Hardware Interfaces and Registers

Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module aes has the following hardware interfaces defined.

Primary Clock: clk_i

Other Clocks: clk_edn_i

Bus Device Interfaces (TL-UL): tl

Bus Host Interfaces (TL-UL): none

Peripheral Pins for Chip IO: none

Inter-Module Signals: Reference

Inter-Module Signals
Port Name	Package::Struct	Type	Act	Width
idle	prim_mubi_pkg::mubi4	uni	req	1
lc_escalate_en	lc_ctrl_pkg::lc_tx	uni	rcv	1
edn	edn_pkg::edn	req_rsp	req	1
keymgr_key	keymgr_pkg::hw_key_req	uni	rcv	1
tl	tlul_pkg::tl	req_rsp	rsp	1

Interrupts: none

Security Alerts:

Alert Name	Description
recov_ctrl_update_err	This recoverable alert is triggered upon detecting an update error in the shadowed Control Register. The content of the Control Register is not modified (See Control Register). The AES unit can be recovered from such a condition by restarting the AES operation, i.e., by re-writing the Control Register. This should be monitored by the system.
fatal_fault	This fatal alert is triggered upon detecting a fatal fault inside the AES unit. Examples for such faults include i) storage errors in the shadowed Control Register, ii) any internal FSM entering an invalid state, iii) any sparsely encoded signal taking on an invalid value, iv) errors in the internal round counter, v) escalations triggered by the life cycle controller, and vi) fatal integrity failures on the TL-UL bus. The AES unit cannot recover from such an error and needs to be reset.

Alert Name

Description

recov_ctrl_update_err

This recoverable alert is triggered upon detecting an update error in the shadowed Control Register. The content of the Control Register is not modified (See Control Register). The AES unit can be recovered from such a condition by restarting the AES operation, i.e., by re-writing the Control Register. This should be monitored by the system.

fatal_fault

This fatal alert is triggered upon detecting a fatal fault inside the AES unit. Examples for such faults include i) storage errors in the shadowed Control Register, ii) any internal FSM entering an invalid state, iii) any sparsely encoded signal taking on an invalid value, iv) errors in the internal round counter, v) escalations triggered by the life cycle controller, and vi) fatal integrity failures on the TL-UL bus. The AES unit cannot recover from such an error and needs to be reset.

Security Countermeasures:

