Hardware Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module keymgr_dpe has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: clk_edn_i
  • Bus Device Interfaces (TL-UL): tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
ednedn_pkg::ednreq_rspreq1
aes_keykeymgr_pkg::hw_key_requnireq1
kmac_keykeymgr_pkg::hw_key_requnireq1
otbn_keykeymgr_pkg::otbn_key_requnireq1
kmac_datakmac_pkg::appreq_rspreq1
otp_keyotp_ctrl_pkg::otp_keymgr_keyunircv1
otp_device_idotp_ctrl_pkg::otp_device_idunircv1
flashflash_ctrl_pkg::keymgr_flashunircv1
lc_keymgr_enlc_ctrl_pkg::lc_txunircv1
lc_keymgr_divlc_ctrl_pkg::lc_keymgr_divunircv1
rom_digestrom_ctrl_pkg::keymgr_dataunircv2
kmac_en_maskinglogicunircv1
tltlul_pkg::tlreq_rsprsp1

Interrupts

Interrupt NameTypeDescription
op_doneEventOperation complete

Security Alerts

Alert NameDescription
recov_operation_errAlert for key manager operation errors. These errors could have been caused by software
fatal_fault_errAlert for key manager faults. These errors cannot be caused by software

Security Countermeasures

Countermeasure IDDescription
KEYMGR_DPE.BUS.INTEGRITYEnd-to-end bus integrity scheme.
KEYMGR_DPE.CONFIG.SHADOWVarious critical registers are shadowed: including operation control, reseed interval, and key max version (creator, owner intermediate, owner).
KEYMGR_DPE.OP.CONFIG.REGWENVarious controls locked during the duration of an operation: including operation start, operation control, sideload clear, salt and key version.
KEYMGR_DPE.RESEED.CONFIG.REGWENReseed interval is software lockable.
KEYMGR_DPE.SW_BINDING.CONFIG.REGWENSoftware binding is lockable by software in each stage. When keymgr successfully advances, the lock is released to allow the next stage the freedom to program.
KEYMGR_DPE.MAX_KEY_VER.CONFIG.REGWENMax key version is software lockable.
KEYMGR_DPE.LC_CTRL.INTERSIG.MUBILife cycle control signal is multibit
KEYMGR_DPE.CONSTANTS.CONSISTENCYBasic consistency checks (all 0’s or all 1’s) for keymgr diversification constants
KEYMGR_DPE.INTERSIG.CONSISTENCYBasic consistency checks (all 0’s or all 1’s) for otp diversification inputs
KEYMGR_DPE.HW.KEY.SW_NOACCESSSideload keys are not directly accessible by software.
KEYMGR_DPE.OUTPUT_KEYS.CTRL.REDUNSoftware and sideload keys are redundantly controlled. Each generate operation creates a valid and a data enable (software and sideload specific). In order for a key to be populated into the software register, both the software valid and the software data enable must be asserted. The same is true for sideload. This makes it more difficult for an attack to fault a sideload key into the software key slot. An attacker would need to fault both the software valid and the software data enable. During a sideload operation, if an attacker manages to fault the valid but not the data enable, the software key is populated with random data. If an atacker manages to fault the data enable but not the valid, then the software key retains its previous value.
KEYMGR_DPE.CTRL.FSM.SPARSEMain control fsm is sparsely encoded.
KEYMGR_DPE.DATA.FSM.SPARSEControl data fsm (for redundant data control) is sparsely encoded.
KEYMGR_DPE.CTRL.FSM.LOCAL_ESCMain control fsm locally escalates based on any detected fault in keymgr. When a fault is detected (sync or async) the fsm transitions to invalid state to prevent further legal operations from executing.
KEYMGR_DPE.CTRL.FSM.CONSISTENCYMain and operational fsm transitions are consistent with software commands.
KEYMGR_DPE.CTRL.FSM.GLOBAL_ESCWhen the system globally escalates, the main control fsm also transitions to invalid state to prevent further legal operations from executing.
KEYMGR_DPE.CTRL.CTR.REDUNPrimary count is duplicated.
KEYMGR_DPE.KMAC_IF.FSM.SPARSEkmac interface fsm is sparsely encoded.
KEYMGR_DPE.KMAC_IF.CTR.REDUNPrimary count uses cross count.
KEYMGR_DPE.KMAC_IF_CMD.CTRL.CONSISTENCYOne hot check for kmac interface commands. Also, command enable (adv_en, id_en, gen_en) is checked for consistency throughout the operation.
KEYMGR_DPE.KMAC_IF_DONE.CTRL.CONSISTENCYSpurious kmac done check.
KEYMGR_DPE.RESEED.CTR.REDUNPrimary count is duplicated.
KEYMGR_DPE.SIDE_LOAD_SEL.CTRL.CONSISTENCYSideload key slot select is checked for consistency. When a key slot is valid when it should not be, an error is triggered. The reverse case is not checked, since an invalid key cannot be used anyways.
KEYMGR_DPE.SIDELOAD_CTRL.FSM.SPARSESideload control fsm is sparsely encoded.
KEYMGR_DPE.CTRL.KEY.INTEGRITYInternal secret key is protected with ECC.

