Hardware Interfaces
Referring to the Comportable guideline for peripheral device functionality, the module otbn has the following hardware interfaces defined
- Primary Clock:
clk_i - Other Clocks:
clk_edn_i,clk_otp_i - Bus Device Interfaces (TL-UL):
tl - Bus Host Interfaces (TL-UL): none
- Peripheral Pins for Chip IO: none
Inter-Module Signals
| Port Name | Package::Struct | Type | Act | Width | Description |
|---|---|---|---|---|---|
| otbn_otp_key | otp_ctrl_pkg::otbn_otp_key | req_rsp | req | 1 | |
| edn_rnd | edn_pkg::edn | req_rsp | req | 1 | |
| edn_urnd | edn_pkg::edn | req_rsp | req | 1 | |
| idle | prim_mubi_pkg::mubi4 | uni | req | 1 | |
| ram_cfg | prim_ram_1p_pkg::ram_1p_cfg | uni | rcv | 1 | |
| lc_escalate_en | lc_ctrl_pkg::lc_tx | uni | rcv | 1 | |
| lc_rma_req | lc_ctrl_pkg::lc_tx | uni | rcv | 1 | |
| lc_rma_ack | lc_ctrl_pkg::lc_tx | uni | req | 1 | |
| keymgr_key | keymgr_pkg::otbn_key_req | uni | rcv | 1 | |
| tl | tlul_pkg::tl | req_rsp | rsp | 1 |
Interrupts
| Interrupt Name | Type | Description |
|---|---|---|
| done | Event | OTBN has completed the operation. |
Security Alerts
| Alert Name | Description |
|---|---|
| fatal | A fatal error. Fatal alerts are non-recoverable and will be asserted until a hard reset. |
| recov | A recoverable error. Just sent once (as the processor stops). |
Security Countermeasures
| Countermeasure ID | Description |
|---|---|
| OTBN.MEM.SCRAMBLE | Both the imem and dmem are scrambled by using prim_ram_1p_scr. |
| OTBN.DATA.MEM.INTEGRITY | Dmem is protected with ECC integrity. This is carried through to OTBN’s register file. |
| OTBN.INSTRUCTION.MEM.INTEGRITY | Imem is protected with ECC integrity. This is carried through into OTBN’s execute stage. |
| OTBN.BUS.INTEGRITY | End-to-end bus integrity scheme. |
| OTBN.CONTROLLER.FSM.GLOBAL_ESC | The controller FSM moves to a terminal error state upon global escalation. |
| OTBN.CONTROLLER.FSM.LOCAL_ESC | The controller FSM moves to a terminal error state upon local escalation. Can be triggered by CONTROLLER.FSM.SPARSE, SCRAMBLE_CTRL.FSM.SPARSE, and START_STOP_CTRL.FSM.SPARSE. |
| OTBN.CONTROLLER.FSM.SPARSE | The controller FSM uses a sparse state encoding. |
| OTBN.SCRAMBLE.KEY.SIDELOAD | The scrambling key is sideloaded from OTP and thus unreadable by SW. |
| OTBN.SCRAMBLE_CTRL.FSM.LOCAL_ESC | The scramble control FSM moves to a terminal error state upon local escalation. Can be triggered by SCRAMBLE_CTRL.FSM.SPARSE. |
| OTBN.SCRAMBLE_CTRL.FSM.SPARSE | The scramble control FSM uses a sparse state encoding. |
| OTBN.START_STOP_CTRL.FSM.GLOBAL_ESC | The start-stop control FSM moves to a terminal error state upon global escalation. |
| OTBN.START_STOP_CTRL.FSM.LOCAL_ESC | The start-stop control FSM moves to a terminal error state upon local escalation. Can be triggered by START_STOP_CTRL.FSM.SPARSE. |
| OTBN.START_STOP_CTRL.FSM.SPARSE | The start-stop control FSM uses a sparse state encoding. |
| OTBN.DATA_REG_SW.SCA | Blanking of bignum data paths when unused by the executing instruction. |
| OTBN.CTRL.REDUN | Check pre-decoded control matches separately decoded control from main decoder. This includes control signals used for blanking, pushing/popping the call stack, controlling loop and branch/jump instructions, as well as the actual branch target. |
| OTBN.PC.CTRL_FLOW.REDUN | Check prefetch stage PC and execute stage PC match. The prefetch stage and execute stage store their PC’s separately and have separate increment calculations. |
| OTBN.RND.BUS.CONSISTENCY | Comparison on successive bus values received over the EDN RND interface. |
| OTBN.RND.RNG.DIGEST | Checking that the random numbers received over the EDN RND interface have not been generated from entropy that failed the FIPS health checks in the entropy source. |
| OTBN.RF_BASE.DATA_REG_SW.INTEGRITY | Register file is protected with ECC integrity. |
| OTBN.RF_BASE.DATA_REG_SW.GLITCH_DETECT | This countermeasure checks for spurious write-enable signals on the register file by monitoring the one-hot0 property of the individual write-enable strobes. |