Countermeasure ID	Description
AES.BUS.INTEGRITY	End-to-end bus integrity scheme.
AES.LC_ESCALATE_EN.INTERSIG.MUBI	The global escalation input signal from life cycle is multibit encoded.
AES.MAIN.CONFIG.SHADOW	Main control register shadowed.
AES.MAIN.CONFIG.SPARSE	Critical fields in main control register one-hot encoded.
AES.AUX.CONFIG.SHADOW	Auxiliary control register shadowed.
AES.AUX.CONFIG.REGWEN	Auxiliary control register can be locked until reset.
AES.KEY.SIDELOAD	The key can be loaded from a key manager via sideload interface without exposing it to software.
AES.KEY.SW_UNREADABLE	Key registers are not readable by software.
AES.DATA_REG.SW_UNREADABLE	Data input and internal state registers are not readable by software.
AES.KEY.SEC_WIPE	Key registers are cleared with pseudo-random data.
AES.IV.CONFIG.SEC_WIPE	IV registers are cleared with pseudo-random data.
AES.DATA_REG.SEC_WIPE	Data input/output and internal state registers are cleared with pseudo-random data.
AES.DATA_REG.KEY.SCA	Internal state register cleared with pseudo-random data at the end of the last round. This uses the same mechanism as KEY.SEC_WIPE and is active independent of KEY.MASKING.
AES.KEY.MASKING	1st-order domain-oriented masking of the cipher core including data path and key expand. Can optionally be disabled via compile-time Verilog parameter for instantiations that don't need SCA hardening.
AES.MAIN.FSM.SPARSE	The main control FSM uses a sparse state encoding.
AES.MAIN.FSM.REDUN	The main control FSM uses multiple, independent logic rails.
AES.CIPHER.FSM.SPARSE	The cipher core FSM uses a sparse state encoding.
AES.CIPHER.FSM.REDUN	The cipher core FSM uses multiple, independent logic rails.
AES.CIPHER.CTR.REDUN	The AES round counter inside the cipher core FSM is protected with multiple, independent logic rails.
AES.CTR.FSM.SPARSE	The CTR mode FSM uses a sparse state encoding.
AES.CTR.FSM.REDUN	The CTR mode FSM uses multiple, independent logic rails.
AES.CTRL.SPARSE	Critical control signals such as handshake and MUX control signals use sparse encodings.
AES.MAIN.FSM.GLOBAL_ESC	The main control FSM moves to a terminal error state upon global escalation.
AES.MAIN.FSM.LOCAL_ESC	The main control FSM moves to a terminal error state upon local escalation. Can be triggered by MAIN.FSM.SPARSE, MAIN.FSM.REDUN, CTRL.SPARSE, as well as CIPHER.FSM.LOCAL_ESC, CTR.FSM.LOCAL_ESC.
AES.CIPHER.FSM.LOCAL_ESC	The cipher core FSM moves to a terminal error state upon local escalation. Can be triggered by CIPHER.FSM.SPARSE, CIPHER.FSM.REDUN, CIPHER.CTR.REDUN, CTRL.SPARSE as well as MAIN.FSM.LOCAL_ESC.
AES.CTR.FSM.LOCAL_ESC	The CTR mode FSM moves to a terminal error state upon local escalation. Can be triggered by CTR.FSM.SPARSE, CTR.FSM.REDUN, and CTRL.SPARSE.
AES.DATA_REG.LOCAL_ESC	Upon local escalation, the module doesn't output intermediate state.

Registers

Summary
Name	Offset	Length	Description
aes.ALERT_TEST	0x0	4	Alert Test Register
aes.KEY_SHARE0_0	0x4	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_1	0x8	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_2	0xc	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_3	0x10	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_4	0x14	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_5	0x18	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_6	0x1c	4	Initial Key Registers Share 0.
aes.KEY_SHARE0_7	0x20	4	Initial Key Registers Share 0.
aes.KEY_SHARE1_0	0x24	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_1	0x28	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_2	0x2c	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_3	0x30	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_4	0x34	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_5	0x38	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_6	0x3c	4	Initial Key Registers Share 1.
aes.KEY_SHARE1_7	0x40	4	Initial Key Registers Share 1.
aes.IV_0	0x44	4	Initialization Vector Registers.
aes.IV_1	0x48	4	Initialization Vector Registers.
aes.IV_2	0x4c	4	Initialization Vector Registers.
aes.IV_3	0x50	4	Initialization Vector Registers.
aes.DATA_IN_0	0x54	4	Input Data Registers.
aes.DATA_IN_1	0x58	4	Input Data Registers.
aes.DATA_IN_2	0x5c	4	Input Data Registers.
aes.DATA_IN_3	0x60	4	Input Data Registers.
aes.DATA_OUT_0	0x64	4	Output Data Register.
aes.DATA_OUT_1	0x68	4	Output Data Register.
aes.DATA_OUT_2	0x6c	4	Output Data Register.
aes.DATA_OUT_3	0x70	4	Output Data Register.
aes.CTRL_SHADOWED	0x74	4	Control Register.
aes.CTRL_AUX_SHADOWED	0x78	4	Auxiliary Control Register.
aes.CTRL_AUX_REGWEN	0x7c	4	Lock bit for Auxiliary Control Register.
aes.TRIGGER	0x80	4	Trigger Register.
aes.STATUS	0x84	4	Status Register

aes.ALERT_TEST @ 0x0

Alert Test Register

Reset default = 0x0, mask 0x3

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
														fatal_fault	recov_ctrl_update_err

Bits

Type

Reset

Name

Description

0x0

recov_ctrl_update_err

Write 1 to trigger one alert event of this kind.

