Hardware Interfaces and Registers

Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module keymgr has the following hardware interfaces defined.

Primary Clock: clk_i

Other Clocks: clk_edn_i

Bus Device Interfaces (TL-UL): tl

Bus Host Interfaces (TL-UL): none

Peripheral Pins for Chip IO: none

Inter-Module Signals: Reference

Inter-Module Signals
Port Name Package::Struct Type Act Width Description
edn edn_pkg::edn req_rsp req 1
aes_key keymgr_pkg::hw_key_req uni req 1
kmac_key keymgr_pkg::hw_key_req uni req 1
otbn_key keymgr_pkg::otbn_key_req uni req 1
kmac_data kmac_pkg::app req_rsp req 1
otp_key otp_ctrl_pkg::otp_keymgr_key uni rcv 1
otp_device_id otp_ctrl_pkg::otp_device_id uni rcv 1
flash flash_ctrl_pkg::keymgr_flash uni rcv 1
lc_keymgr_en lc_ctrl_pkg::lc_tx uni rcv 1
lc_keymgr_div lc_ctrl_pkg::lc_keymgr_div uni rcv 1
rom_digest rom_ctrl_pkg::keymgr_data uni rcv 1
kmac_en_masking logic uni rcv 1
tl tlul_pkg::tl req_rsp rsp 1

Interrupts:

Interrupt NameTypeDescription
op_doneEvent

Operation complete

Security Alerts:

Alert NameDescription
recov_operation_err

Alert for key manager operation errors. These errors could have been caused by software

fatal_fault_err

Alert for key manager faults. These errors cannot be caused by software

Security Countermeasures:

Countermeasure IDDescription
KEYMGR.BUS.INTEGRITY

End-to-end bus integrity scheme.

KEYMGR.CONFIG.SHADOW

Various critical registers are shadowed: including operation control, reseed interval, and key max version (creator, owner intermediate, owner).

KEYMGR.OP.CONFIG.REGWEN

Various controls locked during the duration of an operation: including operation start, operation control, sideload clear, salt and key version.

KEYMGR.RESEED.CONFIG.REGWEN

Reseed interval is software lockable.

KEYMGR.SW_BINDING.CONFIG.REGWEN

Software binding is lockable by software in each stage. When keymgr successfully advances, the lock is released to allow the next stage the freedom to program.

KEYMGR.MAX_KEY_VER.CONFIG.REGWEN

Max key version is software lockable.

KEYMGR.LC_CTRL.INTERSIG.MUBI

Life cycle control signal is multibit

KEYMGR.CONSTANTS.CONSISTENCY

Basic consistency checks (all 0's or all 1's) for keymgr diversification constants

KEYMGR.INTERSIG.CONSISTENCY

Basic consistency checks (all 0's or all 1's) for otp diversification inputs

KEYMGR.HW.KEY.SW_NOACCESS

Sideload keys are not directly accessible by software.

KEYMGR.OUTPUT_KEYS.CTRL.REDUN

Software and sideload keys are redundantly controlled. Each generate operation creates a valid and a data enable (software and sideload specific).

In order for a key to be populated into the software register, both the software valid and the software data enable must be asserted. The same is true for sideload.

This makes it more difficult for an attack to fault a sideload key into the software key slot. An attacker would need to fault both the software valid and the software data enable.

During a sideload operation, if an attacker manages to fault the valid but not the data enable, the software key is populated with random data. If an atacker manages to fault the data enable but not the valid, then the software key retains its previous value.

KEYMGR.CTRL.FSM.SPARSE

Main control fsm is sparsely encoded.

KEYMGR.DATA.FSM.SPARSE

Control data fsm (for redundant data control) is sparsely encoded.

KEYMGR.CTRL.FSM.LOCAL_ESC

Main control fsm locally escalates based on any detected fault in keymgr. When a fault is detected (sync or async) the fsm transitions to invalid state to prevent further legal operations from executing.

KEYMGR.CTRL.FSM.CONSISTENCY

Main and operational fsm transitions are consistent with software commands.

KEYMGR.CTRL.FSM.GLOBAL_ESC

When the system globally escalates, the main control fsm also transitions to invalid state to prevent further legal operations from executing.

KEYMGR.CTRL.CTR.REDUN

Primary count is duplicated.

KEYMGR.KMAC_IF.FSM.SPARSE

kmac interface fsm is sparsely encoded.

