EDN HWIP Technical Specification
Overview
This document specifies EDN hardware IP functionality. This module conforms to the Comportable guideline for peripheral functionality.
Features
The Entropy Distribution Network (EDN) block provides both hardware and software interfaces to the CSRNG IP module. A primary objective of the EDN block is to provide a simpler hardware interface for the peripheral blocks to use, in which case they do not have to directly interface with the CSRNG module.
- The EDN block provides a set of registers for firmware to manage a CSRNG application interface port.
- There are four request/acknowledge hardware interfaces.
- Each hardware interface supports a fixed bus width of 32 bits.
- The EDN block has an “auto request mode” where
generate
andreseed
CSRNG application commands can be programmed to be done continuously in hardware. - There is also a “boot-time request mode”, where a single TL-UL configuration write will trigger a proper CSRNG application command sequence to fetch the pre-FIPS entropy for tasks immediately at boot-time or after reset.
- There are two interrupts that are supported:
- CSRNG application command has completed.
- An internal FIFO error has occurred.
- No alerts are supported by this revision.
Description
This IP block acts as a gasket between peripheral hardware blocks and the CSRNG block.
One function this IP block performs is to translate data transfer size.
For example, CSRNG will return 128 bits on the genbits
bus.
A peripheral block will connect with a 32-bit data bus.
The EDN block will move the first 32 bits from the returned genbits
bus, and hold on to the remaining data until another request asks for more data.
Furthermore, if data is not consumed immediately, the interface to the CSRNG will indicate back pressure to the CSRNG block.
Each of the four interfaces can request data such that any genbits
bus return can supply any requesting peripheral block.
At most one hardware peripheral block can connect to each EDN peripheral port.
Hardware peripherals request more data from the EDN by asserting the req
signal.
When random values are available, the EDN transmits them on the bus
and asserts an ack
signal to signify the arrival of fresh values.
Application interface commands to the CSRNG block can be generated by either firmware or hardware.
Firmware can issue CSRNG commands on behalf of hardware peripherals, by writing the commands to the
SW_CMD_REQ register.
The command status response is captured in the
SW_CMD_STS register.
Even when CRSNG generate
commands are issued by firmware, all random values are distributed to the hardware peripherals.
If firmware applications require random values for their own use, they must issue the commands directly to the CSRNG, which maintains a dedicated CSRNG instance for firmware that is accessible through TL-UL.
There are two modes for EDN hardware to generate CSRNG commands.
One is the “auto request mode”, where two FIFOs are used to send commands.
The general operation of this mode is that the CSRNG instance is set up by firmware, then the FIFOs are preloaded with commands.
One FIFO can be programmed to send generate
commands.
The other FIFO can be programmed to send reseed
commands.
The
MAX_NUM_REQS_BETWEEN_RESEEDS register sets the number of generate
commands allowed between reseed
commands.
Once this is done, the EDN block can request data from the CSRNG once firmware has instantiated the associated instance through the EDN command forwarding interface.
When in this mode, the EDN emits generate
commands from the first FIFO to get more data.
Once the
MAX_NUM_REQS_BETWEEN_RESEEDS timer expires, the EDN block emits a reseed
command from the second FIFO.
The process of sending these two commands will repeat forever until the EDN_ENABLE
field is cleared, the AUTO_REQ_MODE
field is cleared, or the EDN is reset.
Any of the command FIFOs can be reset by asserting the CMD_FIFO_RST
field in the
CTRL register.
The other mode is “boot-time request mode”, where only the hardware generates CSRNG application interface commands.
In this mode a single instantiate
command is sent, followed by a stream of generate
commands.
This sequence fetches the initial random values needed for the system to boot.
Use of boot-time request mode, though simpler in operation, is only for applications which do not require FIPS-approved random values.
Please see the entropy_src IP documentation for more information on trade-offs when creating CSRNG seeds before the completion of the FIPS-required health checks.
In boot-time request mode the generate commands continue until EDN_ENABLE
field is cleared (set to false), the BOOT_REQ_MODE
field is cleared, or the EDN is reset.
Note that when the EDN_ENABLE
field is cleared or the BOOT_REQ_MODE
field is cleared, an uninstantiate
command needs to be sent by firmware to destroy the instance in csrng.
Note that the EDNs and CSRNG should always be reset together to ensure proper instantiation or uninstantiation of state variables.