0x0

fatal_fault

Write 1 to trigger one alert event of this kind.

aes.KEY_SHARE0_0 @ 0x4

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

The actual initial key corresponds to Initial Key Registers Share 0 XORed with Initial Key Registers Share 1. Loaded into the internal Full Key register upon starting encryption/decryption of the next block. All key registers (Share 0 and Share 1) must be written at least once when the key is changed, regardless of key length (write random data for unused bits). The order in which the registers are updated does not matter. Can only be updated when the AES unit is idle. If the AES unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_0

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_0

Initial Key Share 0

aes.KEY_SHARE0_1 @ 0x8

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_1

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_1

For KEY_SHARE01

aes.KEY_SHARE0_2 @ 0xc

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_2

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_2

For KEY_SHARE02

aes.KEY_SHARE0_3 @ 0x10

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_3

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_3

For KEY_SHARE03

aes.KEY_SHARE0_4 @ 0x14

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_4...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_4

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_4

For KEY_SHARE04

aes.KEY_SHARE0_5 @ 0x18

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_5...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_5

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_5

For KEY_SHARE05

aes.KEY_SHARE0_6 @ 0x1c

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_6...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_6

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_6

For KEY_SHARE06

aes.KEY_SHARE0_7 @ 0x20

Initial Key Registers Share 0.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share0_7...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share0_7

Bits

Type

Reset

Name

Description

31:0

0x0

key_share0_7

For KEY_SHARE07

aes.KEY_SHARE1_0 @ 0x24

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_0

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_0

Initial Key Share 1

aes.KEY_SHARE1_1 @ 0x28

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_1

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_1

For KEY_SHARE11

aes.KEY_SHARE1_2 @ 0x2c

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_2

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_2

For KEY_SHARE12

aes.KEY_SHARE1_3 @ 0x30

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_3

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_3

For KEY_SHARE13

aes.KEY_SHARE1_4 @ 0x34

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_4...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_4

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_4

For KEY_SHARE14

aes.KEY_SHARE1_5 @ 0x38

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_5...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_5

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_5

For KEY_SHARE15

aes.KEY_SHARE1_6 @ 0x3c

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_6...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_6

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_6

For KEY_SHARE16

aes.KEY_SHARE1_7 @ 0x40

Initial Key Registers Share 1.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_share1_7...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_share1_7

Bits

Type

Reset

Name

Description

31:0

0x0

key_share1_7

For KEY_SHARE17

aes.IV_0 @ 0x44

Initialization Vector Registers.

Reset default = 0x0, mask 0xffffffff

The initialization vector (IV) or initial counter value must be written to these registers when starting a new message in CBC or CTR mode (see Control Register), respectively. In CBC and CTR modes, the AES unit does not start encryption/decryption with a partially updated IV. Each register has to be written at least once. The order in which the registers are written does not matter. If the AES unit is non-idle, writes to these registers are ignored. Whenever starting a new message, the corresponding IV value must be provided by the processor. Once started, the AES unit automatically updates the contents of these registers. In ECB mode, the IV registers are not used and do not need to be configured. Upon reset, these registers are cleared with pseudo-random data.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
iv_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...iv_0

Bits

Type

Reset

Name

Description

31:0

0x0

iv_0

Initialization Vector

aes.IV_1 @ 0x48

Initialization Vector Registers.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
iv_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...iv_1

Bits

Type

Reset

Name

Description

31:0

0x0

iv_1

For IV1

aes.IV_2 @ 0x4c

Initialization Vector Registers.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
iv_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...iv_2

Bits

Type

Reset

Name

Description

31:0

0x0

iv_2

For IV2

aes.IV_3 @ 0x50

Initialization Vector Registers.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
iv_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...iv_3

Bits

Type

Reset

Name

Description

31:0

0x0

iv_3

For IV3

aes.DATA_IN_0 @ 0x54

Input Data Registers.

