15051ASMEM01/04Programming the CryptoMemory Device for Embedded ApplicationsCryptoMemory provides a cost-effective solution for securing sensitive data in non- volatile memory within any system. Various security features are built into Crypto- Memory, and the user has the option of defining which features will be used for different data elements that may be stored.To prepare CryptoMemory for use, several registers are programmed to indicate the selected security features to be used, and the appropriate passwords and keys are loaded into the device. Very little programming is needed to initialize the device. Depending on the options selected, only a few bytes up to a maximum of 2 Kbits of the configuration zone need to be programmed.This application note describes the process of organizing data and determining secu- rity settings and the proper sequence for writing to CryptoMemory. This initial programming, or initialization, is typically done before the device is mounted to the board in the final application. The design of the application will determine what data is written during this initialization of the CryptoMemory device.CryptoMemoryApplication Note2Programming CryptoMemory Device5051ASMEM01/04Default Device ConfigurationCryptoMemory devices are fully tested at Atmel. All functions are verified, and all mem- ory locations are tested and then set to default values. These values are:User Zones All user zones (4, 8, or 16) are programmed to all ones ($FF) throughout the entire zone.Configuration Zone: Answer to Reset This field of the configuration zone is programmed to a preset value. The value programmed includes two bytes that indicate the memory density.Configuration Zone: Fab Code This field is programmed to a preset value.Configuration Zone: Lot History Code This field is programmed to a preset value. This field is locked and cannot be changed after leaving Atmel.Configuration Zone: Secure Code This field, also known as the Write 7 Password, is programmed to a preset value.Remaining Configuration Zone All remaining fields in the configuration zone are programmed to all ones ($FF). This includes all access and password key registers, all encryption keys, and all passwords except the secure code. In this configuration, access to all user zones is open and free.Determine Initial Data and Security SettingsThe first step in initializing CryptoMemory is to determine what data will be stored in the device and the structure for that data. Data may be thought of as different files, and these files will need to be organized within the various user zones of CryptoMemory. The security requirements for each file should be determined. Files with identical secu- rity requirements may be placed in the same user zone. If a file or group of files requires more than one user zone, multiple user zones may be set with the same security requirements to accommodate the large data files. In most cases, the design of the application will determine the data structure and security settings for CryptoMemory.Initial DataWith the data structure established, determine what data should be written to the device during the initial programming. This is typically data that needs to be in the device before it is installed on the board. In addition to the user zones, there is also a 4-byte card man- ufacturer code and a 16-byte issuer code that may be programmed in the configuration zone as part of initialization.Security SettingsThe next step is to determine the security requirements of the application and how each zone of the CryptoMemory needs to be protected. Each user zone has one access reg- ister and one password key register, allowing the security requirements for each zone to be set independently. If multiple zones are required to store large data files, they may be set to the same security requirements. CryptoMemory offers a variety of security options; these options can be explored using the CryptoMemory Evaluation Kit (AT88SC25616C-EK). Security options are also documented in the CryptoMemory Embedded Specification, available under NDA. Briefly, the available security options are:Open or free access: no restrictions for read or write of a user zone.One-time programmable: the data programmed during initialization is locked and may not be changed.Program only: the data programmed during initialization may only be changed from a logic value “1“ to logic “0“ on a bit-by-bit basis. This can be used for a countdown function.Write protect: the data programmed during initialization may be protected byte by byte within a user zone.3Programming CryptoMemory Device5051ASMEM01/04Password protection: separate passwords may be required for read and/or write privileges to the user zone; eight separate password sets are available.Authentication protection: a successful authentication sequence is required for read and/or write privileges to the user zone; four separate key sets are available