Referring to the Comportable guideline for peripheral device functionality, the module entropy_src has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: none
  • Bus Device Interfaces (TL-UL): tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
cs_aes_haltentropy_src_pkg::cs_aes_haltreq_rspreq1Coordinate activity between CSRNG’s AES and Entropy Source’s SHA3. The idea is that Entropy Source requests CSRNG’s AES to halt and waits for CSRNG to acknowledge before it starts its SHA3. While SHA3 runs, Entropy Source keeps the request high. CSRNG may not drop the acknowledge before Entropy Source drops the request. Current limitations: 1. During startup and in Firmware Override - Extract & Insert mode, Entropy Source makes no AES Halt requests but still activates its SHA3 engine. 2. Outside Firmware Override - Extract & Insert mode, Entropy Source may activate its SHA3 engine without requesting AES Halt, but no more than for 24 Keccak rounds (24 clock cycles) every 512 clock cycles.


Interrupt NameTypeDescription
es_entropy_validEventAsserted when entropy source bits are available.
es_health_test_failedEventAsserted when the alert count has been met.
es_observe_fifo_readyEventAsserted when the observe FIFO has filled to the threshold level.
es_fatal_errEventAsserted when a FIFO error occurs, or if an illegal state machine state is reached.

Security Alerts

Alert NameDescription
recov_alertThis alert is triggered upon the alert health test threshold criteria not met.
fatal_alertThis alert triggers for any condition detected in the ERR_CODE register, which includes FIFO errors, COUNTER errors, FSM state errors, and also when integrity failures are detected on the TL-UL bus.

Security Countermeasures

Countermeasure IDDescription
ENTROPY_SRC.CONFIG.REGWENRegisters are protected from writes.
ENTROPY_SRC.CONFIG.MUBIRegisters have multi-bit encoded fields.
ENTROPY_SRC.CONFIG.REDUNThreshold register has an inverted copy to compare against.
ENTROPY_SRC.INTERSIG.MUBIOTP signal used to enable software access to registers.
ENTROPY_SRC.MAIN_SM.FSM.SPARSEThe ENTROPY_SRC main state machine uses a sparse state encoding.
ENTROPY_SRC.ACK_SM.FSM.SPARSEThe ENTROPY_SRC ack state machine uses a sparse state encoding.
ENTROPY_SRC.RNG.BKGN_CHKRandom number generator is protected with continuous background health checks.
ENTROPY_SRC.CTR.REDUNCounter hardening for all health test counters.
ENTROPY_SRC.CTR.LOCAL_ESCRedundant counter failures will cause a local escalation to the main state machine.
ENTROPY_SRC.ESFINAL_RDATA.BUS.CONSISTENCYComparison on successive bus values for the post-conditioned entropy seed bus.
ENTROPY_SRC.TILE_LINK.BUS.INTEGRITYTilelink end-to-end bus integrity scheme.