Reset default = 0x0, mask 0xffffffff

If MANUAL_OPERATION=0 (see Control Register), the AES unit automatically starts encryption/decryption after all Input Data registers have been written. Each register has to be written at least once. The order in which the registers are written does not matter. Loaded into the internal State register upon starting encryption/decryption of the next block. After that, the processor can update the Input Data registers (See INPUT_READY field of Status Register). Upon reset, these registers are cleared with pseudo-random data.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_in_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_in_0

Bits

Type

Reset

Name

Description

31:0

0x0

data_in_0

Input Data

aes.DATA_IN_1 @ 0x58

Input Data Registers.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_in_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_in_1

Bits

Type

Reset

Name

Description

31:0

0x0

data_in_1

For DATA_IN1

aes.DATA_IN_2 @ 0x5c

Input Data Registers.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_in_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_in_2

Bits

Type

Reset

Name

Description

31:0

0x0

data_in_2

For DATA_IN2

aes.DATA_IN_3 @ 0x60

Input Data Registers.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_in_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_in_3

Bits

Type

Reset

Name

Description

31:0

0x0

data_in_3

For DATA_IN3

aes.DATA_OUT_0 @ 0x64

Output Data Register.

Reset default = 0x0, mask 0xffffffff

Holds the output data produced by the AES unit during the last encryption/decryption operation. If MANUAL_OPERATION=0 (see Control Register), the AES unit is stalled when the previous output data has not yet been read and is about to be overwritten. Each register has to be read at least once. The order in which the registers are read does not matter. Upon reset, these registers are cleared with pseudo-random data.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_out_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_out_0

Bits

Type

Reset

Name

Description

31:0

0x0

data_out_0

Output Data

aes.DATA_OUT_1 @ 0x68

Output Data Register.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_out_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_out_1

Bits

Type

Reset

Name

Description

31:0

0x0

data_out_1

For DATA_OUT1

aes.DATA_OUT_2 @ 0x6c

Output Data Register.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_out_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_out_2

Bits

Type

Reset

Name

Description

31:0

0x0

data_out_2

For DATA_OUT2

aes.DATA_OUT_3 @ 0x70

Output Data Register.

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
data_out_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...data_out_3

Bits

Type

Reset

Name

Description

31:0

0x0

data_out_3

For DATA_OUT3

aes.CTRL_SHADOWED @ 0x74

Control Register.

Reset default = 0x1181, mask 0xffff

Can only be updated when the AES unit is idle. If the AES unit is non-idle, writes to this register are ignored. This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence. Any write operation to this register will clear the status tracking required for automatic mode (See MANUAL_OPERATION field). A write to the Control Register is considered the start of a new message. Hence, software needs to provide new key, IV and input data afterwards.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
MANUAL_OPERATION	PRNG_RESEED_RATE			SIDELOAD	KEY_LEN			MODE						OPERATION

Bits

Type

Reset

Name

Description

1:0

0x1

OPERATION

2-bit one-hot field to select the operation of AES unit. Invalid input values, i.e., values with multiple bits set and value 2'b00, are mapped to AES_ENC (2'b01).

0x1	AES_ENC	2'b01: Encryption. Invalid input values, i.e., 2'b00 and 2'b11, are mapped to AES_ENC.
0x2	AES_DEC	2'b10: Decryption.

Other values are reserved.

7:2

0x20

MODE

6-bit one-hot field to select AES block cipher mode. Invalid input values, i.e., values with multiple bits set and value 6'b00_0000, are mapped to AES_NONE (6'b10_0000).

0x01	AES_ECB	6'b00_0001: Electronic Codebook (ECB) mode.
0x02	AES_CBC	6'b00_0010: Cipher Block Chaining (CBC) mode.
0x04	AES_CFB	6'b00_0100: Cipher Feedback (CFB) mode.
0x08	AES_OFB	6'b00_1000: Output Feedback (OFB) mode.
0x10	AES_CTR	6'b01_0000: Counter (CTR) mode.
0x20	AES_NONE	6'b10_0000: Invalid input values, i.e., value with multiple bits set and value 6'b00_0000, are mapped to AES_NONE.