Security
All module assets and countermeasures performed by hardware are listed in the hjson countermeasures section. Labels for each instance of asset and coutermeasure are located throughout the RTL source code.
The receiving FIFO for genbits from CSRNG will have a hardware check on the output bus. This is done to make sure repeated values are not occurring. Only 64 bits (out of 128 bits) are checked, since this is statistically significant, and more checking would cost more silicon. It is expected that an endpoint requiring high-quality entropy will do an additional consistency hardware check on the 32 bit data bus. Additionally the FIPS signal on the endpoint bus should also be checked for high-quality entropy consumers. Boot request mode is an example where the FIPS signal will not be ever be set, and consuming endpoint of low-quality entropy do not need to check this signal.
Example Topology
In general, the OpenTitan random number subsystem consists of one entropy_src
, one CSRNG, and one or more EDNs.
The entropy_src
only supports one connection to a CSRNG, but the CSRNG has multiple application interface ports for connecting to EDN’s or other hardware blocks.
The diagram below shows an example topology where two EDN modules are used to distribute genbits
from the CSRNG to peripheral modules.
Theory of Operations
The EDN is for distributing random number streams to hardware blocks, via peripheral ports on on the EDN. Each block connected to a peripheral port is referred to as an endpoint.
To enable the EDN block, set the EDN_ENABLE
field in the
CTRL register..
Interaction with CSRNG Application Interface Ports
The CSRNG application interface implements the “function envelopes” recommended by NIST SP 800-90A for random number generation, and these function envelopes establish certain requirements for the order of operations.
For instance, the application interface port must receive an explicit instantiate
command before receiving any generate
commands.
The sequences of commands generated by a particular EDN are either controlled by the EDN state machine or by commands forwarded from firmware through the
SW_CMD_REQ register.
Whenever commands are directly forwarded from firmware to the CSRNG through the
SW_CMD_REQ register, firmware must poll and clear the CMD_ACK
bit of the
SW_CMD_STS register before sending any further commands.
Note that CSRNG commands are to be written into the SW_CMD_REQ, RESEED_CMD, and GENERATE_CMD registers. CSRNG command format details can be found in CSRNG.
There are two broad modes for state machine control: auto request mode and boot-time request mode.
Boot-time Request Mode
Random values are needed by peripherals almost immediately after reset, so to simplify interactions with the boot ROM, boot-time request mode is the default mode.
In boot-time request mode, the command sequence is fully hardware-controlled and no command customization is possible.
In this mode, the EDN automatically issues a special reduced-latency instantiate
command followed by the default generate
commands.
This means, for instance, that no personalization strings or additional data may be passed to the CSRNG application interface port in this mode.
On exiting, the EDN issues an uninstantiate
command to destroy the associated CSRNG instance.
Once firmware initialization is complete, it is important to exit this mode if the endpoints ever need FIPS-approved random values.
This is done by either clearing the EDN_ENABLE
field or clearing the BOOT_REQ_MODE
field in
CTRL to halt the boot-time request state machine.
Firmware must then wait for successful the shutdown of the state machine by polling the REQ_MODE_SM_STS
field of the
SUM_STS register.
Note on Security Considerations when Using Boot-time Request Mode
Boot-time request mode is not intended for normal operation, as it tolerates the potential use of preliminary seeds for the attached CSRNG instance.
These preliminary seeds are described as “pre-FIPS” since they are released from the entropy_src
before the complete start-up health-checks recommended by FIPS have been completed.
Thus pre-FIPS seeds have weaker guarantees on the amount of physical entropy included in their creation.
As detailed in the entropy_src
documentation, only the first CSRNG seed created after reset is pre-FIPS.
All following seeds from the entropy_src
are passed through the full FIPS-approved health checks.
Therefore at most one EDN can receive a pre-FIPS seed after reset.
Since boot-time request mode EDN streams may be FIPS non-compliant, firmware must at some point disable boot-time request mode and reinitialize the EDN for either firmware-driven operation or auto request mode.
Multiple EDNs in Boot-time Request Mode
If many endpoints require boot-time entropy multiple boot-time EDNs may be required, as the EDN has a fixed maximum number of peripheral ports.
Since physical entropy generation takes time, there exists a mechanism to prioritize the EDNs, to match the boot priority of each group of attached endpoints.
