Hardware Interfaces
Referring to the Comportable guideline for peripheral device functionality, the module sram_ctrl
has the following hardware interfaces defined
- Primary Clock:
clk_i
- Other Clocks:
clk_otp_i
- Bus Device Interfaces (TL-UL):
regs_tl
,ram_tl
- Bus Host Interfaces (TL-UL): none
- Peripheral Pins for Chip IO: none
- Interrupts: none
Inter-Module Signals
Port Name | Package::Struct | Type | Act | Width | Description |
---|---|---|---|---|---|
sram_otp_key | otp_ctrl_pkg::sram_otp_key | req_rsp | req | 1 | |
cfg | prim_ram_1p_pkg::ram_1p_cfg | uni | rcv | 1 | |
lc_escalate_en | lc_ctrl_pkg::lc_tx | uni | rcv | 1 | |
lc_hw_debug_en | lc_ctrl_pkg::lc_tx | uni | rcv | 1 | |
otp_en_sram_ifetch | prim_mubi_pkg::mubi8 | uni | rcv | 1 | |
regs_tl | tlul_pkg::tl | req_rsp | rsp | 1 | |
ram_tl | tlul_pkg::tl | req_rsp | rsp | 1 |
Security Alerts
Alert Name | Description |
---|---|
fatal_error | This fatal alert is triggered when a fatal TL-UL bus integrity fault is detected, or if the initialization mechanism has reached an invalid state. |
Security Countermeasures
Countermeasure ID | Description |
---|---|
SRAM_CTRL.BUS.INTEGRITY | End-to-end bus integrity scheme. |
SRAM_CTRL.CTRL.CONFIG.REGWEN | The SRAM control register is protected by a REGWEN. |
SRAM_CTRL.EXEC.CONFIG.REGWEN | The SRAM execution enable register is protected by a REGWEN. |
SRAM_CTRL.EXEC.CONFIG.MUBI | The SRAM execution enable register is multibit encoded. |
SRAM_CTRL.EXEC.INTERSIG.MUBI | The SRAM execution enable signal coming from OTP is multibit encoded. |
SRAM_CTRL.LC_ESCALATE_EN.INTERSIG.MUBI | The life cycle escalation enable signal is multibit encoded. |
SRAM_CTRL.LC_HW_DEBUG_EN.INTERSIG.MUBI | The life cycle hardware debug enable signal is multibit encoded. |
SRAM_CTRL.MEM.INTEGRITY | End-to-end data/memory integrity scheme. |
SRAM_CTRL.MEM.SCRAMBLE | Data is scrambled with a keyed reduced-round PRINCE cipher in CTR mode. |
SRAM_CTRL.ADDR.SCRAMBLE | Address is scrambled with a keyed lightweight permutation/diffusion function. |
SRAM_CTRL.INSTR.BUS.LC_GATED | Prevent code execution from SRAM in non-test lifecycle states. |
SRAM_CTRL.RAM_TL_LC_GATE.FSM.SPARSE | The control FSM inside the TL-UL gating primitive is sparsely encoded. |
SRAM_CTRL.KEY.GLOBAL_ESC | Scrambling key and nonce are reset to a fixed value upon escalation, and bus transactions going to the memory will be blocked. |
SRAM_CTRL.KEY.LOCAL_ESC | Scrambling key and nonce are reset to a fixed value upon local escalation due to bus integrity or counter errors, and bus transactions going to the memory will be blocked. |
SRAM_CTRL.INIT.CTR.REDUN | The initialization counter is duplicated. |
SRAM_CTRL.SCRAMBLE.KEY.SIDELOAD | The scrambling key is sideloaded from OTP and thus unreadable by SW. |
SRAM_CTRL.TLUL_FIFO.CTR.REDUN | The TL-UL response FIFO pointers are implemented with duplicate counters. |
Registers
Summary of the regs
interface’s registers
Name | Offset | Length | Description |
---|---|---|---|
sram_ctrl.ALERT_TEST | 0x0 | 4 | Alert Test Register |
sram_ctrl.STATUS | 0x4 | 4 | SRAM status register. |
sram_ctrl.EXEC_REGWEN | 0x8 | 4 | Lock register for execution enable register. |
sram_ctrl.EXEC | 0xc | 4 | Sram execution enable. |
sram_ctrl.CTRL_REGWEN | 0x10 | 4 | Lock register for control register. |
sram_ctrl.CTRL | 0x14 | 4 | SRAM ctrl register. |
ALERT_TEST
Alert Test Register
- Offset:
0x0
- Reset default:
0x0
- Reset mask:
0x1
Fields
Bits | Type | Reset | Name | Description |
---|---|---|---|---|
31:1 | Reserved | |||
0 | wo | 0x0 | fatal_error | Write 1 to trigger one alert event of this kind. |
STATUS
SRAM status register.
