Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module entropy_src has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: none
  • Bus Device Interfaces (TL-UL): tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
entropy_src_hw_ifentropy_src_pkg::entropy_src_hw_ifreq_rsprsp1
cs_aes_haltentropy_src_pkg::cs_aes_haltreq_rspreq1Coordinate activity between CSRNG’s AES and Entropy Source’s SHA3. The idea is that Entropy Source requests CSRNG’s AES to halt and waits for CSRNG to acknowledge before it starts its SHA3. While SHA3 runs, Entropy Source keeps the request high. CSRNG may not drop the acknowledge before Entropy Source drops the request.
entropy_src_rng_enablelogicunireq1Signal through which entropy_src enables the noise source. entropy_src will keep this signal high as long as it expects the noise source to operate. This is not a flow control signal through which entropy_src would exert backpressure on the noise source; rather this signal stays high while entropy_src is enabled.
entropy_src_rng_validlogicunircv1Acknowledgement signal from the noise source. When ‘1’, it indicates that the entropy_src_rng_bit data is valid and ready to be consumed.
entropy_src_rng_bitslogicunircvRngBusWidthOutput data bus carrying the raw entropy bits from the noise source. These bits are valid when entropy_src_rng_valid is asserted. The width is determined by RngBusWidth parametrization.
entropy_src_xht_validlogicunireq1Valid signal for the external health test interface. When asserted, it indicates that entropy_src_xht_bits, entropy_src_xht_bit_sel, and entropy_src_xht_meta are valid for consumption by the external health test.
entropy_src_xht_bitslogicunireqRngBusWidthCarries the raw entropy data from the entropy source to be consumed by the external health test module. The data on this bus is valid when entropy_src_xht_valid is asserted. The width is determined by RngBusWidth parametrization.
entropy_src_xht_bit_sellogicunireqRngBusBitSelWidthProvides bit selection information for the raw entropy data. It specifies which specific bit or subset of bits from entropy_src_xht_bit should be used. The width is determined by RngBusBitSelWidth parametrization.
entropy_src_xht_health_test_windowlogicunireqHealthTestWindowWidthProvides the window size of the health in bits.
entropy_src_xht_metaentropy_src_pkg::entropy_src_xht_metareq_rspreq1
otp_en_entropy_src_fw_readprim_mubi_pkg::mubi8unircv1
otp_en_entropy_src_fw_overprim_mubi_pkg::mubi8unircv1
rng_fipslogicunireq1
tltlul_pkg::tlreq_rsprsp1

Interrupts

Interrupt NameTypeDescription
es_entropy_validEventAsserted when entropy source bits are available for firmware for consumption via ENTROPY_DATA register.
es_health_test_failedEventAsserted whenever the main state machine is in the alert state, e.g., due to health tests failing and reaching the threshold value configured in ALERT_THRESHOLD.
es_observe_fifo_readyEventAsserted when the observe FIFO has filled to the configured threshold level (see OBSERVE_FIFO_THRESH).
es_fatal_errEventAsserted when an fatal error condition is met, e.g., upon FIFO errors, or if an illegal state machine state is reached.

Security Alerts

Alert NameDescription
recov_alertThis alert is triggered upon the alert health test threshold criteria not met.
fatal_alertThis alert triggers for any condition detected in the ERR_CODE register, which includes FIFO errors, COUNTER errors, FSM state errors, and also when integrity failures are detected on the TL-UL bus.

Security Countermeasures

Countermeasure IDDescription
ENTROPY_SRC.CONFIG.REGWENRegisters are protected from writes.
ENTROPY_SRC.CONFIG.MUBIRegisters have multi-bit encoded fields.
ENTROPY_SRC.CONFIG.REDUNThreshold register has an inverted copy to compare against.
ENTROPY_SRC.INTERSIG.MUBIOTP signal used to enable software access to registers.
ENTROPY_SRC.MAIN_SM.FSM.SPARSEThe ENTROPY_SRC main state machine uses a sparse state encoding.
ENTROPY_SRC.ACK_SM.FSM.SPARSEThe ENTROPY_SRC ack state machine uses a sparse state encoding.
ENTROPY_SRC.RNG.BKGN_CHKRandom number generator is protected with continuous background health checks.
ENTROPY_SRC.FIFO.CTR.REDUNThe FIFO pointers of several FIFOs are implemented with duplicate counters.
ENTROPY_SRC.CTR.REDUNCounter hardening for all health test counters.
ENTROPY_SRC.CTR.LOCAL_ESCRedundant counter failures will cause a local escalation to the main state machine.
ENTROPY_SRC.ESFINAL_RDATA.BUS.CONSISTENCYComparison on successive bus values for the post-conditioned entropy seed bus.
ENTROPY_SRC.TILE_LINK.BUS.INTEGRITYTilelink end-to-end bus integrity scheme.