Hardware Interfaces and Registers

Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module sram_ctrl has the following hardware interfaces defined.

Primary Clock: clk_i

Other Clocks: clk_otp_i

Bus Device Interfaces (TL-UL): regs_tl, ram_tl

Bus Host Interfaces (TL-UL): none

Peripheral Pins for Chip IO: none

Inter-Module Signals: Reference

Inter-Module Signals
Port Name Package::Struct Type Act Width Description
sram_otp_key otp_ctrl_pkg::sram_otp_key req_rsp req 1
cfg prim_ram_1p_pkg::ram_1p_cfg uni rcv 1
lc_escalate_en lc_ctrl_pkg::lc_tx uni rcv 1
lc_hw_debug_en lc_ctrl_pkg::lc_tx uni rcv 1
otp_en_sram_ifetch prim_mubi_pkg::mubi8 uni rcv 1
regs_tl tlul_pkg::tl req_rsp rsp 1
ram_tl tlul_pkg::tl req_rsp rsp 1

Interrupts: none

Security Alerts:

Alert NameDescription
fatal_error

This fatal alert is triggered when a fatal TL-UL bus integrity fault is detected, or if the initialization mechanism has reached an invalid state.

Security Countermeasures:

Countermeasure IDDescription
SRAM_CTRL.BUS.INTEGRITY

End-to-end bus integrity scheme.

SRAM_CTRL.CTRL.CONFIG.REGWEN

The SRAM control register is protected by a REGWEN.

SRAM_CTRL.EXEC.CONFIG.REGWEN

The SRAM execution enable register is protected by a REGWEN.

SRAM_CTRL.EXEC.CONFIG.MUBI

The SRAM execution enable register is multibit encoded.

SRAM_CTRL.EXEC.INTERSIG.MUBI

The SRAM execution enable signal coming from OTP is multibit encoded.

SRAM_CTRL.LC_ESCALATE_EN.INTERSIG.MUBI

The life cycle escalation enable signal is multibit encoded.

SRAM_CTRL.LC_HW_DEBUG_EN.INTERSIG.MUBI

The life cycle hardware debug enable signal is multibit encoded.

SRAM_CTRL.MEM.INTEGRITY

End-to-end data/memory integrity scheme.

SRAM_CTRL.MEM.SCRAMBLE

Data is scrambled with a keyed reduced-round PRINCE cipher in CTR mode.

SRAM_CTRL.ADDR.SCRAMBLE

Address is scrambled with a keyed lightweight permutation/diffusion function.

SRAM_CTRL.INSTR.BUS.LC_GATED

Prevent code execution from SRAM in non-test lifecycle states.

SRAM_CTRL.RAM_TL_LC_GATE.FSM.SPARSE

The control FSM inside the TL-UL gating primitive is sparsely encoded.

SRAM_CTRL.KEY.GLOBAL_ESC

Scrambling key and nonce are reset to a fixed value upon escalation, and bus transactions going to the memory will be blocked.

SRAM_CTRL.KEY.LOCAL_ESC

Scrambling key and nonce are reset to a fixed value upon local escalation due to bus integrity or counter errors, and bus transactions going to the memory will be blocked.

SRAM_CTRL.INIT.CTR.REDUN

The initialization counter is duplicated.

SRAM_CTRL.SCRAMBLE.KEY.SIDELOAD

The scrambling key is sideloaded from OTP and thus unreadable by SW.

SRAM_CTRL.TLUL_FIFO.CTR.REDUN

The TL-UL response FIFO pointers are implemented with duplicate counters.

Registers

Registers visible under device interface regs

Summary
Name Offset Length Description
sram_ctrl.ALERT_TEST 0x0 4

Alert Test Register
sram_ctrl.STATUS 0x4 4

SRAM status register.
sram_ctrl.EXEC_REGWEN 0x8 4

Lock register for execution enable register.
sram_ctrl.EXEC 0xc 4

Sram execution enable.
sram_ctrl.CTRL_REGWEN 0x10 4

Lock register for control register.
sram_ctrl.CTRL 0x14 4

SRAM ctrl register.
sram_ctrl.ALERT_TEST @ 0x0

Alert Test Register

Reset default = 0x0, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  fatal_error
BitsTypeResetNameDescription
0wo0x0fatal_error

Write 1 to trigger one alert event of this kind.


sram_ctrl.STATUS @ 0x4

SRAM status register.