Registers

Summary

NameOffsetLengthDescription
keymgr_dpe.INTR_STATE0x04Interrupt State Register
keymgr_dpe.INTR_ENABLE0x44Interrupt Enable Register
keymgr_dpe.INTR_TEST0x84Interrupt Test Register
keymgr_dpe.ALERT_TEST0xc4Alert Test Register
keymgr_dpe.CFG_REGWEN0x104Key manager configuration enable
keymgr_dpe.START0x144Key manager operation start
keymgr_dpe.CONTROL_SHADOWED0x184Key manager operation controls
keymgr_dpe.SIDELOAD_CLEAR0x1c4sideload key slots clear
keymgr_dpe.RESEED_INTERVAL_REGWEN0x204regwen for reseed interval
keymgr_dpe.RESEED_INTERVAL_SHADOWED0x244Reseed interval for key manager entropy reseed
keymgr_dpe.SLOT_POLICY_REGWEN0x284Register write enable for SLOT_POLICY
keymgr_dpe.SLOT_POLICY0x2c4Policy bits for the child DPE context
keymgr_dpe.SW_BINDING_REGWEN0x304Register write enable for SOFTWARE_BINDING
keymgr_dpe.SW_BINDING_00x344Software binding input of the key manager.
keymgr_dpe.SW_BINDING_10x384Software binding input of the key manager.
keymgr_dpe.SW_BINDING_20x3c4Software binding input of the key manager.
keymgr_dpe.SW_BINDING_30x404Software binding input of the key manager.
keymgr_dpe.SW_BINDING_40x444Software binding input of the key manager.
keymgr_dpe.SW_BINDING_50x484Software binding input of the key manager.
keymgr_dpe.SW_BINDING_60x4c4Software binding input of the key manager.
keymgr_dpe.SW_BINDING_70x504Software binding input of the key manager.
keymgr_dpe.SALT_00x544Salt value used as part of output generation
keymgr_dpe.SALT_10x584Salt value used as part of output generation
keymgr_dpe.SALT_20x5c4Salt value used as part of output generation
keymgr_dpe.SALT_30x604Salt value used as part of output generation
keymgr_dpe.SALT_40x644Salt value used as part of output generation
keymgr_dpe.SALT_50x684Salt value used as part of output generation
keymgr_dpe.SALT_60x6c4Salt value used as part of output generation
keymgr_dpe.SALT_70x704Salt value used as part of output generation
keymgr_dpe.KEY_VERSION0x744Version used as part of output generation
keymgr_dpe.MAX_KEY_VER_REGWEN0x784Register write enable for MAX_KEY_VERSION
keymgr_dpe.MAX_KEY_VER_SHADOWED0x7c4Max key version
keymgr_dpe.SW_SHARE0_OUTPUT_00x804Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_10x844Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_20x884Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_30x8c4Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_40x904Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_50x944Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_60x984Key manager software output.
keymgr_dpe.SW_SHARE0_OUTPUT_70x9c4Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_00xa04Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_10xa44Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_20xa84Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_30xac4Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_40xb04Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_50xb44Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_60xb84Key manager software output.
keymgr_dpe.SW_SHARE1_OUTPUT_70xbc4Key manager software output.
keymgr_dpe.WORKING_STATE0xc04Key manager working state.
keymgr_dpe.OP_STATUS0xc44Key manager status.
keymgr_dpe.ERR_CODE0xc84Key manager error code.
keymgr_dpe.FAULT_STATUS0xcc4This register represents both synchronous and asynchronous fatal faults.
keymgr_dpe.DEBUG0xd04The register holds some debug information that may be convenient if keymgr

