Analog Sensor Top Technical Specification
Overview
AST, also known as the analog sensor top, is the OpenTitan analog and security companion. Within AST are various analog functions (such as clocks, regulators, random number generators) needed to make the device function, as well as physical security sensors necessary to protect the device from physical attacks or manipulation.
At a high level, AST communicates with a number of OpenTitan comportable modules. See diagram below.
In the following sections, each family of connection is briefly described and explained. Note, the analog connections to AST are not shown in the diagram, but will be explained as well.
Interface Signals Table
Table notes
Signal naming conventions used in this document
It complies with OpenTitan names and suffixes with some augmentations.
-
Clock signals start with clk_*
-
Inputs and outputs are marked with *_i/o
-
Analog signals are marked with *_a
-
Non-core level signals are marked with *_h
-
Dual and negative polarity signals are marked with *_p/n
Clock domains column
-
sys - system clock, mainly used for high performance and security modules. Up to 100MHz
-
io - peripheral clock source, mainly used for peripherals and I/O related functionality. Up to 96MHz (divided by 4 by the clock manager)
-
usb - USB module source clock. 48MHz
-
aon - Always-on domain clock. The only active clock while chip is in deep-sleep power state, 200KHz
-
async - when listed as async, it means it does not matter what domain drives the signal
-
Input clocks: Each functional interface has a dedicated clock named after the interface.
| Signal Name & Affiliation | I/O | Width/ Type/ Struct |
Clock Domain | Description |
| Power Supplies | ||||
| VCC | I | VCC is the main power supply. It is driven from an external source and is used to power the internal VCMAIN and VCAON power domains. VCC must always be present when the device is functioning; VCC is also used to power a number of pads that must be always on when the device is functioning. |
||
| AVCC | I | Analog blocks power supply. AVCC and AGND are analog supply and ground signals for the AST analog functions. They mainly serve for ADC and USB clock functionality. AVCC is expected to be driven by the same voltage regulator and have similar power availability as VCC. AVCC and AGND have dedicated package balls/pins. In the future, package pins sharing with VCC and GND may be considered based on post-silicon test results. | ||
| VCMAIN | O | Main core power, driven by internal capless voltage regulator | ||
| VCAON | O | Core voltage power for always-on domain (same voltage range as VCMAIN) | ||
| VIOA | I | IO supply, powering a set of pads. Unlike VCC, the IO supplies can be turned off by external components and the device will continue to function, the unpowered pads however, become inoperable. | ||
| VIOB | I | Same as VIOA, but for a different set of pads. | ||
| GND | I | Ground | ||
| AGND | I | Analog ground (see AVCC for further details) | ||
| Power Control and Reset | ||||
| otp_power_seq_i | I | 2 | async | Contains the power sequencing signals coming from the OTP macro. |
| otp_power_seq_h_o | O | 2 | async | Contains the power sequencing signals going to the OTP macro (VCC domain). |
| flash_power_down_h_o | O | 1 | async | Connected to flash (VCC domain). Used for flash power management. |
| flash_power_ready_h_o | O | 1 | async | Connected to flash (VCC domain). Used for flash power management. |
vcmain_pok (aka vcmain_pok_o) |
O | ast_pwst | async | Main core power-exist indication. Used by the OpenTitan power manager to determine the state of the main digital supply during power up and power down sequencing. |
vcaon_pok (aka vcaon_pok_o) |
O | ast_pwst | async | Always-on power-exist indication. Used by the OpenTitan power manager for power-on reset root. |
vioa_pok (aka vioa_pok_o) |
O | ast_pwst | async | VIOA power-exist indications. Used as a power-OK status signal. |
viob_pok (aka viob_pok_o) |
O | ast_pwst | async | VIOB power-exist indication. Used as a power-OK status signal. |
| por_ni | I | 1 | async | Power on reset input signal to AST. See Resets section for further details |
| main_pd_ni | I | 1 | aon | Power down enable for main core power 0: main core power is down (deep-sleep state) 1: main core power is up It may take up to 200 uS from this signal transition to power switching completion by AST (not including boot time and so). Note that flash must be prepared for power down before this signal is asserted. |