KEYMGR.KMAC_IF.CTR.REDUN

Primary count uses cross count.

KEYMGR.KMAC_IF_CMD.CTRL.CONSISTENCY

One hot check for kmac interface commands. Also, command enable (adv_en, id_en, gen_en) is checked for consistency throughout the operation.

KEYMGR.KMAC_IF_DONE.CTRL.CONSISTENCY

Spurious kmac done check.

KEYMGR.RESEED.CTR.REDUN

Primary count is duplicated.

KEYMGR.SIDE_LOAD_SEL.CTRL.CONSISTENCY

Sideload key slot select is checked for consistency. When a key slot is valid when it should not be, an error is triggered. The reverse case is not checked, since an invalid key cannot be used anyways.

KEYMGR.SIDELOAD_CTRL.FSM.SPARSE

Sideload control fsm is sparsely encoded.

KEYMGR.CTRL.KEY.INTEGRITY

Internal secret key is protected with ECC.

Registers

Summary
Name Offset Length Description
keymgr.INTR_STATE 0x0 4

Interrupt State Register

keymgr.INTR_ENABLE 0x4 4

Interrupt Enable Register

keymgr.INTR_TEST 0x8 4

Interrupt Test Register

keymgr.ALERT_TEST 0xc 4

Alert Test Register

keymgr.CFG_REGWEN 0x10 4

Key manager configuration enable

keymgr.START 0x14 4

Key manager operation start

keymgr.CONTROL_SHADOWED 0x18 4

Key manager operation controls

keymgr.SIDELOAD_CLEAR 0x1c 4

sideload key slots clear

keymgr.RESEED_INTERVAL_REGWEN 0x20 4

regwen for reseed interval

keymgr.RESEED_INTERVAL_SHADOWED 0x24 4

Reseed interval for key manager entropy reseed

keymgr.SW_BINDING_REGWEN 0x28 4

Register write enable for SOFTWARE_BINDING

keymgr.SEALING_SW_BINDING_0 0x2c 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_1 0x30 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_2 0x34 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_3 0x38 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_4 0x3c 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_5 0x40 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_6 0x44 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.SEALING_SW_BINDING_7 0x48 4

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_0 0x4c 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_1 0x50 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_2 0x54 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_3 0x58 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_4 0x5c 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_5 0x60 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_6 0x64 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.ATTEST_SW_BINDING_7 0x68 4

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

keymgr.Salt_0 0x6c 4

Salt value used as part of output generation

keymgr.Salt_1 0x70 4

Salt value used as part of output generation

keymgr.Salt_2 0x74 4

Salt value used as part of output generation

keymgr.Salt_3 0x78 4

Salt value used as part of output generation

keymgr.Salt_4 0x7c 4

Salt value used as part of output generation

keymgr.Salt_5 0x80 4

Salt value used as part of output generation

keymgr.Salt_6 0x84 4

Salt value used as part of output generation

keymgr.Salt_7 0x88 4

Salt value used as part of output generation

keymgr.KEY_VERSION 0x8c 4

Version used as part of output generation

keymgr.MAX_CREATOR_KEY_VER_REGWEN 0x90 4

Register write enable for MAX_CREATOR_KEY_VERSION

keymgr.MAX_CREATOR_KEY_VER_SHADOWED 0x94 4

Max creator key version

keymgr.MAX_OWNER_INT_KEY_VER_REGWEN 0x98 4

Register write enable for MAX_OWNER_INT_KEY_VERSION

keymgr.MAX_OWNER_INT_KEY_VER_SHADOWED 0x9c 4

Max owner intermediate key version

keymgr.MAX_OWNER_KEY_VER_REGWEN 0xa0 4

Register write enable for MAX_OWNER_KEY_VERSION

keymgr.MAX_OWNER_KEY_VER_SHADOWED 0xa4 4

Max owner key version

keymgr.SW_SHARE0_OUTPUT_0 0xa8 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_1 0xac 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_2 0xb0 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_3 0xb4 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_4 0xb8 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_5 0xbc 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_6 0xc0 4

Key manager software output.

keymgr.SW_SHARE0_OUTPUT_7 0xc4 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_0 0xc8 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_1 0xcc 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_2 0xd0 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_3 0xd4 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_4 0xd8 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_5 0xdc 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_6 0xe0 4