INTR_STATE

Interrupt State Register

  • Offset: 0x0
  • Reset default: 0x0
  • Reset mask: 0x1

Fields

{"reg": [{"name": "op_done", "bits": 1, "attr": ["rw1c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 90}}
BitsTypeResetNameDescription
31:1Reserved
0rw1c0x0op_doneOperation complete

INTR_ENABLE

Interrupt Enable Register

  • Offset: 0x4
  • Reset default: 0x0
  • Reset mask: 0x1

Fields

{"reg": [{"name": "op_done", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 90}}
BitsTypeResetNameDescription
31:1Reserved
0rw0x0op_doneEnable interrupt when INTR_STATE.op_done is set.

INTR_TEST

Interrupt Test Register

  • Offset: 0x8
  • Reset default: 0x0
  • Reset mask: 0x1

Fields

{"reg": [{"name": "op_done", "bits": 1, "attr": ["wo"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 90}}
BitsTypeResetNameDescription
31:1Reserved
0wo0x0op_doneWrite 1 to force INTR_STATE.op_done to 1.

ALERT_TEST

Alert Test Register

  • Offset: 0xc
  • Reset default: 0x0
  • Reset mask: 0x3

Fields

{"reg": [{"name": "recov_operation_err", "bits": 1, "attr": ["wo"], "rotate": -90}, {"name": "fatal_fault_err", "bits": 1, "attr": ["wo"], "rotate": -90}, {"bits": 30}], "config": {"lanes": 1, "fontsize": 10, "vspace": 210}}
BitsTypeResetNameDescription
31:2Reserved
1wo0x0fatal_fault_errWrite 1 to trigger one alert event of this kind.
0wo0x0recov_operation_errWrite 1 to trigger one alert event of this kind.

CFG_REGWEN

Key manager configuration enable

  • Offset: 0x10
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

{"reg": [{"name": "EN", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:1Reserved
0ro0x1ENkey manager configuration enable. When key manager operation is started (see CONTROL), registers protected by this EN are no longer modifiable until the operation completes.

START

Key manager operation start

  • Offset: 0x14
  • Reset default: 0x0
  • Reset mask: 0x1
  • Register enable: CFG_REGWEN

Fields

{"reg": [{"name": "EN", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetName
31:1Reserved
0rw0x0EN

START . EN

Start key manager operations

ValueNameDescription
0x1Valid stateTo trigger a start, this value must be programmed. All other values are considered no operation start.

Other values are reserved.

CONTROL_SHADOWED

Key manager operation controls

  • Offset: 0x18
  • Reset default: 0x10
  • Reset mask: 0xcf070
  • Register enable: CFG_REGWEN

Fields

{"reg": [{"bits": 4}, {"name": "OPERATION", "bits": 3, "attr": ["rw"], "rotate": -90}, {"bits": 5}, {"name": "DEST_SEL", "bits": 2, "attr": ["rw"], "rotate": -90}, {"name": "SLOT_SRC_SEL", "bits": 2, "attr": ["rw"], "rotate": -90}, {"bits": 2}, {"name": "SLOT_DST_SEL", "bits": 2, "attr": ["rw"], "rotate": -90}, {"bits": 12}], "config": {"lanes": 1, "fontsize": 10, "vspace": 140}}
BitsTypeResetName
31:20Reserved
19:18rw0x0SLOT_DST_SEL
17:16Reserved
15:14rw0x0SLOT_SRC_SEL
13:12rw0x0DEST_SEL
11:7Reserved
6:4rw0x1OPERATION
3:0Reserved

CONTROL_SHADOWED . SLOT_DST_SEL

The destination key slot to be used for the advance and erase operations.

CONTROL_SHADOWED . SLOT_SRC_SEL

The source key slot to be used for the invoked operation.

CONTROL_SHADOWED . DEST_SEL

When the OPERATION field is programmed to generate output, this field selects the target cryptograhic use of the key.

This field should be programmed for both HW / SW generation, as this helps diverisify the output.