| main_env_iso_en_i | I | 1 | aon | Preliminary indication of VCMAIN isolation signal (main_iso_en) assertion. It is used by AST logic to latch interface signals which may no longer be valid after main_iso_en is active. This signal must be set at least 30ns before main_iso_en is active and must remain active at least 30ns after main_iso_en is no longer active. Note that main_iso_en itself asserts ahead of main_pd_ni. ie, the pwrmgr will set this signal to '1' before requesting the power be turned off. Similar, on power-on, the isolation is only released after power is restored and all powered off modules have been reset. |
| ast_init_done_o | O | mubi4 | tlul | When set, it indicates that the AST initialization was performed. Note that this signal may not be set while the chip is in TEST* or RMA lifecycle states. |
| Clock Outputs | ||||
| clk_src_sys_o | O | 1 | sys | 100 MHz clock with jitter (main clock domain). Used as the main system clock. |
| clk_src_sys_val_o | O | 1 | async | System clock valid. Used as "ack" signals for the power manager |
| clk_src_sys_en_i | I | 1 | aon | System clock enable. |
| clk_src_sys_jen_i | I | mubi4 | async | System clock jitter enable |
| clk_src_aon_o | O | 1 | aon | 200 KHz clock for always-on domain. |
| clk_src_aon_val_o | O | 1 | async | aon clock valid |
| clk_src_usb_o | O | 1 | usb | 48 MHz clock for USB. To comply with USB full speed clock specification, it supports frequency accuracy of +/-2500 ppm when usb_ref_pulse_i is available and +/-3% otherwise. It may take up to 50 ms for this clock to reach the accuracy target from the time 'usb_ref_pulse_i' is available. USB clock calibration interface is further detailed here. |
| clk_src_usb_val_o | O | 1 | async | USB clock valid |
| clk_src_usb_en_i | I | 1 | aon | USB clock enable |
| usb_ref_pulse_i | I | 1 | usb | USB reference pulse +/-500ppm. When valid, it is expected to pulse for one usb clock cycle every 1ms. |
| usb_ref_val_i | I | 1 | usb | USB reference valid. This bit serves as a valid signal for the usb_ref_pulse_i signal. It is set to 1 after the first valid usb_ref_pulse_i event is detected and remains high as long as usb_ref_pulse_i continues to behave as expected (per usb_ref_pulse description). Once usb_ref_pulse deviates from its expected behavior, usb_ref_val_i immediately negates to 0 and remains 0 until after the next valid usb_ref_val pulse. |
| clk_src_io_o | O | 1 | io | 96 MHz clock with +/-3% frequency accuracy. Used for peripherals that require a fixed frequency, for example SPI and UART |
| clk_src_io_val_o | O | 1 | async | I/O and timer clock valid. Used as "ack" signals for the Power manager. |
| clk_src_io_en_i | I | 1 | aon | I/O and timer clock enable |
| clk_src_io_48m_o | O | mubi4 | aon | Clock frequency indicator. When set, it indicates that the clk_src_io_o's frequency is 48 MHz; otherwise, it is 96 MHz. |
| Clock & Reset Inputs | ||||
| clk_ast_adc_i | I | 1 | adc | ADC interface clock input |
| clk_ast_rng_i | I | 1 | rng | RNG interface clock input |
| clk_ast_usb_i | I | 1 | usb | USB reference interface clock input |
| clk_ast_es_i | I | 1 | es | Entropy source interface clock input |
| clk_ast_alert_i | I | 1 | alert | Alert interface clock input |
| clk_ast_tlul_i | I | 1 | tlul | TLUL bus interface clock input |
| rst_ast_adc_ni | I | 1 | adc | ADC interface reset (active low) |
| rst_ast_rng_ni | I | 1 | rng | RNG interface reset (active low) |
| rst_ast_usb_ni | I | 1 | usb | USB reference interface reset (active low) |
| rst_ast_es_ni | I | 1 | es | Entropy source interface reset (active low) |
| rst_ast_alert_ni | I | 1 | alert | Alert interface interface reset (active low) |
| rst_ast_tlul_ni | I | 1 | tlul | TLUL bus reference interface reset (active low) |
| Register Access Interface | ||||
| tlul | I/O | tl_* | tlul | TLUL bus interface. Mainly used for configuration, calibration and trimming. At boot time, data is copied from non-volatile storage into AST registers by the SW boot entity. This interface has no further use beyond this point. Runtime interaction with AST is performed by other signals as described in this document. |
| Analog modules | ||||
| adc_a0_ai | I | awire | async | ADC analog input channels 0 to be measured. Signal type is awire (see ana_pkg.sv) |
| adc_a1_ai | I | awire | async | ADC analog input channels 1 to be measured. Signal type is awire (see ana_pkg.sv) |
| adc_d_o | O | 10 | adc | ADC digital data |
| adc_chnsel_i | I | 2 | adc | ADC input channel select (one hot). No more than one channel should be selected at a time. Any change in 'adc_chnsel_i' value must go through all '0'. Changing 'adc_chnsel_i' from '0' value to non-'0' value starts an ADC conversion. |