| OTBN.STACK_WR_PTR.CTR.REDUN | The write pointer of the stack (used for calls and loops) is redundant. If the two instances of the counter mismatch, an error is emitted. |
| OTBN.RF_BIGNUM.DATA_REG_SW.INTEGRITY | Register file is protected with ECC integrity. |
| OTBN.RF_BIGNUM.DATA_REG_SW.GLITCH_DETECT | This countermeasure checks for spurious write-enable signals on the register file by monitoring the one-hot0 property of the individual write-enable strobes. |
| OTBN.LOOP_STACK.CTR.REDUN | The iteration counter of each entry in the loop step uses cross counts via prim_count. |
| OTBN.LOOP_STACK.ADDR.INTEGRITY | Loop start and end address on the loop stack are protected with ECC integrity. |
| OTBN.CALL_STACK.ADDR.INTEGRITY | Call stack entries are protected with ECC integrity. |
| OTBN.START_STOP_CTRL.STATE.CONSISTENCY | The secure wipe handshake between otbn_controller and otbn_start_stop_control uses a level-based req/ack interface. At the otbn_controller end, there is a check for unexpected acks. In otbn_start_stop_control, there is a check for secure wipe requests when we aren’t in a state that allows it, and also a check for if the request drops at an unexpected time. |
| OTBN.DATA.MEM.SEC_WIPE | Rotate the scrambling key, effectively wiping the dmem. Initiated on command, upon fatal errors and before RMA entry. |
| OTBN.INSTRUCTION.MEM.SEC_WIPE | Rotate the scrambling key, effectively wiping the imem. Initiated on command, upon fatal errors and before RMA entry. |
| OTBN.DATA_REG_SW.SEC_WIPE | Securely wipe programmer visible OTBN register (GPRs, WDRs, CSRs, WSRs) state with random data. Initiated after reset, at the end of any OTBN operation, upon recoverable and fatal errors, and before RMA entry. |
| OTBN.WRITE.MEM.INTEGRITY | A software visible checksum is calculated for all dmem and imem writes |
| OTBN.CTRL_FLOW.COUNT | A software visible count of instructions executed |
| OTBN.CTRL_FLOW.SCA | OTBN architecture does not have any data dependent timing behaviour |
| OTBN.DATA.MEM.SW_NOACCESS | A portion of DMEM is invisible to CPU software |
| OTBN.KEY.SIDELOAD | Keys can be sideloaded without exposing them to the CPU |
| OTBN.TLUL_FIFO.CTR.REDUN | The TL-UL response FIFO pointers are implemented with duplicate counters. |
Registers
Summary
| Name | Offset | Length | Description |
|---|---|---|---|
otbn.INTR_STATE | 0x0 | 4 | Interrupt State Register |
otbn.INTR_ENABLE | 0x4 | 4 | Interrupt Enable Register |
otbn.INTR_TEST | 0x8 | 4 | Interrupt Test Register |
otbn.ALERT_TEST | 0xc | 4 | Alert Test Register |
otbn.CMD | 0x10 | 4 | Command Register |
otbn.CTRL | 0x14 | 4 | Control Register |
otbn.STATUS | 0x18 | 4 | Status Register |
otbn.ERR_BITS | 0x1c | 4 | Operation Result Register |
otbn.FATAL_ALERT_CAUSE | 0x20 | 4 | Fatal Alert Cause Register |
otbn.INSN_CNT | 0x24 | 4 | Instruction Count Register |
otbn.LOAD_CHECKSUM | 0x28 | 4 | A 32-bit CRC checksum of data written to memory |
otbn.IMEM | 0x4000 | 4096 | Instruction Memory Access |
otbn.DMEM | 0x8000 | 3072 | Data Memory Access |
INTR_STATE
Interrupt State Register
- Offset:
0x0 - Reset default:
0x0 - Reset mask:
0x1
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:1 | Reserved | |||
| 0 | rw1c | 0x0 | done | OTBN has completed the operation. |
INTR_ENABLE
Interrupt Enable Register
- Offset:
0x4 - Reset default:
0x0 - Reset mask:
0x1
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:1 | Reserved | |||
| 0 | rw | 0x0 | done | Enable interrupt when INTR_STATE.done is set. |
INTR_TEST
Interrupt Test Register
- Offset:
0x8 - Reset default:
0x0 - Reset mask:
0x1
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:1 | Reserved | |||
| 0 | wo | 0x0 | done | Write 1 to force INTR_STATE.done to 1. |
ALERT_TEST
Alert Test Register
- Offset:
0xc - Reset default:
0x0 - Reset mask:
0x3
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:2 | Reserved | |||
| 1 | wo | 0x0 | recov | Write 1 to trigger one alert event of this kind. |
| 0 | wo | 0x0 | fatal | Write 1 to trigger one alert event of this kind. |
CMD
Command Register
A command initiates an OTBN operation. While performing the operation,
OTBN is busy; the STATUS register reflects that.