Key manager software output.

keymgr.SW_SHARE1_OUTPUT_7 0xe4 4

Key manager software output.

keymgr.WORKING_STATE 0xe8 4

Key manager working state.

keymgr.OP_STATUS 0xec 4

Key manager status.

keymgr.ERR_CODE 0xf0 4

Key manager error code. This register must be explicitly cleared by software.

keymgr.FAULT_STATUS 0xf4 4

This register represents both synchronous and asynchronous fatal faults.

keymgr.DEBUG 0xf8 4

The register holds some debug information that may be convenient if keymgr misbehaves.

keymgr.INTR_STATE @ 0x0

Interrupt State Register

Reset default = 0x0, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  op_done
BitsTypeResetNameDescription
0rw1c0x0op_done

Operation complete


keymgr.INTR_ENABLE @ 0x4

Interrupt Enable Register

Reset default = 0x0, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  op_done
BitsTypeResetNameDescription
0rw0x0op_done

Enable interrupt when INTR_STATE.op_done is set.


keymgr.INTR_TEST @ 0x8

Interrupt Test Register

Reset default = 0x0, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  op_done
BitsTypeResetNameDescription
0wo0x0op_done

Write 1 to force INTR_STATE.op_done to 1.


keymgr.ALERT_TEST @ 0xc

Alert Test Register

Reset default = 0x0, mask 0x3
31302928272625242322212019181716
 
1514131211109876543210
  fatal_fault_err recov_operation_err
BitsTypeResetNameDescription
0wo0x0recov_operation_err

Write 1 to trigger one alert event of this kind.

1wo0x0fatal_fault_err

Write 1 to trigger one alert event of this kind.


keymgr.CFG_REGWEN @ 0x10

Key manager configuration enable

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0ro0x1EN

key manager configuration enable. When key manager operation is started (see CONTROL), registers protected by this EN are no longer modifiable until the operation completes.


keymgr.START @ 0x14

Key manager operation start

Reset default = 0x0, mask 0x1
Register enable = CFG_REGWEN
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0rw0x0EN

Start key manager operations

0x1Valid state

To trigger a start, this value must be programmed. All other values are considered no operation start.

Other values are reserved.


keymgr.CONTROL_SHADOWED @ 0x18

Key manager operation controls

Reset default = 0x10, mask 0x30f0
Register enable = CFG_REGWEN
31302928272625242322212019181716
 
1514131211109876543210
  DEST_SEL   CDI_SEL OPERATION  
BitsTypeResetNameDescription
3:0Reserved
6:4rw0x1OPERATION

Key manager operation selection. All values not enumerated below behave the same as disable

0x0Advance

Advance key manager state.

Advances key manager to the next stage. If key manager is already at last functional state, the advance operation is equivalent to the disable operation.

0x1Generate ID

Generates an identity seed from the current state.

0x2Generate SW Output

Generates a key manager output that is visible to software from the current state.

0x3Generate HW Output

Generates a key manager output that is visible only to hardware crypto blocks.

0x4Disable

Disables key manager operation and moves it to the disabled state.

Note the disabled state is terminal and cannot be recovered without a reset.

Other values are reserved.

7rw0x0CDI_SEL

When the OPERATION field is programmed to generate output, this field selects the appropriate CDI to use.

This field should be programmed for both hw / sw generation.

0x0Sealing CDI

Sealing CDI is selected

0x1Attestation CDI

Attestation CDI is selected

11:8Reserved
13:12rw0x0DEST_SEL

When the OPERATION field is programmed to generate output, this field selects the appropriate crypto cipher target.

This field should be programmed for both hw / sw generation, as this helps diverisifies the output.

0x0None

No target selected

0x1AES

AES selected

0x2KMAC

KMAC selected

0x3OTBN

OTBN selected. Note for OTBN hardware operations, the generated output is 384-bits, while for all other operations (including OTBN software), it is 256-bits.

Generating a hardware 384-bit seed directly for OTBN sideload reduces some of the OTBN code burden for entropy expansion. When generating for software, this is not a concern.


keymgr.SIDELOAD_CLEAR @ 0x1c

sideload key slots clear

Reset default = 0x0, mask 0x7
Register enable = CFG_REGWEN
31302928272625242322212019181716
 
1514131211109876543210
  VAL
BitsTypeResetNameDescription
2:0rw0x0VAL

Depending on the value programmed, a different sideload key slot is cleared. If the value programmed is not one of the enumerated values below, ALL sideload key slots are continuously cleared. In order to stop continuous clearing, SW should toggle the clear bit again (i.e. disable continuous clearing).

