Hardware Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module spi_device has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: scan_clk_i
  • Bus Device Interfaces (TL-UL): tl
  • Bus Host Interfaces (TL-UL): none

Peripheral Pins for Chip IO

Pin nameDirectionDescription
sckinputSPI Clock
csbinputChip Select#
tpm_csbinputTPM Chip Select#
sd[3:0]inoutSPI IO, IO2/IO3 has multi-purpose (/WP, /HOLD)

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription


Interrupt NameTypeDescription
upload_cmdfifo_not_emptyEventUpload Command FIFO is not empty
upload_payload_not_emptyEventUpload payload is not empty. The event occurs after SPI transaction completed
upload_payload_overflowEventUpload payload overflow event. When a SPI Host system issues a command with payload more than 256B, this event is reported. When it happens, SW should read the last written payload index CSR to figure out the starting address of the last 256B.
readbuf_watermarkEventRead Buffer Threshold event. The host system accesses greater than or equal to the threshold of a buffer.
readbuf_flipEventRead buffer flipped event. The host system accesses other side of buffer.
tpm_header_not_emptyStatusTPM Header(Command/Address) buffer available
tpm_rdfifo_cmd_endEventTPM RdFIFO command ended. The TPM Read command targeting the RdFIFO ended. Check TPM_STATUS.rdfifo_aborted to see if the transaction completed.
tpm_rdfifo_dropEventTPM RdFIFO data dropped. Data was dropped from the RdFIFO. Data was written while a read command was not active, and it was not accepted. This can occur when the host aborts a read command.

Security Alerts

Alert NameDescription
fatal_faultThis fatal alert is triggered when a fatal TL-UL bus integrity fault is detected.

Security Countermeasures

Countermeasure IDDescription
SPI_DEVICE.BUS.INTEGRITYEnd-to-end bus integrity scheme.

The TPM submodule requires a separate input port for CS#. The TPM submodule and other SPI Device modes are able to be active together. The host system distinguishes between the TPM transactions and the other SPI transactions using separate CS# ports. Even though both submodules are able to be active, the host system cannot issue a TPM command and a SPI transaction at the same time due to the SPI IO lines being shared.

The TPM has no write FIFO interrupt. As TPM transactions are not bigger than 4B in current usage case, the waiting time of the core is not a concern. The core takes multiple cycles to pop a byte from the write FIFO due to the slower peripheral clock and multiple CDC paths. The gain of having write FIFO interrupt is not great.