- Offset:
0x4
- Reset default:
0x0
- Reset mask:
0x3f
Fields
Bits | Type | Reset | Name |
---|---|---|---|
31:6 | Reserved | ||
5 | ro | 0x0 | INIT_DONE |
4 | ro | 0x0 | SCR_KEY_SEED_VALID |
3 | ro | 0x0 | SCR_KEY_VALID |
2 | ro | 0x0 | ESCALATED |
1 | ro | 0x0 | INIT_ERROR |
0 | ro | 0x0 | BUS_INTEG_ERROR |
STATUS . INIT_DONE
Set to 1 if the hardware initialization triggered via CTRL.INIT
has completed.
STATUS . SCR_KEY_SEED_VALID
Set to 1 if the scrambling key has been derived from a valid key seed in OTP.
If STATUS.SCR_KEY_VALID
is set to 1, STATUS.SCR_KEY_SEED_VALID
should be 1
except for cases where the scrambling key seeds have not yet been provisioned to
OTP. In such a case, the scrambling key is still ephemeral (i.e., it is derived
using entropy from CSRNG), but a default all-zero value is used as the key seed.
STATUS . SCR_KEY_VALID
Set to 1 if a new scrambling key has been successfully obtained from OTP. Note that if this is set to 0, the SRAM contents are still scrambled, but a default all-zero key and nonce are used to do so.
STATUS . ESCALATED
Set to 1 if the sram controller has received an escalate request. If this is set to 1, the scrambling keys have been reset to the default values and all subsequent memory requests will be blocked. This condition is terminal.
STATUS . INIT_ERROR
This bit is set to 1 if a the initialization counter has reached an invalid state. This error triggers a fatal_error alert. This condition is terminal.
STATUS . BUS_INTEG_ERROR
This bit is set to 1 if a fatal bus integrity fault is detected. This error triggers a fatal_error alert. This condition is terminal.
EXEC_REGWEN
Lock register for execution enable register.
- Offset:
0x8
- Reset default:
0x1
- Reset mask:
0x1
Fields
Bits | Type | Reset | Name | Description |
---|---|---|---|---|
31:1 | Reserved | |||
0 | rw0c | 0x1 | EXEC_REGWEN | When cleared to zero, EXEC can not be written anymore. |
EXEC
Sram execution enable.
- Offset:
0xc
- Reset default:
0x9
- Reset mask:
0xf
- Register enable:
EXEC_REGWEN
Fields
Bits | Type | Reset | Name |
---|---|---|---|
31:4 | Reserved | ||
3:0 | rw | 0x9 | EN |
EXEC . EN
Write kMultiBitBool4True to this field to enable execution from SRAM. Note that this register only takes effect if the EN_SRAM_IFETCH switch in the OTP HW_CFG partition is set to kMultiBitBool8True. Otherwise execution from SRAM cannot be enabled via this register.
CTRL_REGWEN
Lock register for control register.
- Offset:
0x10
- Reset default:
0x1
- Reset mask:
0x1
Fields
Bits | Type | Reset | Name | Description |
---|---|---|---|---|
31:1 | Reserved | |||
0 | rw0c | 0x1 | CTRL_REGWEN | When cleared to zero, CTRL can not be written anymore. |
CTRL
SRAM ctrl register.
- Offset:
0x14
- Reset default:
0x0
- Reset mask:
0x3
- Register enable:
CTRL_REGWEN
Fields
Bits | Type | Reset | Name |
---|---|---|---|
31:2 | Reserved | ||
1 | wo | 0x0 | INIT |
0 | wo | 0x0 | RENEW_SCR_KEY |
CTRL . INIT
Write 1 to request memory init.
The init mechanism uses an LFSR that is seeded with a part of the nonce supplied when requesting a scrambling key.
Once seeded, the memory is initialized with pseudo-random data pulled from the LFSR.
Note that CTRL.RENEW_SCR_KEY
takes priority when writing 1 to both CTRL.RENEW_SCR_KEY
and CTRL.INIT
with the same write transaction.
This means that the key request will complete first, followed by SRAM initialization.
CTRL . RENEW_SCR_KEY
Write 1 to request a new scrambling key from OTP. After writing to this register, SRAM transactions will
be blocked until STATUS.SCR_KEY_VALID
has been set to 1. If STATUS.SCR_KEY_VALID
was already 1
before triggering a key renewal, hardware will automatically clear that status bit such that software
can poll its status. Note that requesting a new scrambling key takes ~200 OTP cycles, which translates
to ~800 CPU cycles (OTP runs at 24MHz, CPU runs at 100MHz). Note that writing 1 to this register while
a key request is pending has no effect.
This interface does not expose any registers.