To establish an order to the instantiation of each EDN, enable them one at a time.
To ensure that the most recently enabled EDN will get next priority for physical entropy, poll the BOOT_INST_ACK
field in the
SUM_STS register before enabling the following EDN.
If using boot-time request mode, the CSRNG seed material used for the first-activated EDN is the special pre-FIPS seed, which is specifically tested quickly to improve latency.
The first random values distributed from this EDN will therefore be available roughly 2ms after reset.
The entropy_src
only creates only one pre-FIPS seed, so any other EDNs must wait for their seeds to pass the full FIPS-recommended health checks.
This means that each subsequent EDN must wait an additional 5ms before it can start distributing data.
For instance, if there are three boot-time request mode EDN’s in the system, the first will start distributing data 2ms after reset, the second will start distributing data 7ms after reset, and the third will start distributing data 12ms after reset.
Auto Request Mode
Before entering auto request mode, it is the responsibility of firmware to first generate an instantiate
command for the EDN-associated instance via the
SW_CMD_REQ register.
The required generate
and reseed
commands must also be custom generated by firmware and loaded into the respective command replay FIFOs via the
GENERATE_CMD and
RESEED_CMD registers.
These generate
commands will be issued as necessary to meet the bandwidth requirements of the endpoints.
The reseed
commands will be issued once every MAX_NUM_REQS_BETWEEN_RESEEDS
generate requests.
For details on the options for application interface commands please see the CSRNG IP Documentation.
Once the CSRNG instance has been instantiated, and the generate
and reseed
commands have been loaded, auto request mode can be entered by programming the
CTRL register with EDN_ENABLE
and AUTO_REQ_MODE
fields are enabled.
Note that if BOOT_REQ_MODE is asserted the state machine will enter boot-time request mode, even if AUTO_REQ_MODE is asserted.
To issue any new commands other than those stored in the generate or reseed FIFOs, it is important to disable auto request mode, by deasserting the AUTO_REQ_MODE
field in the
CTRL register.
Firmware must then wait until the current command is completed by polling the REQ_MODE_SM_STS
bit in the
SUM_STS register
Once REQ_MODE_SM_STS
reads zero, the state machine is idle and new firmware-driven commands can be passed to the CSRNG via the
SW_CMD_REQ register.
Note on State Machine Shutdown Delays
When leaving boot-time request mode or auto request mode, the EDN state machine waits for completion of the last command, before sending a shutdown acknowledgement to firmware.
The longest possible commands are the instantiate
or reseed
requests, which typically take about 5ms, due to the time required to gather the necessary physical entropy.
By contrast, the largest possible generate
command allowed by NIST SP 800-90A is for 219 bits (or 4096 AES codewords).
Assuming an AES encryption delay of 16 clocks, and a 100 MHz clock frequency, the longest allowable generate
command would take only 0.7 ms to complete.
Note on Sharing of CSRNG Instance State Variables
Once an application interface port has received an instantiate
command, that application interface port then has access to a unique CSRNG instance, which is shared by all endpoints on the same EDN.
Therefore from a security perspective, an attack to that particular CSRNG instance is an attack on all the endpoints that share the same EDN.
Meanwhile, seeds and other state variables specific to a particular CSRNG instance are not shared between endpoints on separate EDN instances, or with any hardware devices with direct connections to dedicated CSRNG application interface ports.
Interactions with Peripheral Devices
Peripheral ports distribute data to the endpoints using four signals: req
, ack
, bus
, and fips
.
Fresh (i.e. previously unseen) random values are distributed to the endpoints via the 32 bit bus
signal, in response to a req
signal.
Whenever new values are placed on the bus
, the ack
is asserted until the values are consumed by the endpoint, as indicated by simultaneous assertion of the req
and ack
signals in the same cycle.
Otherwise ack
is deasserted until enough fresh bits are received from CSRNG.
The bus data will persist on the bus until a new req
is asserted.
This persistance will allow an asynchonous endpoint to capture the correct data sometime after the ack
de-asserts.
The fips
signal is used to identify whether the values received on the bus
have been prepared with complete adherence to the recommendations in NIST SP 800-90.
If the fips
signal is deasserted, it means the associated CSRNG instance has been instantiated with a pre-FIPS seed.
