Registers

The AES unit uses 8 and 2x4 separate write-only registers for the initial key, initialization vector, and input data, as well as 4 separate read-only registers for the output data. All registers are little-endian. Compared to first-in, first-out (FIFO) interfaces, having separate registers has a couple of advantages:

  • Supported out-of-the-box by the register tool (the FIFO would have to be implemented separately).
  • Usability: critical corner cases where software updates input data or the key partially only are easier to avoid using separate registers and the hwqe-signals provided by the Register Tool.
  • Easier interaction with DMA engines

Also, using a FIFO interface for something that is not actually FIFO (internally, 16B of input/output data are consumed/produced at once) is less natural.

For a detailed overview of the register tool, please refer to the Register Tool documentation.

Summary

NameOffsetLengthDescription
aes.ALERT_TEST0x04Alert Test Register
aes.KEY_SHARE0_00x44Initial Key Registers Share 0.
aes.KEY_SHARE0_10x84Initial Key Registers Share 0.
aes.KEY_SHARE0_20xc4Initial Key Registers Share 0.
aes.KEY_SHARE0_30x104Initial Key Registers Share 0.
aes.KEY_SHARE0_40x144Initial Key Registers Share 0.
aes.KEY_SHARE0_50x184Initial Key Registers Share 0.
aes.KEY_SHARE0_60x1c4Initial Key Registers Share 0.
aes.KEY_SHARE0_70x204Initial Key Registers Share 0.
aes.KEY_SHARE1_00x244Initial Key Registers Share 1.
aes.KEY_SHARE1_10x284Initial Key Registers Share 1.
aes.KEY_SHARE1_20x2c4Initial Key Registers Share 1.
aes.KEY_SHARE1_30x304Initial Key Registers Share 1.
aes.KEY_SHARE1_40x344Initial Key Registers Share 1.
aes.KEY_SHARE1_50x384Initial Key Registers Share 1.
aes.KEY_SHARE1_60x3c4Initial Key Registers Share 1.
aes.KEY_SHARE1_70x404Initial Key Registers Share 1.
aes.IV_00x444Initialization Vector Registers.
aes.IV_10x484Initialization Vector Registers.
aes.IV_20x4c4Initialization Vector Registers.
aes.IV_30x504Initialization Vector Registers.
aes.DATA_IN_00x544Input Data Registers.
aes.DATA_IN_10x584Input Data Registers.
aes.DATA_IN_20x5c4Input Data Registers.
aes.DATA_IN_30x604Input Data Registers.
aes.DATA_OUT_00x644Output Data Register.
aes.DATA_OUT_10x684Output Data Register.
aes.DATA_OUT_20x6c4Output Data Register.
aes.DATA_OUT_30x704Output Data Register.
aes.CTRL_SHADOWED0x744Control Register.
aes.CTRL_AUX_SHADOWED0x784Auxiliary Control Register.
aes.CTRL_AUX_REGWEN0x7c4Lock bit for Auxiliary Control Register.
aes.TRIGGER0x804Trigger Register.
aes.STATUS0x844Status Register

ALERT_TEST

Alert Test Register

  • Offset: 0x0
  • Reset default: 0x0
  • Reset mask: 0x3

Fields

BitsTypeResetNameDescription
31:2Reserved
1wo0x0fatal_faultWrite 1 to trigger one alert event of this kind.
0wo0x0recov_ctrl_update_errWrite 1 to trigger one alert event of this kind.

KEY_SHARE0

Initial Key Registers Share 0.

The actual initial key corresponds to Initial Key Registers Share 0 XORed with Initial Key Registers Share 1. Loaded into the internal Full Key register upon starting encryption/decryption of the next block. All key registers (Share 0 and Share 1) must be written at least once when the key is changed, regardless of key length (write random data for unused bits). The order in which the registers are updated does not matter. Can only be updated when the AES unit is idle. If the AES unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
KEY_SHARE0_00x4
KEY_SHARE0_10x8
KEY_SHARE0_20xc
KEY_SHARE0_30x10
KEY_SHARE0_40x14
KEY_SHARE0_50x18
KEY_SHARE0_60x1c
KEY_SHARE0_70x20

Fields

BitsTypeResetNameDescription
31:0wo0x0key_share0Initial Key Share 0

KEY_SHARE1

Initial Key Registers Share 1.

