Hardware Interfaces

Parameters

The following table lists the instantiation parameters of the SRAM controller.

ParameterDefaultTop EarlgreyDescription
AlertAsyncOn1’b11’b1
InstrExec11Enables the execute from SRAM feature.
MemSizeRam4096(multiple values)Number of 32bit words in the SRAM (can be overridden by topgen).
RndCnstSramKey(see RTL)(see RTL)Compile-time random default constant for scrambling key.
RndCnstSramNonce(see RTL)(see RTL)Compile-time random default constant for scrambling nonce.
RndCnstLfsrSeed(see RTL)(see RTL)Compile-time random default constant for LFSR seed.
RndCnstLfsrPerm(see RTL)(see RTL)Compile-time random default constant for LFSR permutation.

Signals

Referring to the Comportable guideline for peripheral device functionality, the module sram_ctrl has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: clk_otp_i
  • Bus Device Interfaces (TL-UL): regs_tl, ram_tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none
  • Interrupts: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
sram_otp_keyotp_ctrl_pkg::sram_otp_keyreq_rspreq1
cfgprim_ram_1p_pkg::ram_1p_cfgunircv1
lc_escalate_enlc_ctrl_pkg::lc_txunircv1
lc_hw_debug_enlc_ctrl_pkg::lc_txunircv1
otp_en_sram_ifetchprim_mubi_pkg::mubi8unircv1
regs_tltlul_pkg::tlreq_rsprsp1
ram_tltlul_pkg::tlreq_rsprsp1

Security Alerts

Alert NameDescription
fatal_errorThis fatal alert is triggered when a fatal TL-UL bus integrity fault is detected, or if the initialization mechanism has reached an invalid state.

Security Countermeasures

Countermeasure IDDescription
SRAM_CTRL.BUS.INTEGRITYEnd-to-end bus integrity scheme.
SRAM_CTRL.CTRL.CONFIG.REGWENThe SRAM control register is protected by a REGWEN.
SRAM_CTRL.EXEC.CONFIG.REGWENThe SRAM execution enable register is protected by a REGWEN.
SRAM_CTRL.READBACK.CONFIG.REGWENThe SRAM readback enable register is protected by a REGWEN.
SRAM_CTRL.EXEC.CONFIG.MUBIThe SRAM execution enable register is multibit encoded.
SRAM_CTRL.EXEC.INTERSIG.MUBIThe SRAM execution enable signal coming from OTP is multibit encoded.
SRAM_CTRL.LC_ESCALATE_EN.INTERSIG.MUBIThe life cycle escalation enable signal is multibit encoded.
SRAM_CTRL.LC_HW_DEBUG_EN.INTERSIG.MUBIThe life cycle hardware debug enable signal is multibit encoded.
SRAM_CTRL.PRIM_RAM.CTRL.MUBIThe control signals inside prim_ram are multibit encoded.
SRAM_CTRL.MEM.INTEGRITYEnd-to-end data/memory integrity scheme.
SRAM_CTRL.MEM.READBACKEach read and write is checked with a readback.
SRAM_CTRL.MEM.SCRAMBLEData is scrambled with a keyed reduced-round PRINCE cipher in CTR mode.
SRAM_CTRL.ADDR.SCRAMBLEAddress is scrambled with a keyed lightweight permutation/diffusion function.
SRAM_CTRL.INSTR.BUS.LC_GATEDPrevent code execution from SRAM in non-test lifecycle states.
SRAM_CTRL.RAM_TL_LC_GATE.FSM.SPARSEThe control FSM inside the TL-UL gating primitive is sparsely encoded.
SRAM_CTRL.KEY.GLOBAL_ESCScrambling key and nonce are reset to a fixed value upon escalation, and bus transactions going to the memory will be blocked.
SRAM_CTRL.KEY.LOCAL_ESCScrambling key and nonce are reset to a fixed value upon local escalation due to bus integrity or counter errors, and bus transactions going to the memory will be blocked.
SRAM_CTRL.INIT.CTR.REDUNThe initialization counter is duplicated.
SRAM_CTRL.SCRAMBLE.KEY.SIDELOADThe scrambling key is sideloaded from OTP and thus unreadable by SW.
SRAM_CTRL.TLUL_FIFO.CTR.REDUNThe TL-UL response FIFO pointers are implemented with duplicate counters.