ValueNameDescription
0x0NoneNo target selected
0x1AESAES selected
0x2KMACKMAC selected
0x3OTBNOTBN selected. Note for OTBN hardware operations, the generated output is 384-bits, while for all other operations (including OTBN software), it is 256-bits. Generating a hardware 384-bit seed directly for OTBN sideload reduces some of the OTBN code burden for entropy expansion. When generating for software, this is not a concern.

CONTROL_SHADOWED . OPERATION

Key manager DPE operation selection

ValueNameDescription
0x0AdvanceAdvances a key manager DPE slot.
0x1Erase SlotErases the secrets and resets the valid bit of the destination slot.
0x2Generate SW OutputGenerates a key manager output that is visible to software from the current state.
0x3Generate HW OutputGenerates a cryptographic key that is visible only to hardware crypto blocks.
0x4DisableMoves key manager DPE to disabled state.

Other values are reserved.

SIDELOAD_CLEAR

sideload key slots clear

  • Offset: 0x1c
  • Reset default: 0x0
  • Reset mask: 0x7
  • Register enable: CFG_REGWEN

Fields

{"reg": [{"name": "VAL", "bits": 3, "attr": ["rw"], "rotate": 0}, {"bits": 29}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetName
31:3Reserved
2:0rw0x0VAL

SIDELOAD_CLEAR . VAL

Depending on the value programmed, a different sideload key slot is cleared. If the value programmed is not one of the enumerated values below, ALL sideload key slots are continuously cleared. In order to stop continuous clearing, SW should toggle the clear bit again (i.e. disable continuous clearing).

ValueNameDescription
0x0NoneNo sideload keys cleared.
0x1AESThe AES sideload key is continuously cleared with entropy.
0x2KMACThe KMAC sideload key is continuously cleared with entropy.
0x3OTBNThe OTBN sideload key is continuously cleared with entropy.

Other values are reserved.

RESEED_INTERVAL_REGWEN

regwen for reseed interval

  • Offset: 0x20
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

{"reg": [{"name": "EN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1ENConfiguration enable for reseed interval

RESEED_INTERVAL_SHADOWED

Reseed interval for key manager entropy reseed

Fields

{"reg": [{"name": "VAL", "bits": 16, "attr": ["rw"], "rotate": 0}, {"bits": 16}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:16Reserved
15:0rw0x100VALNumber of internal PRNG updates before a reseed is requested.

SLOT_POLICY_REGWEN

Register write enable for SLOT_POLICY

  • Offset: 0x28
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

{"reg": [{"name": "EN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1ENLocks SLOT_POLICY register. After a successful advance operation, this register is unlocked again.

SLOT_POLICY

Policy bits for the child DPE context

Fields

{"reg": [{"name": "ALLOW_CHILD", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "EXPORTABLE", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "RETAIN_PARENT", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 29}], "config": {"lanes": 1, "fontsize": 10, "vspace": 150}}
BitsTypeResetNameDescription
31:3Reserved
2rw0x0RETAIN_PARENTSet whether further advance operations force erasure of the slot.
1rw0x0EXPORTABLESet whether the key for the target slot is exportable.
0rw0x0ALLOW_CHILDSet whether this context allows derivation of further children.

SW_BINDING_REGWEN

Register write enable for SOFTWARE_BINDING

  • Offset: 0x30
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

{"reg": [{"name": "EN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1ENSoftware binding register write enable. This is locked by software and unlocked by hardware upon a successful advance call. Software binding resets to 1, and its value cannot be altered by software until advancement to Init state.

SW_BINDING

Software binding input of the key manager. This register is lockable and shared between key manager stages. This binding value is not considered secret, however its integrity is very important.

The software binding is locked by software and unlocked by hardware upon a successful advance operation.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
SW_BINDING_00x34
SW_BINDING_10x38
SW_BINDING_20x3c
SW_BINDING_30x40
SW_BINDING_40x44
SW_BINDING_50x48
SW_BINDING_60x4c
SW_BINDING_70x50

Fields

{"reg": [{"name": "VAL", "bits": 32, "attr": ["rw"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:0rw0x0VALSoftware binding value

SALT

Salt value used as part of output generation

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
SALT_00x54
SALT_10x58
SALT_20x5c
SALT_30x60
SALT_40x64
SALT_50x68
SALT_60x6c
SALT_70x70

Fields

{"reg": [{"name": "VAL", "bits": 32, "attr": ["rw"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:0rw0x0VALSalt value

KEY_VERSION

Version used as part of output generation

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
KEY_VERSION0x74

Fields

{"reg": [{"name": "VAL", "bits": 32, "attr": ["rw"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:0rw0x0VALKey version

MAX_KEY_VER_REGWEN

Register write enable for MAX_KEY_VERSION

  • Offset: 0x78
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

{"reg": [{"name": "EN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1ENMAX_KEY_VERSION configure enable.