The actual initial key corresponds to Initial Key Registers Share 0 XORed with Initial Key Registers Share 1. Loaded into the internal Full Key register upon starting encryption/decryption of the next block. All key registers (Share 0 and Share 1) must be written at least once when the key is changed, regardless of key length (write random data for unused bits). The order in which the registers are updated does not matter. Can only be updated when the AES unit is idle. If the AES unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
KEY_SHARE1_00x24
KEY_SHARE1_10x28
KEY_SHARE1_20x2c
KEY_SHARE1_30x30
KEY_SHARE1_40x34
KEY_SHARE1_50x38
KEY_SHARE1_60x3c
KEY_SHARE1_70x40

Fields

BitsTypeResetNameDescription
31:0wo0x0key_share1Initial Key Share 1

IV

Initialization Vector Registers.

The initialization vector (IV) or initial counter value must be written to these registers when starting a new message in CBC or CTR mode (see Control Register), respectively. In CBC and CTR modes, the AES unit does not start encryption/decryption with a partially updated IV. Each register has to be written at least once. The order in which the registers are written does not matter. If the AES unit is non-idle, writes to these registers are ignored. Whenever starting a new message, the corresponding IV value must be provided by the processor. Once started, the AES unit automatically updates the contents of these registers. In ECB mode, the IV registers are not used and do not need to be configured. Upon reset, these registers are cleared with pseudo-random data.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
IV_00x44
IV_10x48
IV_20x4c
IV_30x50

Fields

BitsTypeResetNameDescription
31:0rw0x0ivInitialization Vector

DATA_IN

Input Data Registers.

If MANUAL_OPERATION=0 (see Control Register), the AES unit automatically starts encryption/decryption after all Input Data registers have been written. Each register has to be written at least once. The order in which the registers are written does not matter. Loaded into the internal State register upon starting encryption/decryption of the next block. After that, the processor can update the Input Data registers (See INPUT_READY field of Status Register). Upon reset, these registers are cleared with pseudo-random data.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
DATA_IN_00x54
DATA_IN_10x58
DATA_IN_20x5c
DATA_IN_30x60

Fields

BitsTypeResetNameDescription
31:0wo0x0data_inInput Data

DATA_OUT

Output Data Register.

Holds the output data produced by the AES unit during the last encryption/decryption operation. If MANUAL_OPERATION=0 (see Control Register), the AES unit is stalled when the previous output data has not yet been read and is about to be overwritten. Each register has to be read at least once. The order in which the registers are read does not matter. Upon reset, these registers are cleared with pseudo-random data.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
DATA_OUT_00x64
DATA_OUT_10x68
DATA_OUT_20x6c
DATA_OUT_30x70

Fields

BitsTypeResetNameDescription
31:0ro0x0data_outOutput Data

CTRL_SHADOWED

Control Register.

Can only be updated when the AES unit is idle. If the AES unit is non-idle, writes to this register are ignored. This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence. Any write operation to this register will clear the status tracking required for automatic mode (See MANUAL_OPERATION field). A write to the Control Register is considered the start of a new message. Hence, software needs to provide new key, IV and input data afterwards.

  • Offset: 0x74
  • Reset default: 0x1181
  • Reset mask: 0xffff

Fields

BitsTypeResetName
31:16Reserved
15rw0x0MANUAL_OPERATION
14:12rw0x1PRNG_RESEED_RATE
11rw0x0SIDELOAD
10:8rw0x1KEY_LEN
7:2rw0x20MODE
1:0rw0x1OPERATION

CTRL_SHADOWED . MANUAL_OPERATION

Controls whether the AES unit is operated in normal/automatic mode (0) or fully manual mode (1). In automatic mode (0), the AES unit automatically i) starts to encrypt/decrypt when it receives new input data, and ii) stalls during the last encryption/decryption cycle if the previous output data has not yet been read. This is the most efficient mode to operate in. Note that the corresponding status tracking is automatically cleared upon a write to the Control Register. In manual mode (1), the AES unit i) only starts to encrypt/decrypt after receiving a start trigger (see Trigger Register), and ii) overwrites previous output data irrespective of whether it has been read out or not. This mode is useful if software needs full control over the AES unit.