0x0None

No sideload keys cleared.

0x1AES

The AES sideload key is continuously cleared with entropy.

0x2KMAC

The KMAC sideload key is continuously cleared with entropy.

0x3OTBN

The OTBN sideload key is continuously cleared with entropy.

Other values are reserved.


regwen for reseed interval

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0rw0c0x1EN

Configuration enable for reseed interval


Reseed interval for key manager entropy reseed

Reset default = 0x100, mask 0xffff
Register enable = RESEED_INTERVAL_REGWEN
31302928272625242322212019181716
 
1514131211109876543210
VAL
BitsTypeResetNameDescription
15:0rw0x100VAL

Number of key manager cycles before the entropy is reseeded


keymgr.SW_BINDING_REGWEN @ 0x28

Register write enable for SOFTWARE_BINDING

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0rw0c0x1EN

Software binding register write enable. This is locked by software and unlocked by hardware upon a successful advance call.

Software binding resets to 1, and its value cannot be altered by software until advancement to Init state.


keymgr.SEALING_SW_BINDING_0 @ 0x2c

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_0...
1514131211109876543210
...VAL_0
BitsTypeResetNameDescription
31:0rw0x0VAL_0

Software binding value


keymgr.SEALING_SW_BINDING_1 @ 0x30

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_1...
1514131211109876543210
...VAL_1
BitsTypeResetNameDescription
31:0rw0x0VAL_1

For KEYMGR1


keymgr.SEALING_SW_BINDING_2 @ 0x34

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_2...
1514131211109876543210
...VAL_2
BitsTypeResetNameDescription
31:0rw0x0VAL_2

For KEYMGR2


keymgr.SEALING_SW_BINDING_3 @ 0x38

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_3...
1514131211109876543210
...VAL_3
BitsTypeResetNameDescription
31:0rw0x0VAL_3

For KEYMGR3


keymgr.SEALING_SW_BINDING_4 @ 0x3c

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_4...
1514131211109876543210
...VAL_4
BitsTypeResetNameDescription
31:0rw0x0VAL_4

For KEYMGR4


keymgr.SEALING_SW_BINDING_5 @ 0x40

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_5...
1514131211109876543210
...VAL_5
BitsTypeResetNameDescription
31:0rw0x0VAL_5

For KEYMGR5


keymgr.SEALING_SW_BINDING_6 @ 0x44

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_6...
1514131211109876543210
...VAL_6
BitsTypeResetNameDescription
31:0rw0x0VAL_6

For KEYMGR6


keymgr.SEALING_SW_BINDING_7 @ 0x48

Software binding input to sealing portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_7...
1514131211109876543210
...VAL_7
BitsTypeResetNameDescription
31:0rw0x0VAL_7

For KEYMGR7


keymgr.ATTEST_SW_BINDING_0 @ 0x4c

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_0...
1514131211109876543210
...VAL_0
BitsTypeResetNameDescription
31:0rw0x0VAL_0

Software binding value


keymgr.ATTEST_SW_BINDING_1 @ 0x50

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_1...
1514131211109876543210
...VAL_1
BitsTypeResetNameDescription
31:0rw0x0VAL_1

For KEYMGR1


keymgr.ATTEST_SW_BINDING_2 @ 0x54

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_2...
1514131211109876543210
...VAL_2
BitsTypeResetNameDescription
31:0rw0x0VAL_2

For KEYMGR2


keymgr.ATTEST_SW_BINDING_3 @ 0x58

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_3...
1514131211109876543210
...VAL_3
BitsTypeResetNameDescription
31:0rw0x0VAL_3

For KEYMGR3


keymgr.ATTEST_SW_BINDING_4 @ 0x5c

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_4...
1514131211109876543210
...VAL_4
BitsTypeResetNameDescription
31:0rw0x0VAL_4

For KEYMGR4


keymgr.ATTEST_SW_BINDING_5 @ 0x60

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_5...
1514131211109876543210
...VAL_5
BitsTypeResetNameDescription
31:0rw0x0VAL_5

