| KEYMGR.BUS.INTEGRITY | End-to-end bus integrity scheme. |
| KEYMGR.CONFIG.SHADOW | Various critical registers are shadowed: including operation control, reseed interval, and key max version (creator, owner intermediate, owner). |
| KEYMGR.OP.CONFIG.REGWEN | Various controls locked during the duration of an operation: including operation start, operation control, sideload clear, salt and key version. |
| KEYMGR.RESEED.CONFIG.REGWEN | Reseed interval is software lockable. |
| KEYMGR.SW_BINDING.CONFIG.REGWEN | Software binding is lockable by software in each stage. When keymgr successfully advances, the lock is released to allow the next stage the freedom to program. |
| KEYMGR.MAX_KEY_VER.CONFIG.REGWEN | Max key version is software lockable. |
| KEYMGR.LC_CTRL.INTERSIG.MUBI | Life cycle control signal is multibit |
| KEYMGR.CONSTANTS.CONSISTENCY | Basic consistency checks (all 0’s or all 1’s) for keymgr diversification constants |
| KEYMGR.INTERSIG.CONSISTENCY | Basic consistency checks (all 0’s or all 1’s) for otp diversification inputs |
| KEYMGR.HW.KEY.SW_NOACCESS | Sideload keys are not directly accessible by software. |
| KEYMGR.OUTPUT_KEYS.CTRL.REDUN | Software and sideload keys are redundantly controlled. Each generate operation creates a valid and a data enable (software and sideload specific). In order for a key to be populated into the software register, both the software valid and the software data enable must be asserted. The same is true for sideload. This makes it more difficult for an attack to fault a sideload key into the software key slot. An attacker would need to fault both the software valid and the software data enable. During a sideload operation, if an attacker manages to fault the valid but not the data enable, the software key is populated with random data. If an atacker manages to fault the data enable but not the valid, then the software key retains its previous value. |
| KEYMGR.CTRL.FSM.SPARSE | Main control fsm is sparsely encoded. |
| KEYMGR.DATA.FSM.SPARSE | Control data fsm (for redundant data control) is sparsely encoded. |
| KEYMGR.CTRL.FSM.LOCAL_ESC | Main control fsm locally escalates based on any detected fault in keymgr. When a fault is detected (sync or async) the fsm transitions to invalid state to prevent further legal operations from executing. |
| KEYMGR.CTRL.FSM.CONSISTENCY | Main and operational fsm transitions are consistent with software commands. |
| KEYMGR.CTRL.FSM.GLOBAL_ESC | When the system globally escalates, the main control fsm also transitions to invalid state to prevent further legal operations from executing. |
| KEYMGR.CTRL.CTR.REDUN | Primary count is duplicated. |
| KEYMGR.KMAC_IF.FSM.SPARSE | kmac interface fsm is sparsely encoded. |
| KEYMGR.KMAC_IF.CTR.REDUN | Primary count uses cross count. |
| KEYMGR.KMAC_IF_CMD.CTRL.CONSISTENCY | One hot check for kmac interface commands. Also, command enable (adv_en, id_en, gen_en) is checked for consistency throughout the operation. |
| KEYMGR.KMAC_IF_DONE.CTRL.CONSISTENCY | Spurious kmac done check. |
| KEYMGR.RESEED.CTR.REDUN | Primary count is duplicated. |
| KEYMGR.SIDE_LOAD_SEL.CTRL.CONSISTENCY | Sideload key slot select is checked for consistency. When a key slot is valid when it should not be, an error is triggered. The reverse case is not checked, since an invalid key cannot be used anyways. |
| KEYMGR.SIDELOAD_CTRL.FSM.SPARSE | Sideload control fsm is sparsely encoded. |
| KEYMGR.CTRL.KEY.INTEGRITY | Internal secret key is protected with ECC. |