CTRL_SHADOWED . PRNG_RESEED_RATE

3-bit one-hot field to control the reseeding rate of the internal pseudo-random number generator (PRNG) used for masking. Invalid input values, i.e., values with multiple bits set and value 3’b000 are mapped to the highest reseeding rate PER_1 (3’b001).

ValueNameDescription
0x1PER_13’b001: Reseed the masking PRNG once per block. Invalid input values, i.e., values with multiple bits set and value 3’b000 are mapped to PER_1 (3’b001). This results in a max entropy consumption rate of ~343 Mbit/s.
0x2PER_643’b010: Reseed the masking PRNG approximately once per every 64 blocks. This results in a max entropy consumption rate of ~5.4 Mbit/s.
0x4PER_8K3’b100: Reseed the masking PRNG approximately once per every 8192 blocks. This results in a max entropy consumption rate of ~0.042 Mbit/s.

Other values are reserved.

CTRL_SHADOWED . SIDELOAD

Controls whether the AES unit uses the key provided by the key manager via key sideload interface (1) or the key provided by software via Initial Key Registers KEY_SHARE1_0 - KEY_SHARE1_7 (0).

CTRL_SHADOWED . KEY_LEN

3-bit one-hot field to select AES key length. Invalid input values, i.e., values with multiple bits set, value 3’b000, and value 3’b010 in case 192-bit keys are not supported (because disabled at compile time) are mapped to AES_256 (3’b100).

ValueNameDescription
0x1AES_1283’b001: 128-bit key length.
0x2AES_1923’b010: 192-bit key length. In case support for 192-bit keys has been disabled at compile time, setting this value results in configuring AES_256 (3’b100).
0x4AES_2563’b100: 256-bit key length. Invalid input values, i.e., values with multiple bits set, value 3’b000, and value 3’b010 in case 192-bit keys are not supported (because disabled at compile time) are mapped to AES_256.

Other values are reserved.

CTRL_SHADOWED . MODE

6-bit one-hot field to select AES block cipher mode. Invalid input values, i.e., values with multiple bits set and value 6’b00_0000, are mapped to AES_NONE (6’b10_0000).

ValueNameDescription
0x01AES_ECB6’b00_0001: Electronic Codebook (ECB) mode.
0x02AES_CBC6’b00_0010: Cipher Block Chaining (CBC) mode.
0x04AES_CFB6’b00_0100: Cipher Feedback (CFB) mode.
0x08AES_OFB6’b00_1000: Output Feedback (OFB) mode.
0x10AES_CTR6’b01_0000: Counter (CTR) mode.
0x20AES_NONE6’b10_0000: Invalid input values, i.e., value with multiple bits set and value 6’b00_0000, are mapped to AES_NONE.

Other values are reserved.

CTRL_SHADOWED . OPERATION

2-bit one-hot field to select the operation of AES unit. Invalid input values, i.e., values with multiple bits set and value 2’b00, are mapped to AES_ENC (2’b01).

ValueNameDescription
0x1AES_ENC2’b01: Encryption. Invalid input values, i.e., 2’b00 and 2’b11, are mapped to AES_ENC.
0x2AES_DEC2’b10: Decryption.

Other values are reserved.

CTRL_AUX_SHADOWED

Auxiliary Control Register.

This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence.

  • Offset: 0x78
  • Reset default: 0x1
  • Reset mask: 0x3
  • Register enable: CTRL_AUX_REGWEN

Fields

BitsTypeResetName
31:2Reserved
1rw0x0FORCE_MASKS
0rw0x1KEY_TOUCH_FORCES_RESEED

CTRL_AUX_SHADOWED . FORCE_MASKS

Allow the internal masking PRNG to advance (0) or force its internal state (1) leading to constant masks. Setting all masks to constant value can be useful when performing SCA. To completely disable the masking, the second key share (KEY_SHARE1_0 - KEY_SHARE1_7) must be zero as well. In addition, a special seed needs to be loaded into the masking PRNG using the EDN interface. Only applicable if both the Masking parameter and the SecAllowForcingMasks parameter are set to one.

CTRL_AUX_SHADOWED . KEY_TOUCH_FORCES_RESEED

Controls whether providing a new key triggers the reseeding of internal pseudo-random number generators used for clearing and masking (1) or not (0).