For KEYMGR5


keymgr.ATTEST_SW_BINDING_6 @ 0x64

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_6...
1514131211109876543210
...VAL_6
BitsTypeResetNameDescription
31:0rw0x0VAL_6

For KEYMGR6


keymgr.ATTEST_SW_BINDING_7 @ 0x68

Software binding input to the attestation portion of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

Reset default = 0x0, mask 0xffffffff
Register enable = SW_BINDING_REGWEN

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

31302928272625242322212019181716
VAL_7...
1514131211109876543210
...VAL_7
BitsTypeResetNameDescription
31:0rw0x0VAL_7

For KEYMGR7


keymgr.Salt_0 @ 0x6c

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_0...
1514131211109876543210
...VAL_0
BitsTypeResetNameDescription
31:0rw0x0VAL_0

Salt value


keymgr.Salt_1 @ 0x70

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_1...
1514131211109876543210
...VAL_1
BitsTypeResetNameDescription
31:0rw0x0VAL_1

For KEYMGR1


keymgr.Salt_2 @ 0x74

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_2...
1514131211109876543210
...VAL_2
BitsTypeResetNameDescription
31:0rw0x0VAL_2

For KEYMGR2


keymgr.Salt_3 @ 0x78

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_3...
1514131211109876543210
...VAL_3
BitsTypeResetNameDescription
31:0rw0x0VAL_3

For KEYMGR3


keymgr.Salt_4 @ 0x7c

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_4...
1514131211109876543210
...VAL_4
BitsTypeResetNameDescription
31:0rw0x0VAL_4

For KEYMGR4


keymgr.Salt_5 @ 0x80

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_5...
1514131211109876543210
...VAL_5
BitsTypeResetNameDescription
31:0rw0x0VAL_5

For KEYMGR5


keymgr.Salt_6 @ 0x84

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_6...
1514131211109876543210
...VAL_6
BitsTypeResetNameDescription
31:0rw0x0VAL_6

For KEYMGR6


keymgr.Salt_7 @ 0x88

Salt value used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_7...
1514131211109876543210
...VAL_7
BitsTypeResetNameDescription
31:0rw0x0VAL_7

For KEYMGR7


keymgr.KEY_VERSION @ 0x8c

Version used as part of output generation

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN
31302928272625242322212019181716
VAL_0...
1514131211109876543210
...VAL_0
BitsTypeResetNameDescription
31:0rw0x0VAL_0

Key version


Register write enable for MAX_CREATOR_KEY_VERSION

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0rw0c0x1EN

MAX_CREATOR_KEY_VERSION configure enable.


Max creator key version

Reset default = 0x0, mask 0xffffffff
Register enable = MAX_CREATOR_KEY_VER_REGWEN
31302928272625242322212019181716
VAL...
1514131211109876543210
...VAL
BitsTypeResetNameDescription
31:0rw0x0VAL

Max key version.

Any key version up to the value specificed in this register is valid.


Register write enable for MAX_OWNER_INT_KEY_VERSION

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0rw0c0x1EN

MAX_OWNER_INTERMEDIATE_KEY configure enable.


Max owner intermediate key version

Reset default = 0x1, mask 0xffffffff
Register enable = MAX_OWNER_INT_KEY_VER_REGWEN
31302928272625242322212019181716
VAL...
1514131211109876543210
...VAL
BitsTypeResetNameDescription
31:0rw0x1VAL

Max key version.

Any key version up to the value specificed in this register is valid.


Register write enable for MAX_OWNER_KEY_VERSION

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
0rw0c0x1EN

MAX_OWNER_KEY configure enable.


Max owner key version

Reset default = 0x0, mask 0xffffffff
Register enable = MAX_OWNER_KEY_VER_REGWEN
31302928272625242322212019181716
VAL...
1514131211109876543210
...VAL
BitsTypeResetNameDescription
31:0rw0x0VAL

Max key version.