| adc_d_val_o | O | 1 | adc | ADC digital data valid |
| adc_pd_i | I | 1 | adc | ADC power down - for saving power during deep-sleep state between measurements. When this signal is high, ADC module is in off state, otherwise, it is in active state. For further description about adc_pd_i usage, see ADC module description below. |
| entropy_req_o | O | edn_req | es | Request entropy from EDN |
| entropy_rsp_i | I | edn_rsp | es | EDN entropy request acknowledgement and data. |
| rng_en_i | I | 1 | rng | Input from controller to enable RNG |
| rng_fips_i | I | 1 | rng | Indicates that the AST RNG module is requested to output FIPS SP-800-90B grade RNG bits. This may, but not necessarily affect bit-rate. This bit is a placeholder. The use of this signal inside AST is TBD. |
| rng_val_o | O | 1 | rng | RNG bit valid. This is a per-transaction valid. rng_b_o can be sampled whenever this bit is high. |
| rng_b_o | O | 4 | rng | RNG digital bit streams. The downstream controller of this signal should sample the rng_b_o whenever rng_val_o is high. |
| Countermeasures and Alerts | ||||
| alert_req_o | O | ast_alert_req | alert | Alert events. There are 11 such events. The alerts are associated with countermeasures like Active shield, clock glitch detector, voltage glitch detector, temperature sensor, and others. |
| alert_rsp_i | I | ast_alert_rsp | alert | This structure contains acknowledge signals and force-trigger by software signals for each alert event. The acknowledge signals are assumed to be synchronous pulses. |
| Trimming Test and Debug | ||||
| dft_scan_md_o | O | mubi4 | Scan mode indication signal. Controllable only when DFT features are enabled (Test and RMA states). Otherwise, these signals are grounded to 0. | |
| scan_shift_en_o | O | 1 | Scan shift enable | |
| scan_reset_no | O | 1 | Scan reset | |
| clk_ast_ext_i | I | 1 | async | External clock. While AST generates most of its clocks on-die, it still needs an external clock for clock calibration and first flash/OTP programming. Clock calibration: AST clock sources are inaccurate by default and must be calibrated prior to use. The results of the calibration are stored in OTP and reloaded by software upon system boot. First Flash / OTP programming: AST clock sources are inaccurate by default and may be out of range for initial flash and OTP programming. In this situation, an external clock may be required for initial programming such that a software image can be loaded to calibrate clocks and advance life cycle. |
| dft_strap_test_i | I | dft_strap_test_req | async | Strap inputs for DFT selection |
| flash_bist_en_o | O | mubi4 | Flash BIST enable | |
| vcc_supp_i | I | 1 | async | VCC Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant '1' and will be disconnected inside the AST. |
| vcmain_supp_i | I | 1 | async | VCMAIN Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant '1' and will be disconnected inside the AST. |
| vcaon_supp_i | I | 1 | async | VCAON Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant '1' and will be disconnected inside the AST. |
| vioa_supp_i | I | 1 | async | VIOA Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant '1' and will be disconnected inside the AST. |
| viob_supp_i | I | 1 | async | VIOB Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant '1' and will be disconnected inside the AST. |
| ast2pad_t0_ao, ast2pad_t1_ao | I/O | async | Analog debug signals. These signals should be connected directly to chip PADs. They can share PADs with functional signals but when they are used for their analog debug function, the functional I/O must be in tri-state. | |
dpram_rmf_o, dpram_rml_o, spram_rm_o, sprgf_rm_o, sprom_rm_o |
O | dpm_rm | async | RAM/ROM Read-write Margin Trimming |
| padmux2ast_i | I | 6 | async | Digital debug input signals (routed to pin mux). These signals are controllable only when DFT features are enabled (Test and RMA states). Otherwise, these signals are grounded to 0. |
| ast2padmux_o | O | 9 | async | Digital debug output signals (routed to pin mux). These signals are only outputted when DFT features are enabled (Test and RMA states). Otherwise, these signals are grounded to 0. |
| usb_io_pu_cal_o | O | 20 | async | USB I/O calibration and trimming |
| io_clk_byp_req_i | I | mubi4 | async | External clock mux override request for OTP bootstrap purposes. AST responds to the request by setting io_clk_byp_ack_o to 'On'. When this bit is set and ack was received, clk_ast_ext_i serves as the io_clk clock root. Note: When 'On' (after ack), clk_src_io_o clock max frequency is limited to 50 MHz |
