Hardware Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module sram_ctrl has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: clk_otp_i
  • Bus Device Interfaces (TL-UL): regs_tl, ram_tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none
  • Interrupts: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
sram_otp_keyotp_ctrl_pkg::sram_otp_keyreq_rspreq1
cfgprim_ram_1p_pkg::ram_1p_cfgunircv1
lc_escalate_enlc_ctrl_pkg::lc_txunircv1
lc_hw_debug_enlc_ctrl_pkg::lc_txunircv1
otp_en_sram_ifetchprim_mubi_pkg::mubi8unircv1
regs_tltlul_pkg::tlreq_rsprsp1
ram_tltlul_pkg::tlreq_rsprsp1

Security Alerts

Alert NameDescription
fatal_errorThis fatal alert is triggered when a fatal TL-UL bus integrity fault is detected, or if the initialization mechanism has reached an invalid state.

Security Countermeasures

Countermeasure IDDescription
SRAM_CTRL.BUS.INTEGRITYEnd-to-end bus integrity scheme.
SRAM_CTRL.CTRL.CONFIG.REGWENThe SRAM control register is protected by a REGWEN.
SRAM_CTRL.EXEC.CONFIG.REGWENThe SRAM execution enable register is protected by a REGWEN.
SRAM_CTRL.EXEC.CONFIG.MUBIThe SRAM execution enable register is multibit encoded.
SRAM_CTRL.EXEC.INTERSIG.MUBIThe SRAM execution enable signal coming from OTP is multibit encoded.
SRAM_CTRL.LC_ESCALATE_EN.INTERSIG.MUBIThe life cycle escalation enable signal is multibit encoded.
SRAM_CTRL.LC_HW_DEBUG_EN.INTERSIG.MUBIThe life cycle hardware debug enable signal is multibit encoded.
SRAM_CTRL.MEM.INTEGRITYEnd-to-end data/memory integrity scheme.
SRAM_CTRL.MEM.SCRAMBLEData is scrambled with a keyed reduced-round PRINCE cipher in CTR mode.
SRAM_CTRL.ADDR.SCRAMBLEAddress is scrambled with a keyed lightweight permutation/diffusion function.
SRAM_CTRL.INSTR.BUS.LC_GATEDPrevent code execution from SRAM in non-test lifecycle states.
SRAM_CTRL.RAM_TL_LC_GATE.FSM.SPARSEThe control FSM inside the TL-UL gating primitive is sparsely encoded.
SRAM_CTRL.KEY.GLOBAL_ESCScrambling key and nonce are reset to a fixed value upon escalation, and bus transactions going to the memory will be blocked.
SRAM_CTRL.KEY.LOCAL_ESCScrambling key and nonce are reset to a fixed value upon local escalation due to bus integrity or counter errors, and bus transactions going to the memory will be blocked.
SRAM_CTRL.INIT.CTR.REDUNThe initialization counter is duplicated.
SRAM_CTRL.SCRAMBLE.KEY.SIDELOADThe scrambling key is sideloaded from OTP and thus unreadable by SW.
SRAM_CTRL.TLUL_FIFO.CTR.REDUNThe TL-UL response FIFO pointers are implemented with duplicate counters.

Registers

Summary of the regs interface’s registers

NameOffsetLengthDescription
sram_ctrl.ALERT_TEST0x04Alert Test Register
sram_ctrl.STATUS0x44SRAM status register.
sram_ctrl.EXEC_REGWEN0x84Lock register for execution enable register.
sram_ctrl.EXEC0xc4Sram execution enable.
sram_ctrl.CTRL_REGWEN0x104Lock register for control register.
sram_ctrl.CTRL0x144SRAM ctrl register.

ALERT_TEST

Alert Test Register

  • Offset: 0x0
  • Reset default: 0x0
  • Reset mask: 0x1

Fields

BitsTypeResetNameDescription
31:1Reserved
0wo0x0fatal_errorWrite 1 to trigger one alert event of this kind.

STATUS

SRAM status register.