CTRL_AUX_REGWEN

Lock bit for Auxiliary Control Register.

  • Offset: 0x7c
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1CTRL_AUX_REGWENAuxiliary Control Register configuration enable bit. If this is cleared to 0, the Auxiliary Control Register cannot be written anymore.

TRIGGER

Trigger Register.

Each bit is individually cleared to zero when executing the corresponding trigger. While executing any of the triggered operations, the AES unit will set the IDLE bit in the Status Register to zero. The processor must check the Status Register before triggering further actions. For example, writes to Initial Key and IV Registers are ignored while the AES unit is busy. Writes to the Input Data Registers are not ignored but the data will be cleared if a KEY_IV_DATA_IN_CLEAR operation is pending.

  • Offset: 0x80
  • Reset default: 0xe
  • Reset mask: 0xf

Fields

BitsTypeResetName
31:4Reserved
3wo0x1PRNG_RESEED
2wo0x1DATA_OUT_CLEAR
1wo0x1KEY_IV_DATA_IN_CLEAR
0wo0x0START

TRIGGER . PRNG_RESEED

Keep continuing with the current states of the internal pseudo-random number generators used for register clearing and masking (0) or perform a reseed of the internal states from the connected entropy source (1). If the KEY_TOUCH_FORCES_RESEED bit in the Auxiliary Control Register is set to one, this trigger will automatically get set after providing a new initial key.

TRIGGER . DATA_OUT_CLEAR

Keep current values in Output Data registers (0) or clear those registers with pseudo-random data (1).

TRIGGER . KEY_IV_DATA_IN_CLEAR

Keep current values in Initial Key, internal Full Key and Decryption Key registers, IV registers and Input Data registers (0) or clear all those registers with pseudo-random data (1).

TRIGGER . START

Keep AES unit paused (0) or trigger the encryption/decryption of one data block (1). This trigger is cleared to 0 if MANUAL_OPERATION=0 or if MODE=AES_NONE (see Control Register).

STATUS

Status Register

  • Offset: 0x84
  • Reset default: 0x0
  • Reset mask: 0x7f

Fields

BitsTypeResetName
31:7Reserved
6ro0x0ALERT_FATAL_FAULT
5ro0x0ALERT_RECOV_CTRL_UPDATE_ERR
4ro0x0INPUT_READY
3ro0x0OUTPUT_VALID
2ro0x0OUTPUT_LOST
1ro0x0STALL
0ro0x0IDLE

STATUS . ALERT_FATAL_FAULT

No fatal fault has occurred inside the AES unit (0). A fatal fault has occurred and the AES unit needs to be reset (1). Examples for fatal faults include i) storage errors in the Control Register, ii) if any internal FSM enters an invalid state, iii) if any sparsely encoded signal takes on an invalid value, iv) errors in the internal round counter, v) escalations triggered by the life cycle controller, and vi) fatal integrity failures on the TL-UL bus.

STATUS . ALERT_RECOV_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occurred (1) in the shadowed Control Register. AES operation needs to be restarted by re-writing the Control Register.

STATUS . INPUT_READY

The AES unit is ready (1) or not ready (0) to receive new data input via the DATA_IN registers. If the present values in the DATA_IN registers have not yet been loaded into the module this flag is 0 (not ready).

STATUS . OUTPUT_VALID

The AES unit has no valid output (0) or has valid output data (1).

STATUS . OUTPUT_LOST

All previous output data has been fully read by the processor (0) or at least one previous output data block has been lost (1). It has been overwritten by the AES unit before the processor could fully read it. Once set to 1, this flag remains set until AES operation is restarted by re-writing the Control Register. The primary use of this flag is for design verification. This flag is not meaningful if MANUAL_OPERATION=0 (see Control Register).

STATUS . STALL

The AES unit is not stalled (0) or stalled (1) because there is previous output data that must be read by the processor before the AES unit can overwrite this data. This flag is not meaningful if MANUAL_OPERATION=1 (see Control Register).

STATUS . IDLE

The AES unit is idle (1) or busy (0). This flag is 0 if one of the following operations is currently running: i) encryption/decryption, ii) register clearing or iii) PRNG reseeding. This flag is also 0 if an encryption/decryption is running but the AES unit is stalled.