Block Diagram
Hardware Interfaces
Referring to the Comportable guideline for peripheral device functionality, the module edn
has the following hardware interfaces defined.
Primary Clock: clk_i
Other Clocks: none
Bus Device Interfaces (TL-UL): tl
Bus Host Interfaces (TL-UL): none
Peripheral Pins for Chip IO: none
Interrupts:
Interrupt Name | Description |
---|---|
edn_cmd_req_done | Asserted when a software CSRNG request has completed. |
edn_fatal_err | Asserted when a FIFO error occurs. |
Security Alerts:
Alert Name | Description |
---|---|
recov_alert | This alert is triggered when entropy bus data matches on consecutive clock cycles. |
fatal_alert | This alert triggers (i) if an illegal state machine state is reached, or (ii) if a fatal integrity failure is detected on the TL-UL bus. |
Security Countermeasures:
Countermeasure ID | Description |
---|---|
EDN.CONFIG.REGWEN | Registers are protected from writes. |
EDN.CONFIG.MUBI | Registers have multi-bit encoded fields. |
EDN.MAIN_SM.FSM.SPARSE | The EDN main state machine uses a sparse state encoding. |
EDN.ACK_SM.FSM.SPARSE | The EDN ACK state machine uses a sparse state encoding. |
EDN.CTR.REDUN | Counter hardening on the generate command maximum requests counter. |
EDN.MAIN_SM.CTR.LOCAL_ESC | A mismatch detected inside any EDN counter moves the main state machine into a terminal error state. |
EDN.CS_RDATA.BUS.CONSISTENCY | Comparison on successive bus values for genbits returned from csrng that will destribute over the endpoint buses. |
EDN.TILE_LINK.BUS.INTEGRITY | Tilelink end-to-end bus integrity scheme. |
Design Details
EDN Initialization
After power-up, the EDN block is disabled. A single TL-UL configuration write to the CTRL register will start random-number streams processing in boot-time request mode. CSRNG application commands will be sent immediately. Once these commands have completed, a status bit will be set. At this point, firmware can later come and reconfigure the EDN block for a different mode of operation.
The recommended write sequence for the entire entropy system is one configuration write to ENTROPY_SRC, then CSRNG, and finally to EDN.
Interrupts
The EDN module has two interrupts: edn_cmd_req_done
and edn_fatal_err
.
The edn_cmd_req_done
interrupt should be used when a CSRNG command is issued and firmware is waiting for completion.
The edn_fatal_err
interrupt will fire when a fatal error has been detected.
The conditions that cause this to happen are FIFO error, a state machine error state transition, or a prim_count error.
Waveforms
See the CSRNG IP waveform section for the CSRNG application interface commands.
Peripheral Hardware Interface - Req/Ack
The following waveform shows an example of how the peripheral hardware interface works. This example shows the case where the boot-time mode in the ENTROPY_SRC block is enabled. This example also shows the case where the next request will change the prior data by popping the data FIFO.
Programmers Guide
Initialization
The following code snippet demonstrates initializing the EDN block.
void edn_init(unsigned int enable) {
// set the control register enable bit
*CTRL_REG = enable; // should be 0x1 by default
// the EDN interrupts can optionally be enabled
}
Error conditions
Need to alert the system of a FIFO overflow condition.