MAX_KEY_VER_SHADOWED

Max key version

  • Offset: 0x7c
  • Reset default: 0x0
  • Reset mask: 0xffffffff
  • Register enable: MAX_KEY_VER_REGWEN

Fields

{"reg": [{"name": "VAL", "bits": 32, "attr": ["rw"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:0rw0x0VALMax key version. Any key version up to the value specificed in this register is valid.

SW_SHARE0_OUTPUT

Key manager software output.

When a software output operation is selected, the results of the operation are placed here.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
SW_SHARE0_OUTPUT_00x80
SW_SHARE0_OUTPUT_10x84
SW_SHARE0_OUTPUT_20x88
SW_SHARE0_OUTPUT_30x8c
SW_SHARE0_OUTPUT_40x90
SW_SHARE0_OUTPUT_50x94
SW_SHARE0_OUTPUT_60x98
SW_SHARE0_OUTPUT_70x9c

Fields

{"reg": [{"name": "VAL", "bits": 32, "attr": ["rc"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:0rc0x0VALSoftware output value

SW_SHARE1_OUTPUT

Key manager software output.

When a software output operation is selected, the results of the operation are placed here.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
SW_SHARE1_OUTPUT_00xa0
SW_SHARE1_OUTPUT_10xa4
SW_SHARE1_OUTPUT_20xa8
SW_SHARE1_OUTPUT_30xac
SW_SHARE1_OUTPUT_40xb0
SW_SHARE1_OUTPUT_50xb4
SW_SHARE1_OUTPUT_60xb8
SW_SHARE1_OUTPUT_70xbc

Fields

{"reg": [{"name": "VAL", "bits": 32, "attr": ["rc"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetNameDescription
31:0rc0x0VALSoftware output value

WORKING_STATE

Key manager working state.

This is a readout of the current key manager working state

  • Offset: 0xc0
  • Reset default: 0x0
  • Reset mask: 0x3

Fields

{"reg": [{"name": "STATE", "bits": 2, "attr": ["ro"], "rotate": -90}, {"bits": 30}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetName
31:2Reserved
1:0ro0x0STATE

WORKING_STATE . STATE

Key manager control state

ValueNameDescription
0x0ResetKey manager control is still in reset. Please wait for initialization complete before issuing operations
0x1AvailableKey manager control has finished latching OTP root key and will now accept software commands.
0x2DisabledKey manager currently disabled. Please reset the key manager. Sideload keys are still valid.
0x3InvalidKey manager currently invalid. Please reset the key manager. Sideload keys are no longer valid.

OP_STATUS

Key manager status.

Hardware sets the status based on software initiated operations. This register must be explicitly cleared by software. Software clears by writing back whatever it reads.

  • Offset: 0xc4
  • Reset default: 0x0
  • Reset mask: 0x3

Fields

{"reg": [{"name": "STATUS", "bits": 2, "attr": ["rw1c"], "rotate": -90}, {"bits": 30}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}
BitsTypeResetName
31:2Reserved
1:0rw1c0x0STATUS

OP_STATUS . STATUS

Operation status.

ValueNameDescription
0x0IdleKey manager is idle
0x1WIPWork in progress. A key manager operation has been started and is ongoing
0x2DONE_SUCCESSOperation finished without errors
0x3DONE_ERROROperation finished with errors, please see ERR_CODE register.

ERR_CODE

Key manager error code. This register must be explicitly cleared by software.

This register represents both synchronous and asynchronous recoverable errors.

Synchronous errors refer to those that only happen when a keymgr operation is invoked, while asynchronous refers to errors that can happen at any time.

