Referring to the Comportable guideline for peripheral device functionality, the module csrng has the following hardware interfaces defined
- Primary Clock:
clk_i - Other Clocks: none
- Bus Device Interfaces (TL-UL):
tl - Bus Host Interfaces (TL-UL): none
- Peripheral Pins for Chip IO: none
| Port Name | Package::Struct | Type | Act | Width | Description |
|---|---|---|---|---|---|
| csrng_cmd | csrng_pkg::csrng | req_rsp | rsp | 2 | |
| entropy_src_hw_if | entropy_src_pkg::entropy_src_hw_if | req_rsp | req | 1 | |
| cs_aes_halt | entropy_src_pkg::cs_aes_halt | req_rsp | rsp | 1 | Coordinate activity between CSRNG's AES and Entropy Source's SHA3. When CSRNG gets a request and its AES is not active, it acknowledges and until the request has dropped neither runs its AES nor drops the acknowledge. |
| otp_en_csrng_sw_app_read | prim_mubi_pkg::mubi8 | uni | rcv | 1 | |
| lc_hw_debug_en | lc_ctrl_pkg::lc_tx | uni | rcv | 1 | |
| tl | tlul_pkg::tl | req_rsp | rsp | 1 |
| Interrupt Name | Type | Description |
|---|---|---|
| cs_cmd_req_done | Event | Asserted when a command request is completed. |
| cs_entropy_req | Event | Asserted when a request for entropy has been made. |
| cs_hw_inst_exc | Event | Asserted when a hardware-attached CSRNG instance encounters a command exception |
| cs_fatal_err | Event | Asserted when a FIFO error or a fatal alert occurs. Check the ERR_CODE register to get more information. |
| Alert Name | Description |
|---|---|
| recov_alert | This alert is triggered when a recoverable alert occurs. Check the RECOV_ALERT_STS register to get more information. |
| fatal_alert | This alert triggers (i) if an illegal state machine state is reached, or (ii) if an AES fatal alert condition occurs, or (iii) if a fatal integrity failure is detected on the TL-UL bus. |
| Countermeasure ID | Description |
|---|---|
| CSRNG.CONFIG.REGWEN | Registers are protected from writes. |
| CSRNG.CONFIG.MUBI | Registers have multi-bit encoded fields. |
| CSRNG.INTERSIG.MUBI | OTP signal used to enable software access to registers. |
| CSRNG.MAIN_SM.FSM.SPARSE | The CSRNG main state machine uses a sparse state encoding. |
| CSRNG.UPDATE.FSM.SPARSE | The CSRNG update state machine uses a sparse state encoding. |
| CSRNG.BLK_ENC.FSM.SPARSE | The CSRNG block encrypt state machine uses a sparse state encoding. |
| CSRNG.OUTBLK.FSM.SPARSE | The CSRNG block output state machine uses a sparse state encoding. |
| CSRNG.GEN_CMD.CTR.REDUN | The generate command uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.DRBG_UPD.CTR.REDUN | The ctr_drbg update algorthm uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.DRBG_GEN.CTR.REDUN | The ctr_drbg generate algorthm uses a counter that is protected by a second counter that counts in the opposite direction. |
| CSRNG.CTRL.MUBI | Multi-bit field used for selection control. |
| CSRNG.MAIN_SM.CTR.LOCAL_ESC | A mismatch detected inside any CSRNG counter moves the main state machine into a terminal error state. |
| CSRNG.CONSTANTS.LC_GATED | Seed diversification based on the lifecycle state. |
| CSRNG.SW_GENBITS.BUS.CONSISTENCY | Comparison on successive bus values for genbits returned on the software channel. |
| CSRNG.TILE_LINK.BUS.INTEGRITY | Tilelink end-to-end bus integrity scheme. |
| CSRNG.AES_CIPHER.FSM.SPARSE | The AES cipher core FSM uses a sparse state encoding. See the AES module documentation for AES-specific countermeasures. |
| CSRNG.AES_CIPHER.FSM.REDUN | The AES cipher core FSM uses multiple, independent logic rails. See the AES module documentation for AES-specific countermeasures. |
| CSRNG.AES_CIPHER.CTRL.SPARSE | Critical control signals for the AES cipher core such as handshake and MUX control signals use sparse encodings. See the AES module documentation for AES-specific countermeasures. |
| CSRNG.AES_CIPHER.FSM.LOCAL_ESC | The AES cipher core FSM moves to a terminal error state upon local escalation. Can be triggered by AES_CIPHER.FSM.SPARSE, AES_CIPHER.FSM.REDUN, AES_CIPHER.CTR.REDUN and AES_CIPHER.CTRL.SPARSE. See the AES module documentation for AES-specific countermeasures. |
| CSRNG.AES_CIPHER.CTR.REDUN | The AES round counter inside the AES cipher core FSM is protected with multiple, independent logic rails. See the AES module documentation for AES-specific countermeasures. |
| CSRNG.AES_CIPHER.DATA_REG.LOCAL_ESC | Upon local escalation, the AES cipher core doesn't output intermediate state. See the AES module documentation for AES-specific countermeasures. |
| Signal | Direction | Type | Description |
|---|---|---|---|
otp_en_csrng_sw_app_read_i |
input |
otp_en_t |
An efuse that will enable firmware to access the NIST CTR_DRBG internal state and genbits through registers. |
lc_hw_debug_en_i |
input |
lc_tx_t |
A life-cycle that will select which diversification value is used for xoring with the seed from ENTROPY_SRC. |
entropy_src_hw_if_o |
output |
entropy_src_hw_if_req_t |
Seed request made to the ENTROPY_SRC module. |
entropy_src_hw_if_i |
input |
entropy_src_hw_if_rsp_t |
Seed response from the ENTROPY_SRC module. |
cs_aes_halt_i |
input |
cs_aes_halt_req_t |
Request to CSRNG from ENTROPY_SRC to halt requests to the AES block for power leveling purposes. |
cs_aes_halt_o |
output |
cs_aes_halt_rsp_t |
Response from CSRNG to ENTROPY_SRC that all requests to AES block are halted. |
csrng_cmd_i |
input |
csrng_req_t |
Application interface request to CSRNG from an EDN block. |
csrng_cmd_o |
output |
csrng_rsp_t |
Application interface response from CSRNG to an EDN block. |