jedec drawing ms-012, v ariation aa for proper dimensions, tolerances, datums, etc. 8s1, 8-lead (0.150? wide body), plastic gull wing small outline (jedec soic) swb
atmel at88sa100s [ datasheet ] 23 8558f ? crypto ? 9 /11 9. ordering information atmel at88sa100s ordering information atmel ordering code package type temperature range at 88s a100s - sh -cz -t soic, tape and reel - 40 c to 85 c at 88s a100s - t h -cz - t tssop, tape and reel - 40 c to 85 c at 88s a100s - tsu - t 3ld sot23 , tape and reel - 40 c to 85 c 10. revision history doc. rev. date comments 8558f 0 9 /2011 correct references and sections numbe rs section 5.1.3 , sleep flag, change ? within 0.5 v of v cc ? to ?within 0.3v of v cc? 8558e 0 8 /20 1 0 update io t imeout description 8558d 0 6 /20 1 0 update to table 3: ac parameters 8558c 0 5 /20 1 0 expansion of io timeout specificati on 8558b 0 4 /20 1 0 add tssop and soic packages 8558a 0 3 /2009 initial document release
atmel corporation 2325 orchard parkway san jose, ca 95131 usa tel: (+1)(408) 441 - 0311 fax: (+1)(408) 487 - 2600 www.atmel.com atmel asia limited unit 01 - 5 & 16, 19f bea tower, millennium city 5 418 kwun tong road kwun tong, kowloon hong kong tel: (+852) 2245 - 6100 fax: (+852) 2722 - 1369 atmel munich gmbh business campus parkring 4 d - 85748 garching b. munich germany tel: (+49) 89 - 31970 - 0 fax: (+49) 89 - 3194621 atmel japan 9f, tonetsu shinkawa bldg. 1 - 24 - 8 shinkawa chuo - ku, tokyo 104 - 0033 japan tel: (+81)(3) 3523 - 3551 fax: (+81)(3) 3523 - 7581 ? 2011 atmel corporation. all rights reserved. / rev.: 8558f ? crypto ? 9 /11 atmel ? , logo and combinations thereof, and others are registered trademarks or trademarks of atmel corporation or its subsidiaries. other terms and product names may be trademarks of others. di sclaimer: the information in this document is provided in connection with atmel products. no license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of atmel produ cts. except as set forth in the atmel terms and conditions of sales located on the atmel website, atmel assumes no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the imp lied warranty of merchantability, fitness for a particular purpose , or non - infringement. in no event shall atmel be liable for any direct, indirect, consequential, punitive, special or incidental damages (including, without limitation, damages for loss and profits, business interruption, or loss of information) arising out of the use or inability to use this document, even if atmel has been advised of the possibility of s uch damages. atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descri ptions at any time without notice. atmel does not make any commitment to update the information contained herein. unless specifical ly provided otherwise, atmel products are not suitable for, and shall not be used in, automotive applications. atmel products are not intended, authorized, or warranted for use as components in applications inte nded to support or sustain life.
|