  • Offset: 0xc8
  • Reset default: 0x0
  • Reset mask: 0x7

Fields

{"reg": [{"name": "INVALID_OP", "bits": 1, "attr": ["rw1c"], "rotate": -90}, {"name": "INVALID_KMAC_INPUT", "bits": 1, "attr": ["rw1c"], "rotate": -90}, {"name": "INVALID_SHADOW_UPDATE", "bits": 1, "attr": ["rw1c"], "rotate": -90}, {"bits": 29}], "config": {"lanes": 1, "fontsize": 10, "vspace": 230}}
BitsTypeResetNameDescription
31:3Reserved
2rw1c0x0INVALID_SHADOW_UPDATEAn error observed during shadow register updates, asynchronous error
1rw1c0x0INVALID_KMAC_INPUTInvalid data issued to kmac interface, synchronous error
0rw1c0x0INVALID_OPInvalid operation issued to key manager, synchronous error

FAULT_STATUS

This register represents both synchronous and asynchronous fatal faults.

Synchronous faults refer to those that only happen when a keymgr operation is invoked, while asynchronous refers to faults that can happen at any time.

  • Offset: 0xcc
  • Reset default: 0x0
  • Reset mask: 0x3fff

Fields

{"reg": [{"name": "CMD", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "KMAC_FSM", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "KMAC_DONE", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "KMAC_OP", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "KMAC_OUT", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "REGFILE_INTG", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SHADOW", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "CTRL_FSM_INTG", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "CTRL_FSM_CHK", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "CTRL_FSM_CNT", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "RESEED_CNT", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SIDE_CTRL_FSM", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "SIDE_CTRL_SEL", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "KEY_ECC", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 18}], "config": {"lanes": 1, "fontsize": 10, "vspace": 150}}
BitsTypeResetNameDescription
31:14Reserved
13ro0x0KEY_ECCSecret key ecc error, asynchronous fault
12ro0x0SIDE_CTRL_SELSideload control key select error, synchronous fault
11ro0x0SIDE_CTRL_FSMSideload control FSM integrity error, asynchronous fault
10ro0x0RESEED_CNTReseed counter integrity error, asynchronous fault
9ro0x0CTRL_FSM_CNTControl FSM counter integrity error, asynchronous fault
8ro0x0CTRL_FSM_CHKControl FSM cross check error, asynchronous fault
7ro0x0CTRL_FSM_INTGControl FSM integrity error, asynchronous fault
6ro0x0SHADOWShadow copy storage error, asynchronous fault
5ro0x0REGFILE_INTGRegister file integrity error, asynchronous fault
4ro0x0KMAC_OUTKMAC data returned as all 0’s or all 1’s - synchronous fault
3ro0x0KMAC_OPKMAC reported an error during keymgr usage, this should never happen - synchronous fault.
2ro0x0KMAC_DONEThe kmac transfer interface encountered an unexpected done, asynchronous fault.
1ro0x0KMAC_FSMThe kmac transfer interface FSM is in an invalid state, asynchronous fault.
0ro0x0CMDA non-onehot command was seen in kmac, asynchronous fault.

DEBUG

The register holds some debug information that may be convenient if keymgr misbehaves.

  • Offset: 0xd0
  • Reset default: 0x0
  • Reset mask: 0x1ff

Fields

{"reg": [{"name": "INVALID_CREATOR_SEED", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_OWNER_SEED", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_DEV_ID", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_HEALTH_STATE", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_KEY_VERSION", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_KEY", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_DIGEST", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INVALID_ROOT_KEY", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"name": "INACTIVE_LC_EN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 23}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}}
BitsTypeResetNameDescription
31:9Reserved
8rw0c0x0INACTIVE_LC_ENEnable signal from LC ctrl is deactivated
7rw0c0x0INVALID_ROOT_KEYOTP root key was invalid during the first advance
6rw0c0x0INVALID_DIGESTROM digest failed input checks during operation
5rw0c0x0INVALID_KEYKey fed to kmac failed input checks during operation
4rw0c0x0INVALID_KEY_VERSIONKey version failed input checks during operation
3rw0c0x0INVALID_HEALTH_STATEHealth state failed input checks during operation
2rw0c0x0INVALID_DEV_IDDevice ID failed input checks during operation
1rw0c0x0INVALID_OWNER_SEEDOwner seed failed input checks during operation
0rw0c0x0INVALID_CREATOR_SEEDCreator seed failed input checks during operation