Device / HostSecurity / AccessConditionMask Value
Defines an Access Condition Mask for every security Level. If the config value of a security Level is not set, it is not restricted at all.
Level 3 has always all access rights. No matter if there is a limitation via AcMask[3] or not.
Properties
- Value ID: 0x0288/0x00 - 0x03
-
Default value:
SecurityReset|SetKey1|SetKey2|SetKey3|SetAccessConditionMask0|SetAccessConditionMask1|
SetAccessConditionMask2|SysReset|ConfigRead|ConfigWrite|ConfigReset|IoPortRead|IoPortWrite|
GuiAccess|HfLowlevelAccess|ExtSamAccess|VhlSelect|VhlRead|VhlWrite|VhlFormat|VhlExchangeapdu|
RtcWrite|FlashFileSystemRead|FlashFileSystemWrite|ExtendedAccess|Bf2Upload|CryptoAccess|
AutoreadAccess|EthernetAccess|0xE0000000
Format
| Name | Type/Size | Description | |
|---|---|---|---|
| HostSecurityAccessConditionBits | Bit mask (32 bits) | Every Feature in this list can be disabled by not setting the corresponding bit. | |
| RFU | Integer (bit mask area 0xE0000000) | Zero padding | |
| EthernetAccess | Boolean (bit 0x10000000) | Provide Access to Ethernet BRP Commands | |
| AutoreadAccess | Boolean (bit 0x08000000) | Has to be cleared to deny control autoread task | |
| CryptoAccess | Boolean (bit 0x04000000) | Has to be cleared to deny allow access to the encryption unit | |
| Bf2Upload | Boolean (bit 0x02000000) | Has to be cleared to deny allow to upload firmware | |
| ExtendedAccess | Boolean (bit 0x01000000) | Has to be cleared to deny allow access to the extended reader partition | |
| FlashFileSystemWrite | Boolean (bit 0x00800000) | Has to be cleared to deny write access to flash file system | |
| FlashFileSystemRead | Boolean (bit 0x00400000) | Has to be cleared to deny read access to flash file system | |
| RtcWrite | Boolean (bit 0x00200000) | Has to be cleared to deny write access to RTC | |
| VhlExchangeapdu | Boolean (bit 0x00100000) | Has to be cleared to deny running VHL APDU Exchange | |
| VhlFormat | Boolean (bit 0x00080000) | Has to be cleared to deny formattings cards via VHL | |
| VhlWrite | Boolean (bit 0x00040000) | Has to be cleared to deny writing cards via VHL | |
| VhlRead | Boolean (bit 0x00020000) | Has to be cleared to deny reading cards via VHL | |
| VhlSelect | Boolean (bit 0x00010000) | Has to be cleared to deny detection of cards via VHL | |
| ExtSamAccess | Boolean (bit 0x00008000) | Has to be cleared to deny access to SAM over 7816-3 commands ( Iso78 command group ) | |
| HfLowlevelAccess | Boolean (bit 0x00004000) | Has to be cleared to deny allow to access HF via low level commands | |
| GuiAccess | Boolean (bit 0x00002000) | Has to be cleared to deny access to keypad/lcd | |
| IoPortWrite | Boolean (bit 0x00001000) | Has to be cleared to deny write access to io ports | |
| IoPortRead | Boolean (bit 0x00000800) | Has to be cleared to deny read access to io ports | |
| ConfigReset | Boolean (bit 0x00000400) | Has to be cleared to deny reset configuration keys/while configuration. | |
| ConfigWrite | Boolean (bit 0x00000200) | Has to be cleared to deny write access to configuration keys/values. | |
| ConfigRead | Boolean (bit 0x00000100) | Has to be cleared to deny read access to configuration keys/values | |
| SysReset | Boolean (bit 0x00000080) | Has to be cleared to deny allow reboot/powerdown of system | |
| SetAccessConditionMask2 | Boolean (bit 0x00000040) | Has to be cleared to deny set ac 2 | |
| SetAccessConditionMask1 | Boolean (bit 0x00000020) | Has to be cleared to deny set ac 1 | |
| SetAccessConditionMask0 | Boolean (bit 0x00000010) | Has to be cleared to deny set ac 0 | |
| SetKey3 | Boolean (bit 0x00000008) | Has to be cleared to deny set security key 3 | |
| SetKey2 | Boolean (bit 0x00000004) | Has to be cleared to deny set security key 2 | |
| SetKey1 | Boolean (bit 0x00000002) | Has to be cleared to deny set security key 1 | |
| FactoryReset | Boolean (bit 0x00000001) | Has to be cleared to deny resetting system to factory settings | |