Hello,
I am evaluating the nRF54LM20A for a product where I need to cryptographically prove that a device contains a genuine Nordic chip, without performing any secret provisioning in my own manufacturing process.
I understand that for nRF91x1 devices, Nordic injects a UUID and generates a protected identity key pair during SiP manufacturing, with the public key stored in the nRF Cloud Identity Service. This allows cryptographic proof of chip genuineness without any factory-side secret handling on the customer's part.
For the nRF54LM20A, I understand that:
-
The CRACEN IKG can derive an identity key from a 384-bit seed.
-
The seed can be auto-generated on first boot using the CRACEN RNG.
However, I cannot find any documentation describing whether Nordic pre-provisions any secret, certificate, or chain of certificates into the nRF54LM20A at manufacturing time that would allow me to verify chip genuineness against a Nordic-controlled root of trust — equivalent to the nRF Cloud Identity Service for nRF91x1.