Referring to the Comportable guideline for peripheral device functionality, the module kmac has the following hardware interfaces defined
- Primary Clock:
clk_i
- Other Clocks:
clk_edn_i
- Bus Device Interfaces (TL-UL):
tl
- Bus Host Interfaces (TL-UL): none
- Peripheral Pins for Chip IO: none
| Port Name | Package::Struct | Type | Act | Width | Description |
|---|
| keymgr_key | keymgr_pkg::hw_key_req | uni | rcv | 1 | |
| app | kmac_pkg::app | req_rsp | rsp | NumAppIntf | |
| entropy | edn_pkg::edn | req_rsp | req | 1 | |
| idle | prim_mubi_pkg::mubi4 | uni | req | 1 | |
| en_masking | logic | uni | req | 1 | |
| lc_escalate_en | lc_ctrl_pkg::lc_tx | uni | rcv | 1 | |
| tl | tlul_pkg::tl | req_rsp | rsp | 1 | |
| Interrupt Name | Type | Description |
|---|
| kmac_done | Event | KMAC/SHA3 absorbing has been completed |
| fifo_empty | Status | The message FIFO is empty. This interrupt is raised only if the message FIFO is actually writable by software, i.e., if all of the following conditions are met: i) The KMAC block is not exercised by a hardware application interface. ii) The SHA3 block is in the Absorb state. iii) Software has not yet written the Process command to finish the absorption process. For the interrupt to be raised, the message FIFO must also have been full previously. Otherwise, the hardware empties the FIFO faster than software can fill it and there is no point in interrupting the software to inform it about the message FIFO being empty. |
| kmac_err | Event | KMAC/SHA3 error occurred. ERR_CODE register shows the details |
| Alert Name | Description |
|---|
| recov_operation_err | Alert for KMAC operation error. It occurs when the shadow registers have update errors. |
| fatal_fault_err | This fatal alert is triggered when a fatal error is detected inside the KMAC unit. Examples for such faults include: i) TL-UL bus integrity fault. ii) Storage errors in the shadow registers. iii) Errors in the message, round, or key counter. iv) Any internal FSM entering an invalid state. v) An error in the redundant lfsr. The KMAC unit cannot recover from such an error and needs to be reset. |
| Countermeasure ID | Description |
|---|
| KMAC.BUS.INTEGRITY | End-to-end bus integrity scheme. |
| KMAC.LC_ESCALATE_EN.INTERSIG.MUBI | The global escalation input signal from the life cycle is multibit encoded |
| KMAC.SW_KEY.KEY.MASKING | Data storage and secret key are two share to guard against 1st order attack. |
| KMAC.KEY.SIDELOAD | Key from KeyMgr is sideloaded. |
| KMAC.CFG_SHADOWED.CONFIG.SHADOW | Shadowed CFG register. |
| KMAC.FSM.SPARSE | FSMs in KMAC are sparsely encoded. |
| KMAC.CTR.REDUN | Round counter, key index counter, sentmsg counter and hash counter use prim_count for redundancy |
| KMAC.PACKER.CTR.REDUN | Packer Position counter uses prim_count for redundancy |
| KMAC.CFG_SHADOWED.CONFIG.REGWEN | CFG_SHADOWED is protected by REGWEN |
| KMAC.FSM.GLOBAL_ESC | Escalation moves all sparse FSMs into an invalid state. |
| KMAC.FSM.LOCAL_ESC | Local fatal faults move all sparse FSMs into an invalid state. |
| KMAC.LOGIC.INTEGRITY | The reset net for the internal state register and critical nets around the output register are buried. |
| KMAC.ABSORBED.CTRL.MUBI | absorbed signal is mubi4_t type to protect against FI attacks. |
| KMAC.SW_CMD.CTRL.SPARSE | sw_cmd and related signals are sparse encoded to protect against FI attacks. |