Any key version up to the value specificed in this register is valid.


keymgr.SW_SHARE0_OUTPUT_0 @ 0xa8

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_0...
1514131211109876543210
...VAL_0
BitsTypeResetNameDescription
31:0rc0x0VAL_0

Software output value


keymgr.SW_SHARE0_OUTPUT_1 @ 0xac

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_1...
1514131211109876543210
...VAL_1
BitsTypeResetNameDescription
31:0rc0x0VAL_1

For KEYMGR1


keymgr.SW_SHARE0_OUTPUT_2 @ 0xb0

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_2...
1514131211109876543210
...VAL_2
BitsTypeResetNameDescription
31:0rc0x0VAL_2

For KEYMGR2


keymgr.SW_SHARE0_OUTPUT_3 @ 0xb4

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_3...
1514131211109876543210
...VAL_3
BitsTypeResetNameDescription
31:0rc0x0VAL_3

For KEYMGR3


keymgr.SW_SHARE0_OUTPUT_4 @ 0xb8

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_4...
1514131211109876543210
...VAL_4
BitsTypeResetNameDescription
31:0rc0x0VAL_4

For KEYMGR4


keymgr.SW_SHARE0_OUTPUT_5 @ 0xbc

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_5...
1514131211109876543210
...VAL_5
BitsTypeResetNameDescription
31:0rc0x0VAL_5

For KEYMGR5


keymgr.SW_SHARE0_OUTPUT_6 @ 0xc0

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_6...
1514131211109876543210
...VAL_6
BitsTypeResetNameDescription
31:0rc0x0VAL_6

For KEYMGR6


keymgr.SW_SHARE0_OUTPUT_7 @ 0xc4

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_7...
1514131211109876543210
...VAL_7
BitsTypeResetNameDescription
31:0rc0x0VAL_7

For KEYMGR7


keymgr.SW_SHARE1_OUTPUT_0 @ 0xc8

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_0...
1514131211109876543210
...VAL_0
BitsTypeResetNameDescription
31:0rc0x0VAL_0

Software output value


keymgr.SW_SHARE1_OUTPUT_1 @ 0xcc

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_1...
1514131211109876543210
...VAL_1
BitsTypeResetNameDescription
31:0rc0x0VAL_1

For KEYMGR1


keymgr.SW_SHARE1_OUTPUT_2 @ 0xd0

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_2...
1514131211109876543210
...VAL_2
BitsTypeResetNameDescription
31:0rc0x0VAL_2

For KEYMGR2


keymgr.SW_SHARE1_OUTPUT_3 @ 0xd4

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_3...
1514131211109876543210
...VAL_3
BitsTypeResetNameDescription
31:0rc0x0VAL_3

For KEYMGR3


keymgr.SW_SHARE1_OUTPUT_4 @ 0xd8

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_4...
1514131211109876543210
...VAL_4
BitsTypeResetNameDescription
31:0rc0x0VAL_4

For KEYMGR4


keymgr.SW_SHARE1_OUTPUT_5 @ 0xdc

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_5...
1514131211109876543210
...VAL_5
BitsTypeResetNameDescription
31:0rc0x0VAL_5

For KEYMGR5


keymgr.SW_SHARE1_OUTPUT_6 @ 0xe0

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_6...
1514131211109876543210
...VAL_6
BitsTypeResetNameDescription
31:0rc0x0VAL_6

For KEYMGR6


keymgr.SW_SHARE1_OUTPUT_7 @ 0xe4

Key manager software output.

Reset default = 0x0, mask 0xffffffff

When a software output operation is selected, the results of the operation are placed here.

31302928272625242322212019181716
VAL_7...
1514131211109876543210
...VAL_7
BitsTypeResetNameDescription
31:0rc0x0VAL_7

For KEYMGR7


keymgr.WORKING_STATE @ 0xe8

Key manager working state.

Reset default = 0x0, mask 0x7

This is a readout of the current key manager working state

31302928272625242322212019181716
 
1514131211109876543210
  STATE
BitsTypeResetNameDescription
2:0ro0x0STATE

Key manager control state

0x0Reset

Key manager control is still in reset. Please wait for initialization complete before issuing operations

0x1Init

Key manager control has finished initialization and will now accept software commands.

0x2Creator Root Key

Key manager control currently contains the creator root key.

0x3Owner Intermediate Key

Key manager control currently contains the owner intermediate key.

0x4Owner Key

Key manager control currently contains the owner key.

0x5Disabled

Key manager currently disabled. Please reset the key manager. Sideload keys are still valid.

0x6Invalid

Key manager currently invalid. Please reset the key manager. Sideload keys are no longer valid.

Other values are reserved.


keymgr.OP_STATUS @ 0xec

Key manager status.

Reset default = 0x0, mask 0x3

Hardware sets the status based on software initiated operations. This register must be explicitly cleared by software. Software clears by writing back whatever it reads.