Register Table
edn.INTR_STATE @ 0x0
Interrupt State Register Reset default = 0x0, mask 0x3
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | rw1c | 0x0 | edn_cmd_req_done | Asserted when a software CSRNG request has completed. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | rw1c | 0x0 | edn_fatal_err | Asserted when a FIFO error occurs. |
edn.INTR_ENABLE @ 0x4
Interrupt Enable Register Reset default = 0x0, mask 0x3
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | rw | 0x0 | edn_cmd_req_done | Enable interrupt when | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | rw | 0x0 | edn_fatal_err | Enable interrupt when |
edn.INTR_TEST @ 0x8
Interrupt Test Register Reset default = 0x0, mask 0x3
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | wo | 0x0 | edn_cmd_req_done | Write 1 to force | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | wo | 0x0 | edn_fatal_err | Write 1 to force |
edn.ALERT_TEST @ 0xc
Alert Test Register Reset default = 0x0, mask 0x3
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | wo | 0x0 | recov_alert | Write 1 to trigger one alert event of this kind. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | wo | 0x0 | fatal_alert | Write 1 to trigger one alert event of this kind. |
edn.REGWEN @ 0x10
Register write enable for all control registers Reset default = 0x1, mask 0x1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | rw0c | 0x1 | REGWEN | When true, the CTRL can be written by software. When false, this field read-only. Defaults true, write one to clear. Note that this needs to be cleared after initial configuration at boot in order to lock in the listed register settings. |
edn.CTRL @ 0x14
EDN control register Reset default = 0x9999, mask 0xffff
Register enable = REGWEN
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3:0 | rw | 0x9 | EDN_ENABLE | Setting this field to kMultiBitBool4True enables the EDN module. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
7:4 | rw | 0x9 | BOOT_REQ_MODE | Setting this field to kMultiBitBool4True will enable the feature where the EDN block will automatically send a boot-time request to the CSRNG application interface. The purpose of this feature is to request entropy as fast as possible after reset, and during chip boot-time. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
11:8 | rw | 0x9 | AUTO_REQ_MODE | Setting this field to kMultiBitBool4True will enable the EDN block to automatically
send another request to CSRNG application interface. It is assumed that a CSRNG
instantiate command will be issued using the | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
15:12 | rw | 0x9 | CMD_FIFO_RST | Setting this field to kMultiBitBool4True clears the two command FIFOs: the RESEED_CMD FIFO and the GENERATE_CMD FIFO. This field must be set to the reset state by software before any further commands can be issued to these FIFOs. |
edn.BOOT_INS_CMD @ 0x18
EDN boot instantiate command register Reset default = 0x1, mask 0xffffffff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
31:0 | rw | 0x1 | BOOT_INS_CMD | This field is used as the value for Instantiate command at boot time. |
edn.BOOT_GEN_CMD @ 0x1c
EDN boot generate command register Reset default = 0xfff003, mask 0xffffffff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
31:0 | rw | 0xfff003 | BOOT_GEN_CMD | This field is used as the value for generate command at boot time. |
edn.SW_CMD_REQ @ 0x20
EDN csrng app command request register Reset default = 0x0, mask 0xffffffff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
31:0 | wo | x | SW_CMD_REQ | Any CSRNG action can be initiated by writing a CSRNG command to this register. The application interface must wait for the "ack" to return before issuing new commands. This interface is intended to be controlled solely by software. If !!AUTO_REQ_MODE is set, this register will have no effect on operation. Note that CSRNG command format details can be found in the CSRNG documentation. |
edn.SW_CMD_STS @ 0x24
EDN command status register Reset default = 0x0, mask 0x3
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | ro | 0x0 | CMD_RDY | This bit indicates when the command interface is ready to accept commands. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | ro | 0x0 | CMD_STS | This one bit field is the status code returned with the application command ack. It is updated each time a command ack is asserted on the CSRNG interface. 0b0: Request completed successfully 0b1: Request completed with an error |
edn.RESEED_CMD @ 0x28
EDN csrng reseed command register Reset default = 0x0, mask 0xffffffff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
31:0 | wo | x | RESEED_CMD | Writing this register will fill a FIFO with up to 13 command words (32b words). This FIFO will be used to automatically send out a reseed command to the CSRNG application interface when in !!AUTO_REQ_MODE. This command will be sent only after the MAX_NUM_REQS_BETWEEN_RESEEDS counter value has reached zero. On overflow this FIFO pops the oldest word from the previous command. Updated commands can be inserted by pushing 13 command words into the FIFO, pushing the previous command out. Note that CSRNG command format details can be found in the CSRNG documentation. |
edn.GENERATE_CMD @ 0x2c
EDN csrng generate command register Reset default = 0x0, mask 0xffffffff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