Other values are reserved.

10:8

0x1

KEY_LEN

3-bit one-hot field to select AES key length. Invalid input values, i.e., values with multiple bits set, value 3'b000, and value 3'b010 in case 192-bit keys are not supported (because disabled at compile time) are mapped to AES_256 (3'b100).

0x1	AES_128	3'b001: 128-bit key length.
0x2	AES_192	3'b010: 192-bit key length. In case support for 192-bit keys has been disabled at compile time, setting this value results in configuring AES_256 (3'b100).
0x4	AES_256	3'b100: 256-bit key length. Invalid input values, i.e., values with multiple bits set, value 3'b000, and value 3'b010 in case 192-bit keys are not supported (because disabled at compile time) are mapped to AES_256.

Other values are reserved.

0x0

SIDELOAD

Controls whether the AES unit uses the key provided by the key manager via key sideload interface (1) or the key provided by software via Initial Key Registers KEY_SHARE1_0 - KEY_SHARE1_7 (0).

14:12

0x1

PRNG_RESEED_RATE

3-bit one-hot field to control the reseeding rate of the internal pseudo-random number generator (PRNG) used for masking. Invalid input values, i.e., values with multiple bits set and value 3'b000 are mapped to the highest reseeding rate PER_1 (3'b001).

0x1	PER_1	3'b001: Reseed the masking PRNG once per block. Invalid input values, i.e., values with multiple bits set and value 3'b000 are mapped to PER_1 (3'b001). This results in a max entropy consumption rate of ~286 Mbit/s.
0x2	PER_64	3'b010: Reseed the masking PRNG approximately once per every 64 blocks. This results in a max entropy consumption rate of ~4.5 Mbit/s.
0x4	PER_8K	3'b100: Reseed the masking PRNG approximately once per every 8192 blocks. This results in an max entropy consumption rate of ~0.035 Mbit/s.

Other values are reserved.

0x0

MANUAL_OPERATION

Controls whether the AES unit is operated in normal/automatic mode (0) or fully manual mode (1). In automatic mode (0), the AES unit automatically i) starts to encrypt/decrypt when it receives new input data, and ii) stalls during the last encryption/decryption cycle if the previous output data has not yet been read. This is the most efficient mode to operate in. Note that the corresponding status tracking is automatically cleared upon a write to the Control Register. In manual mode (1), the AES unit i) only starts to encrypt/decrypt after receiving a start trigger (see Trigger Register), and ii) overwrites previous output data irrespective of whether it has been read out or not. This mode is useful if software needs full control over the AES unit.

aes.CTRL_AUX_SHADOWED @ 0x78

Auxiliary Control Register.

Reset default = 0x1, mask 0x3

This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
														FORCE_MASKS	KEY_TOUCH_FORCES_RESEED

Bits

Type

Reset

Name

Description

0x1

KEY_TOUCH_FORCES_RESEED

Controls whether providing a new key triggers the reseeding of internal pseudo-random number generators used for clearing and masking (1) or not (0).

0x0

FORCE_MASKS

Allow the internal masking PRNG to advance (0) or force its internal state (1) leading to constant masks. Setting all masks to constant value can be useful when performing SCA. To completely disable the masking, the second key share (KEY_SHARE1_0 - KEY_SHARE1_7) must be zero as well. In addition, a special seed needs to be loaded into the masking PRNG using the EDN interface. Only applicable if both the Masking parameter and the SecAllowForcingMasks parameter are set to one.

aes.CTRL_AUX_REGWEN @ 0x7c

Lock bit for Auxiliary Control Register.