All operations signal their completion by raising the done
interrupt; alternatively, software may poll the STATUS register.
Writes are ignored if OTBN is not idle. Unrecognized commands are ignored.
- Offset:
0x10 - Reset default:
0x0 - Reset mask:
0xff
Fields
| Bits | Type | Reset | Name |
|---|---|---|---|
| 31:8 | Reserved | ||
| 7:0 | wo | 0x0 | cmd |
CMD . cmd
The operation to perform.
| Value | Name | Description |
|---|---|---|
| 0xd8 | EXECUTE | Starts the execution of the program stored in the instruction memory, starting at address zero. |
| 0xc3 | SEC_WIPE_DMEM | Securely removes all contents from the data memory. |
| 0x1e | SEC_WIPE_IMEM | Securely removes all contents from the instruction memory. |
CTRL
Control Register
- Offset:
0x14 - Reset default:
0x0 - Reset mask:
0x1
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:1 | Reserved | |||
| 0 | rw | 0x0 | software_errs_fatal | Controls the reaction to software errors. When set software errors produce fatal errors, rather than recoverable errors. Writes are ignored if OTBN is not idle. |
STATUS
Status Register
- Offset:
0x18 - Reset default:
0x4 - Reset mask:
0xff
Fields
| Bits | Type | Reset | Name |
|---|---|---|---|
| 31:8 | Reserved | ||
| 7:0 | ro | 0x4 | status |
STATUS . status
Indicates the current operational state OTBN is in.
All BUSY values represent an operation started by a write to the
CMD register.
| Value | Name | Description |
|---|---|---|
| 0x00 | IDLE | OTBN is idle: it is not performing any action. |
| 0x01 | BUSY_EXECUTE | OTBN is busy executing software. |
| 0x02 | BUSY_SEC_WIPE_DMEM | OTBN is busy securely wiping the data memory. |
| 0x03 | BUSY_SEC_WIPE_IMEM | OTBN is busy securely wiping the instruction memory. |
| 0x04 | BUSY_SEC_WIPE_INT | OTBN is busy securely wiping the internal state. |
| 0xFF | LOCKED | OTBN is locked as reaction to a fatal error, and must be reset to unlock it again. See also the section “Reaction to Fatal Errors”. |
ERR_BITS
Operation Result Register
Describes the errors detected during an operation.
Refer to the “List of Errors” section for a detailed description of the errors.
The host CPU can clear this register when OTBN is not running, by writing any value. Write attempts while OTBN is running are ignored.