  • Offset: 0x4
  • Reset default: 0x0
  • Reset mask: 0x3f

Fields

BitsTypeResetName
31:6Reserved
5ro0x0INIT_DONE
4ro0x0SCR_KEY_SEED_VALID
3ro0x0SCR_KEY_VALID
2ro0x0ESCALATED
1ro0x0INIT_ERROR
0ro0x0BUS_INTEG_ERROR

STATUS . INIT_DONE

Set to 1 if the hardware initialization triggered via CTRL.INIT has completed.

STATUS . SCR_KEY_SEED_VALID

Set to 1 if the scrambling key has been derived from a valid key seed in OTP. If STATUS.SCR_KEY_VALID is set to 1, STATUS.SCR_KEY_SEED_VALID should be 1 except for cases where the scrambling key seeds have not yet been provisioned to OTP. In such a case, the scrambling key is still ephemeral (i.e., it is derived using entropy from CSRNG), but a default all-zero value is used as the key seed.

STATUS . SCR_KEY_VALID

Set to 1 if a new scrambling key has been successfully obtained from OTP. Note that if this is set to 0, the SRAM contents are still scrambled, but a default all-zero key and nonce are used to do so.

STATUS . ESCALATED

Set to 1 if the sram controller has received an escalate request. If this is set to 1, the scrambling keys have been reset to the default values and all subsequent memory requests will be blocked. This condition is terminal.

STATUS . INIT_ERROR

This bit is set to 1 if a the initialization counter has reached an invalid state. This error triggers a fatal_error alert. This condition is terminal.

STATUS . BUS_INTEG_ERROR

This bit is set to 1 if a fatal bus integrity fault is detected. This error triggers a fatal_error alert. This condition is terminal.

EXEC_REGWEN

Lock register for execution enable register.

  • Offset: 0x8
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1EXEC_REGWENWhen cleared to zero, EXEC can not be written anymore.

EXEC

Sram execution enable.

  • Offset: 0xc
  • Reset default: 0x9
  • Reset mask: 0xf
  • Register enable: EXEC_REGWEN

Fields

BitsTypeResetName
31:4Reserved
3:0rw0x9EN

EXEC . EN

Write kMultiBitBool4True to this field to enable execution from SRAM. Note that this register only takes effect if the EN_SRAM_IFETCH switch in the OTP HW_CFG partition is set to kMultiBitBool8True. Otherwise execution from SRAM cannot be enabled via this register.

CTRL_REGWEN

Lock register for control register.

  • Offset: 0x10
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

BitsTypeResetNameDescription
31:1Reserved
0rw0c0x1CTRL_REGWENWhen cleared to zero, CTRL can not be written anymore.

CTRL

SRAM ctrl register.

  • Offset: 0x14
  • Reset default: 0x0
  • Reset mask: 0x3
  • Register enable: CTRL_REGWEN

Fields

BitsTypeResetName
31:2Reserved
1wo0x0INIT
0wo0x0RENEW_SCR_KEY

CTRL . INIT

Write 1 to request memory init. The init mechanism uses an LFSR that is seeded with a part of the nonce supplied when requesting a scrambling key. Once seeded, the memory is initialized with pseudo-random data pulled from the LFSR. Note that CTRL.RENEW_SCR_KEY takes priority when writing 1 to both CTRL.RENEW_SCR_KEY and CTRL.INIT with the same write transaction. This means that the key request will complete first, followed by SRAM initialization.

CTRL . RENEW_SCR_KEY

Write 1 to request a new scrambling key from OTP. After writing to this register, SRAM transactions will be blocked until STATUS.SCR_KEY_VALID has been set to 1. If STATUS.SCR_KEY_VALID was already 1 before triggering a key renewal, hardware will automatically clear that status bit such that software can poll its status. Note that requesting a new scrambling key takes ~200 OTP cycles, which translates to ~800 CPU cycles (OTP runs at 24MHz, CPU runs at 100MHz). Note that writing 1 to this register while a key request is pending has no effect.

This interface does not expose any registers.