Reset default = 0x1, mask 0x1

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
															CTRL_AUX_REGWEN

Bits

Type

Reset

Name

Description

rw0c

0x1

CTRL_AUX_REGWEN

Auxiliary Control Register configuration enable bit. If this is cleared to 0, the Auxiliary Control Register cannot be written anymore.

aes.TRIGGER @ 0x80

Trigger Register.

Reset default = 0xe, mask 0xf

Each bit is individually cleared to zero when executing the corresponding trigger. While executing any of the triggered operations, the AES unit will set the IDLE bit in the Status Register to zero. The processor must check the Status Register before triggering further actions. For example, writes to Initial Key and IV Registers are ignored while the AES unit is busy. Writes to the Input Data Registers are not ignored but the data will be cleared if a KEY_IV_DATA_IN_CLEAR operation is pending.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
												PRNG_RESEED	DATA_OUT_CLEAR	KEY_IV_DATA_IN_CLEAR	START

Bits Type Reset Name Description

0x0

START

Keep AES unit paused (0) or trigger the encryption/decryption of one data block (1). This trigger is cleared to 0 if MANUAL_OPERATION=0 or if MODE=AES_NONE (see Control Register).

0x1

KEY_IV_DATA_IN_CLEAR

Keep current values in Initial Key, internal Full Key and Decryption Key registers, IV registers and Input Data registers (0) or clear all those registers with pseudo-random data (1).

0x1

DATA_OUT_CLEAR

Keep current values in Output Data registers (0) or clear those registers with pseudo-random data (1).

0x1

PRNG_RESEED

Keep continuing with the current states of the internal pseudo-random number generators used for register clearing and masking (0) or perform a reseed of the internal states from the connected entropy source (1). If the KEY_TOUCH_FORCES_RESEED bit in the Auxiliary Control Register is set to one, this trigger will automatically get set after providing a new initial key.

aes.STATUS @ 0x84

Status Register

Reset default = 0x0, mask 0x7f

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
									ALERT_FATAL_FAULT	ALERT_RECOV_CTRL_UPDATE_ERR	INPUT_READY	OUTPUT_VALID	OUTPUT_LOST	STALL	IDLE

Bits Type Reset Name Description

0x0

IDLE

The AES unit is idle (1) or busy (0). This flag is 0 if one of the following operations is currently running: i) encryption/decryption, ii) register clearing or iii) PRNG reseeding. This flag is also 0 if an encryption/decryption is running but the AES unit is stalled.

0x0

STALL

The AES unit is not stalled (0) or stalled (1) because there is previous output data that must be read by the processor before the AES unit can overwrite this data. This flag is not meaningful if MANUAL_OPERATION=1 (see Control Register).

0x0

OUTPUT_LOST

All previous output data has been fully read by the processor (0) or at least one previous output data block has been lost (1). It has been overwritten by the AES unit before the processor could fully read it. Once set to 1, this flag remains set until AES operation is restarted by re-writing the Control Register. The primary use of this flag is for design verification. This flag is not meaningful if MANUAL_OPERATION=0 (see Control Register).

0x0

OUTPUT_VALID

The AES unit has no valid output (0) or has valid output data (1).

0x0

INPUT_READY

The AES unit is ready (1) or not ready (0) to receive new data input via the DATA_IN registers. If the present values in the DATA_IN registers have not yet been loaded into the module this flag is 0 (not ready).

0x0

ALERT_RECOV_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occurred (1) in the shadowed Control Register. AES operation needs to be restarted by re-writing the Control Register.

0x0

ALERT_FATAL_FAULT

No fatal fault has occurred inside the AES unit (0). A fatal fault has occurred and the AES unit needs to be reset (1). Examples for fatal faults include i) storage errors in the Control Register, ii) if any internal FSM enters an invalid state, iii) if any sparsely encoded signal takes on an invalid value, iv) errors in the internal round counter, v) escalations triggered by the life cycle controller, and vi) fatal integrity failures on the TL-UL bus.

OpenTitan Documentation

Hardware Interfaces and Registers

Interfaces

Registers