31302928272625242322212019181716
 
1514131211109876543210
  STATUS
BitsTypeResetNameDescription
1:0rw1c0x0STATUS

Operation status.

0x0Idle

Key manager is idle

0x1WIP

Work in progress. A key manager operation has been started and is ongoing

0x2DONE_SUCCESS

Operation finished without errors

0x3DONE_ERROR

Operation finished with errors, please see ERR_CODE register.


keymgr.ERR_CODE @ 0xf0

Key manager error code. This register must be explicitly cleared by software.

Reset default = 0x0, mask 0x7

This register represents both synchronous and asynchronous recoverable errors.

Synchronous errors refer to those that only happen when a keymgr operation is invoked, while asynchronous refers to errors that can happen at any time.

31302928272625242322212019181716
 
1514131211109876543210
  INVALID_SHADOW_UPDATE INVALID_KMAC_INPUT INVALID_OP
BitsTypeResetNameDescription
0rw1c0x0INVALID_OP

Invalid operation issued to key manager, synchronous error

1rw1c0x0INVALID_KMAC_INPUT

Invalid data issued to kmac interface, synchronous error

2rw1c0x0INVALID_SHADOW_UPDATE

An error observed during shadow register updates, asynchronous error


keymgr.FAULT_STATUS @ 0xf4

This register represents both synchronous and asynchronous fatal faults.

Reset default = 0x0, mask 0x3fff

Synchronous faults refer to those that only happen when a keymgr operation is invoked, while asynchronous refers to faults that can happen at any time.

31302928272625242322212019181716
 
1514131211109876543210
  KEY_ECC SIDE_CTRL_SEL SIDE_CTRL_FSM RESEED_CNT CTRL_FSM_CNT CTRL_FSM_CHK CTRL_FSM_INTG SHADOW REGFILE_INTG KMAC_OUT KMAC_OP KMAC_DONE KMAC_FSM CMD
BitsTypeResetNameDescription
0ro0x0CMD

A non-onehot command was seen in kmac, asynchronous fault.

1ro0x0KMAC_FSM

The kmac transfer interface FSM is in an invalid state, asynchronous fault.

2ro0x0KMAC_DONE

The kmac transfer interface encountered an unexpected done, asynchronous fault.

3ro0x0KMAC_OP

KMAC reported an error during keymgr usage, this should never happen - synchronous fault.

4ro0x0KMAC_OUT

KMAC data returned as all 0's or all 1's - synchronous fault

5ro0x0REGFILE_INTG

Register file integrity error, asynchronous fault

6ro0x0SHADOW

Shadow copy storage error, asynchronous fault

7ro0x0CTRL_FSM_INTG

Control FSM integrity error, asynchronous fault

8ro0x0CTRL_FSM_CHK

Control FSM cross check error, asynchronous fault

9ro0x0CTRL_FSM_CNT

Control FSM counter integrity error, asynchronous fault

10ro0x0RESEED_CNT

Reseed counter integrity error, asynchronous fault

11ro0x0SIDE_CTRL_FSM

Sideload control FSM integrity error, asynchronous fault

12ro0x0SIDE_CTRL_SEL

Sideload control key select error, synchronous fault

13ro0x0KEY_ECC

Secret key ecc error, asynchronous fault


keymgr.DEBUG @ 0xf8

The register holds some debug information that may be convenient if keymgr misbehaves.

Reset default = 0x0, mask 0x7f
31302928272625242322212019181716
 
1514131211109876543210
  INVALID_DIGEST INVALID_KEY INVALID_KEY_VERSION INVALID_HEALTH_STATE INVALID_DEV_ID INVALID_OWNER_SEED INVALID_CREATOR_SEED
BitsTypeResetNameDescription
0rw0c0x0INVALID_CREATOR_SEED

Creator seed failed input checks during operation

1rw0c0x0INVALID_OWNER_SEED

Owner seed failed input checks during operation

2rw0c0x0INVALID_DEV_ID

Device ID failed input checks during operation

3rw0c0x0INVALID_HEALTH_STATE

Health state failed input checks during operation

4rw0c0x0INVALID_KEY_VERSION

Key version failed input checks during operation

5rw0c0x0INVALID_KEY

Key fed to kmac failed input checks during operation

6rw0c0x0INVALID_DIGEST

ROM digest failed input checks during operation