The table below lists other SRAM controller signals.

SignalDirectionTypeDescription
lc_hw_debug_en_iinputlc_ctrl_pkg::lc_tx_tMultibit life cycle hardware debug enable signal coming from life cycle controller, asserted when the hardware debug mechanisms are enabled in the system.
lc_escalate_en_iinputlc_ctrl_pkg::lc_tx_tMultibit life cycle escalation enable signal coming from life cycle controller, asserted if an escalation has occurred.
sram_otp_key_ooutputotp_ctrl_pkg::sram_otp_key_req_tKey derivation request going to the key derivation interface of the OTP controller.
sram_otp_key_iinputotp_ctrl_pkg::sram_otp_key_rsp_tEphemeral scrambling key coming back from the key derivation interface of the OTP controller.
otp_en_sram_ifetch_iinputotp_ctrl_pkg::mubi8_tMultibit value coming from the OTP HW_CFG partition (EN_SRAM_IFETCH), set to kMuBi8True in order to enable the EXEC CSR.
cfg_iinputlogic [CfgWidth-1:0]Attributes for physical memory macro.

Interfaces to OTP and the SRAM Scrambling Primitive

The interface to the key derivation interface inside the OTP controller follows a simple req / ack protocol, where the SRAM controller first requests an updated ephemeral key by asserting the sram_otp_key_i.req. The OTP controller then fetches entropy from CSRNG and derives an ephemeral key using the SRAM_DATA_KEY_SEED and the PRESENT scrambling data path as described in the OTP controller spec. Finally, the OTP controller returns a fresh ephemeral key via the response channels (sram_otp_key_o[*], otbn_otp_key_o), which complete the req / ack handshake. The key and nonce are made available to the scrambling primitive in the subsequent cycle. The wave diagram below illustrates this process.

{signal: [
  {name: 'clk_otp_i',                 wave: 'p...........'},
  {name: 'sram_otp_key_o.req',        wave: '0.|1.|..0|..'},
  {name: 'sram_otp_key_i.ack',        wave: '0.|..|.10|..'},
  {name: 'sram_otp_key_i.nonce',      wave: '0.|..|.30|..'},
  {name: 'sram_otp_key_i.key',        wave: '0.|..|.30|..'},
  {name: 'sram_otp_key_i.seed_valid', wave: '0.|..|.10|..'},
  {},
  {name: 'clk_i',                     wave: 'p...........'},
  {name: 'key_valid_q',               wave: '10|..|...|1.'},
  {name: 'key_q',                     wave: '4.|..|...|3.'},
  {name: 'nonce_q',                   wave: '4.|..|...|3.'},
  {name: 'key_seed_valid_q',          wave: '4.|..|...|3.'},
]}

If the key seeds have not yet been provisioned in OTP, the keys are derived from all-zero constants, and the *.seed_valid signal will be set to 0 in the response. It should be noted that this mechanism requires the CSRNG and entropy distribution network to be operational, and a key derivation request will block if they are not.

Note that the req/ack protocol runs on clk_otp_i. The SRAM controller synchronizes the data over via a req/ack handshake primitive prim_sync_reqack.sv primitive as shown below.

OTP Key Req Ack

Note that the key and nonce output signals on the OTP controller side are guaranteed to remain stable for at least 62 OTP clock cycles after the ack signal is pulsed high, because the derivation of a 64bit half-key takes at least two passes through the 31-cycle PRESENT primitive. Hence, if the SRAM controller clock clk_i is faster or in the same order of magnitude as clk_otp_i, the data can be directly sampled upon assertion of src_ack_o. If the SRAM controller runs on a significantly slower clock than OTP, an additional register (as indicated with dashed grey lines in the figure) has to be added.

Global and Local Escalation

If lc_escalate_en_i is set to any different value than lc_ctrl_pkg::Off, the current scrambling keys are discarded and reset to RndCnstSramKey and RndCnstSramNonce in the subsequent cycle. Any subsequent memory request to prim_ram_1p_scr will then be blocked as well. This mechanism is part of the life cycle state scrapping and secret wiping countermeasure triggered by the alert handler (global escalation).

Note that if any local bus integrity or counter errors are detected, the SRAM controller will locally escalate without assertion of lc_escalate_en_i. The behavior of local escalation is identical to global escalation via lc_escalate_en_i.