Reset default = 0x0, mask 0x3f
31302928272625242322212019181716
 
1514131211109876543210
  INIT_DONE SCR_KEY_SEED_VALID SCR_KEY_VALID ESCALATED INIT_ERROR BUS_INTEG_ERROR
BitsTypeResetNameDescription
0ro0x0BUS_INTEG_ERROR

This bit is set to 1 if a fatal bus integrity fault is detected. This error triggers a fatal_error alert. This condition is terminal.

1ro0x0INIT_ERROR

This bit is set to 1 if a the initialization counter has reached an invalid state. This error triggers a fatal_error alert. This condition is terminal.

2ro0x0ESCALATED

Set to 1 if the sram controller has received an escalate request. If this is set to 1, the scrambling keys have been reset to the default values and all subsequent memory requests will be blocked. This condition is terminal.

3ro0x0SCR_KEY_VALID

Set to 1 if a new scrambling key has been successfully obtained from OTP. Note that if this is set to 0, the SRAM contents are still scrambled, but a default all-zero key and nonce are used to do so.

4ro0x0SCR_KEY_SEED_VALID

Set to 1 if the scrambling key has been derived from a valid key seed in OTP. If STATUS.SCR_KEY_VALID is set to 1, STATUS.SCR_KEY_SEED_VALID should be 1 except for cases where the scrambling key seeds have not yet been provisioned to OTP. In such a case, the scrambling key is still ephemeral (i.e., it is derived using entropy from CSRNG), but a default all-zero value is used as the key seed.

5ro0x0INIT_DONE

Set to 1 if the hardware initialization triggered via CTRL.INIT has completed.


sram_ctrl.EXEC_REGWEN @ 0x8

Lock register for execution enable register.

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  EXEC_REGWEN
BitsTypeResetNameDescription
0rw0c0x1EXEC_REGWEN

When cleared to zero, EXEC can not be written anymore.


sram_ctrl.EXEC @ 0xc

Sram execution enable.

Reset default = 0x9, mask 0xf
Register enable = EXEC_REGWEN
31302928272625242322212019181716
 
1514131211109876543210
  EN
BitsTypeResetNameDescription
3:0rw0x9EN

Write kMultiBitBool4True to this field to enable execution from SRAM. Note that this register only takes effect if the EN_SRAM_IFETCH switch in the OTP HW_CFG partition is set to kMultiBitBool8True. Otherwise execution from SRAM cannot be enabled via this register.


sram_ctrl.CTRL_REGWEN @ 0x10

Lock register for control register.

Reset default = 0x1, mask 0x1
31302928272625242322212019181716
 
1514131211109876543210
  CTRL_REGWEN
BitsTypeResetNameDescription
0rw0c0x1CTRL_REGWEN

When cleared to zero, CTRL can not be written anymore.


sram_ctrl.CTRL @ 0x14

SRAM ctrl register.

Reset default = 0x0, mask 0x3
Register enable = CTRL_REGWEN
31302928272625242322212019181716
 
1514131211109876543210
  INIT RENEW_SCR_KEY
BitsTypeResetNameDescription
0wo0x0RENEW_SCR_KEY

Write 1 to request a new scrambling key from OTP. After writing to this register, SRAM transactions will be blocked until STATUS.SCR_KEY_VALID has been set to 1. If STATUS.SCR_KEY_VALID was already 1 before triggering a key renewal, hardware will automatically clear that status bit such that software can poll its status. Note that requesting a new scrambling key takes ~200 OTP cycles, which translates to ~800 CPU cycles (OTP runs at 24MHz, CPU runs at 100MHz). Note that writing 1 to this register while a key request is pending has no effect.

1wo0x0INIT

Write 1 to request memory init. The init mechanism uses an LFSR that is seeded with a part of the nonce supplied when requesting a scrambling key. Once seeded, the memory is initialized with pseudo-random data pulled from the LFSR. Note that CTRL.RENEW_SCR_KEY takes priority when writing 1 to both CTRL.RENEW_SCR_KEY and CTRL.INIT with the same write transaction. This means that the key request will complete first, followed by SRAM initialization.


Registers visible under device interface ram

This interface does not expose any registers.