Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module entropy_src has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: none
  • Bus Device Interfaces (TL-UL): tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
entropy_src_hw_ifentropy_src_pkg::entropy_src_hw_ifreq_rsprsp1
cs_aes_haltentropy_src_pkg::cs_aes_haltreq_rspreq1Coordinate activity between CSRNG’s AES and Entropy Source’s SHA3. The idea is that Entropy Source requests CSRNG’s AES to halt and waits for CSRNG to acknowledge before it starts its SHA3. While SHA3 runs, Entropy Source keeps the request high. CSRNG may not drop the acknowledge before Entropy Source drops the request.
entropy_src_rngentropy_src_pkg::entropy_src_rngreq_rspreq1
entropy_src_xhtentropy_src_pkg::entropy_src_xhtreq_rspreq1
otp_en_entropy_src_fw_readprim_mubi_pkg::mubi8unircv1
otp_en_entropy_src_fw_overprim_mubi_pkg::mubi8unircv1
rng_fipslogicunireq1
tltlul_pkg::tlreq_rsprsp1

Interrupts

Interrupt NameTypeDescription
es_entropy_validEventAsserted when entropy source bits are available for firmware for consumption via ENTROPY_DATA register.
es_health_test_failedEventAsserted whenever the main state machine is in the alert state, e.g., due to health tests failing and reaching the threshold value configured in ALERT_THRESHOLD.
es_observe_fifo_readyEventAsserted when the observe FIFO has filled to the configured threshold level (see OBSERVE_FIFO_THRESH).
es_fatal_errEventAsserted when an fatal error condition is met, e.g., upon FIFO errors, or if an illegal state machine state is reached.

Security Alerts

Alert NameDescription
recov_alertThis alert is triggered upon the alert health test threshold criteria not met.
fatal_alertThis alert triggers for any condition detected in the ERR_CODE register, which includes FIFO errors, COUNTER errors, FSM state errors, and also when integrity failures are detected on the TL-UL bus.

Security Countermeasures

Countermeasure IDDescription
ENTROPY_SRC.CONFIG.REGWENRegisters are protected from writes.
ENTROPY_SRC.CONFIG.MUBIRegisters have multi-bit encoded fields.
ENTROPY_SRC.CONFIG.REDUNThreshold register has an inverted copy to compare against.
ENTROPY_SRC.INTERSIG.MUBIOTP signal used to enable software access to registers.
ENTROPY_SRC.MAIN_SM.FSM.SPARSEThe ENTROPY_SRC main state machine uses a sparse state encoding.
ENTROPY_SRC.ACK_SM.FSM.SPARSEThe ENTROPY_SRC ack state machine uses a sparse state encoding.
ENTROPY_SRC.RNG.BKGN_CHKRandom number generator is protected with continuous background health checks.
ENTROPY_SRC.FIFO.CTR.REDUNThe FIFO pointers of several FIFOs are implemented with duplicate counters.
ENTROPY_SRC.CTR.REDUNCounter hardening for all health test counters.
ENTROPY_SRC.CTR.LOCAL_ESCRedundant counter failures will cause a local escalation to the main state machine.
ENTROPY_SRC.ESFINAL_RDATA.BUS.CONSISTENCYComparison on successive bus values for the post-conditioned entropy seed bus.
ENTROPY_SRC.TILE_LINK.BUS.INTEGRITYTilelink end-to-end bus integrity scheme.