31:0 | wo | x | GENERATE_CMD | Writing this register will fill a FIFO with up to 13 command words (32b words). This FIFO will be used to automatically send out a generate command to the CSRNG appl interface when in !!AUTO_REQ_MODE. This command will be sent only after receiving a command ack from the previous command. On overflow this FIFO pops the oldest word from the previous command. Updated commands can be inserted by pushing 13 command words into the FIFO, pushing the previous command out. Note that CSRNG command format details can be found in the CSRNG documentation. |
edn.MAX_NUM_REQS_BETWEEN_RESEEDS @ 0x30
EDN maximum number of requests between reseeds register Reset default = 0x0, mask 0xffffffff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
31:0 | rw | 0x0 | MAX_NUM_REQS_BETWEEN_RESEEDS | Setting this field will set the number of generate requests that can be made to CSRNG before a reseed request is made. This value only has meaning when in !!AUTO_REQ_MODE. This register supports a maximum of 2^32 requests between reseeds. This register will be used by a counter that counts down, triggering an automatic reseed when it reaches zero. |
edn.RECOV_ALERT_STS @ 0x34
Recoverable alert status register Reset default = 0x0, mask 0x100f
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | rw0c | 0x0 | EDN_ENABLE_FIELD_ALERT | This bit is set when the EDN_ENABLE field is set to an illegal value, something other than kMultiBitBool4True or kMultiBitBool4False. Writing a zero resets this status bit. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | rw0c | 0x0 | BOOT_REQ_MODE_FIELD_ALERT | This bit is set when the BOOT_REQ_MODE field is set to an illegal value, something other than kMultiBitBool4True or kMultiBitBool4False. Writing a zero resets this status bit. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2 | rw0c | 0x0 | AUTO_REQ_MODE_FIELD_ALERT | This bit is set when the !!AUTO_REQ_MODE field is set to an illegal value, something other than kMultiBitBool4True or kMultiBitBool4False. Writing a zero resets this status bit. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3 | rw0c | 0x0 | CMD_FIFO_RST_FIELD_ALERT | This bit is set when the CMD_FIFO_RST field is set to an illegal value, something other than kMultiBitBool4True or kMultiBitBool4False. Writing a zero resets this status bit. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
11:4 | Reserved | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
12 | rw0c | 0x0 | EDN_BUS_CMP_ALERT | This bit is set when the interal entropy bus value is equal to the prior valid value on the bus, indicating a possible attack. Writing a zero resets this status bit. |
edn.ERR_CODE @ 0x38
Hardware detection of error conditions status register Reset default = 0x0, mask 0x70700003
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
0 | ro | 0x0 | SFIFO_RESCMD_ERR | This bit will be set to one when an error has been detected for the reseed command FIFO. The type of error is reflected in the type status bits (bits 28 through 30 of this register). This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | ro | 0x0 | SFIFO_GENCMD_ERR | This bit will be set to one when an error has been detected for the generate command FIFO. The type of error is reflected in the type status bits (bits 28 through 30 of this register). This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19:2 | Reserved | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20 | ro | 0x0 | EDN_ACK_SM_ERR | This bit will be set to one when an illegal state has been detected for the EDN ack stage state machine. This error will signal a fatal alert. This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
21 | ro | 0x0 | EDN_MAIN_SM_ERR | This bit will be set to one when an illegal state has been detected for the EDN main stage state machine. This error will signal a fatal alert. This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
22 | ro | 0x0 | EDN_CNTR_ERR | This bit will be set to one when a hardened counter has detected an error condition. This error will signal a fatal alert. This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
27:23 | Reserved | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
28 | ro | 0x0 | FIFO_WRITE_ERR | This bit will be set to one when any of the source bits (bits 0 through 1 of this this register) are asserted as a result of an error pulse generated from any full FIFO that has been recieved a write pulse. This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
29 | ro | 0x0 | FIFO_READ_ERR | This bit will be set to one when any of the source bits (bits 0 through 1 of this this register) are asserted as a result of an error pulse generated from any empty FIFO that has recieved a read pulse. This bit will stay set until the next reset. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
30 | ro | 0x0 | FIFO_STATE_ERR | This bit will be set to one when any of the source bits (bits 0 through 1 of this this register) are asserted as a result of an error pulse generated from any FIFO where both the empty and full status bits are set. This bit will stay set until the next reset. |
edn.ERR_CODE_TEST @ 0x3c
Test error conditions register Reset default = 0x0, mask 0x1f
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
4:0 | rw | 0x0 | ERR_CODE_TEST | Setting this field will set the bit number for which an error
will be forced in the hardware. This bit number is that same one
found in the |
edn.MAIN_SM_STATE @ 0x40
Main state machine state debug register Reset default = 0x185, mask 0x1ff
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bits | Type | Reset | Name | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
8:0 | ro | 0x185 | MAIN_SM_STATE | This is the state of the EDN main state machine.
See the RTL file |