- Offset:
0x1c - Reset default:
0x0 - Reset mask:
0xff00ff
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:24 | Reserved | |||
| 23 | rw | 0x0 | fatal_software | A FATAL_SOFTWARE error was observed. |
| 22 | rw | 0x0 | lifecycle_escalation | A LIFECYCLE_ESCALATION error was observed. |
| 21 | rw | 0x0 | illegal_bus_access | An ILLEGAL_BUS_ACCESS error was observed. |
| 20 | rw | 0x0 | bad_internal_state | A BAD_INTERNAL_STATE error was observed. |
| 19 | rw | 0x0 | bus_intg_violation | A BUS_INTG_VIOLATION error was observed. |
| 18 | rw | 0x0 | reg_intg_violation | A REG_INTG_VIOLATION error was observed. |
| 17 | rw | 0x0 | dmem_intg_violation | A DMEM_INTG_VIOLATION error was observed. |
| 16 | rw | 0x0 | imem_intg_violation | A IMEM_INTG_VIOLATION error was observed. |
| 15:8 | Reserved | |||
| 7 | rw | 0x0 | rnd_fips_chk_fail | An RND_FIPS_CHK_FAIL error was observed. |
| 6 | rw | 0x0 | rnd_rep_chk_fail | An RND_REP_CHK_FAIL error was observed. |
| 5 | rw | 0x0 | key_invalid | A KEY_INVALID error was observed. |
| 4 | rw | 0x0 | loop | A LOOP error was observed. |
| 3 | rw | 0x0 | illegal_insn | An ILLEGAL_INSN error was observed. |
| 2 | rw | 0x0 | call_stack | A CALL_STACK error was observed. |
| 1 | rw | 0x0 | bad_insn_addr | A BAD_INSN_ADDR error was observed. |
| 0 | rw | 0x0 | bad_data_addr | A BAD_DATA_ADDR error was observed. |
FATAL_ALERT_CAUSE
Fatal Alert Cause Register
Describes any errors that led to a fatal alert. A fatal error puts OTBN in locked state; the value of this register does not change until OTBN is reset.
Refer to the “List of Errors” section for a detailed description of the errors.
- Offset:
0x20 - Reset default:
0x0 - Reset mask:
0xff
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:8 | Reserved | |||
| 7 | ro | 0x0 | fatal_software | A FATAL_SOFTWARE error was observed. |
| 6 | ro | 0x0 | lifecycle_escalation | A LIFECYCLE_ESCALATION error was observed. |
| 5 | ro | 0x0 | illegal_bus_access | A ILLEGAL_BUS_ACCESS error was observed. |
| 4 | ro | 0x0 | bad_internal_state | A BAD_INTERNAL_STATE error was observed. |
| 3 | ro | 0x0 | bus_intg_violation | A BUS_INTG_VIOLATION error was observed. |
| 2 | ro | 0x0 | reg_intg_violation | A REG_INTG_VIOLATION error was observed. |
| 1 | ro | 0x0 | dmem_intg_violation | A DMEM_INTG_VIOLATION error was observed. |
| 0 | ro | 0x0 | imem_intg_violation | A IMEM_INTG_VIOLATION error was observed. |
INSN_CNT
Instruction Count Register
Returns the number of instructions executed in the current or last operation. The counter saturates at 2^32-1 and is reset to 0 at the start of a new operation.
Only the EXECUTE operation counts instructions; for all other operations this register remains at 0. Instructions triggering an error do not count towards the total.
Always reads as 0 if OTBN is locked.
The host CPU can clear this register when OTBN is not running, by writing any value. Write attempts while OTBN is running are ignored.
- Offset:
0x24 - Reset default:
0x0 - Reset mask:
0xffffffff
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:0 | rw | 0x0 | insn_cnt | The number of executed instructions. |
LOAD_CHECKSUM
A 32-bit CRC checksum of data written to memory
See the “Memory Load Integrity” section of the manual for full details.
- Offset:
0x28 - Reset default:
0x0 - Reset mask:
0xffffffff
Fields
| Bits | Type | Reset | Name | Description |
|---|---|---|---|---|
| 31:0 | rw | 0x0 | checksum | Checksum accumulator |
IMEM
Instruction Memory Access
The instruction memory may only be accessed through this window while OTBN is idle.
If OTBN is busy or locked, read accesses return 0 and write accesses are ignored. If OTBN is busy, any access additionally triggers an ILLEGAL_BUS_ACCESS fatal error.
- Word Aligned Offset Range:
0x4000to0x4ffc - Size (words):
1024 - Access:
rw - Byte writes are not supported.
DMEM
Data Memory Access
The data memory may only be accessed through this window while OTBN is idle.
If OTBN is busy or locked, read accesses return 0 and write accesses are ignored. If OTBN is busy, any access additionally triggers an ILLEGAL_BUS_ACCESS fatal error.
Note that DMEM is actually 4kiB in size, but only the first 3kiB of the memory is visible through this register interface.
- Word Aligned Offset Range:
0x8000to0x8bfc - Size (words):
768 - Access:
rw - Byte writes are not supported.