| io_clk_byp_ack_o | O | mubi4 | async | AST response to io_clk_byp_req_i. The ack is set to 'On' after clock switching function is performed. |
| all_clk_byp_req_i | I | mubi4 | async | External clock mux override request for OTP bootstrap purposes. AST responds to the request by setting io_clk_byp_ack_o to 'On'. When this bit is set and ack was received, clk_ast_ext_i serves as the io_clk clock root. Note: When 'On' (after ack), clk_src_io_o clock max frequency is limited to 50 MHz |
| all_clk_byp_ack_o | O | mubi4 | async | AST response to io_clk_byp_req_i. The ack is set to 'On' after clock switching function is performed. |
| ext_freq_is_96m_i | I | mubi4 | async | External clock frequency indication to AST. When set, it indicates that the external clock is 96MHz. |
| lc_dft_en_i | I | lc_tx | async | DFT enable |
| fla_obs_i | I | 8 | async | Flash observe bus for debug |
| otp_bos_i | I | 8 | async | OTP observe bus for debug |
| usb_obs_i | I | 1 | async | USB differential receiver output observe for debug |
| otm_obs_i | I | 8 | async | OpenTitan modules observe bus for debug (optional) |
| obs_ctrl_o | O | ast_obs_ctrl | async | Observability control structure. It contains observability module selection, signal group selection and enable logic. Open source modules may choose to use this infrastructure for selecting and gating observability signals to be driven into otm_obs_i bus. Whether to actually use this interface or not for open source modules observability is a project decision. |
| sns_clks_i | I | clkmgr_out | async | Clocks observability |
| sns_rst_i | I | rstmgr_out_t | async | Resets observability |
| sns_spi_ext_clk_i | I | 1 | async | SPI external clock observability |
Interfaces Description Note
The information below augments the Interface Signals Table. For further details, see the corresponding signals description in the table.
Power Connectivity
Note: Power signals may not appear in the verilog files, however, they are described for completeness.
External Supplies
AST has four external power supplies VCC, AVCC, VIOA and VIOB. VCC is the main supply, AVCC is an analog VCC supply. VIOA and VIOB are two additional I/O supplies.
Core Supplies
The core supplies are generated from the VCC supply. There are two core supply domains: VCMAIN and VCAON. VCAON, as its name implies, is the always-on core supply used to power components that stay active during device low power states. VCMAIN on the other hand, powers most chip logic such as RISC-V processor, crypto modules and almost all memories and peripherals. The VCMAIN supply can be turned off when requested, VCAON on the other hand, is active whenever VCC is active. AST core logic is powered by VCAON.
Power Control and Reset
Core Power Control and Indication
VCMAIN is the only supply that can be directly influenced by OpenTitan. The power manager can request VCMAIN to shutdown through main_pd_ni. The state of VCMAIN is reflected by the vcmain_pok_o signal.
IO Power Indication
IO power state is reflected to OpenTitan by vioa_pok_o and viob_pok_o signals
Main (VCC) Power Detection and Flash Protection
On VCC power-down detection, ‘flash_power_ready_h_o’, is immediately negated. In addition, SYS clock, IO clock and USB clock are stopped. This means that negation of the VCC supply always triggers the flash brown-out (BOR) protection circuitry.
When entering deep-sleep mode, ‘flash_power_down_h_o’ is asserted before negating VCMAIN until VCMAIN is back up.
Resets
The AST supports the generation of the root reset for the reset manager. It is driven by ‘vcaon_pok_o’ which is generated inside AST. The ‘vcaon_pok_o’ is activated when the following conditions are met: VCC is detected, internal voltage regulator is active and ‘por_ni’ reset input is inactive. ‘por_ni’ is driven by an external chip reset pin. The following table and diagrams describe the AST sub-modules resets.
| Components | Reset by | Comments |
|---|---|---|
| Regulators, ‘power-OK’ logic and always-on clock | self-start / vcaon_pok_o | These circuits come to life shortly after VCC crosses its detection threshold. vcaon_pok_o serves as their register configuration reset. |
| System/USB/IO clock generators | vcmain_pok_o | vcmain_pok_o is also fed by vcaon_pok_o and por_ni. |
| Interface functions | Input reset | Per the corresponding interface clock domain reset input. |
Clock Outputs
AST generates four clocks: System clock, IO clock, USB clock and Always-on clock. Most clocks have ‘enable’ inputs and a corresponding ‘valid’ output. When the enable is de-asserted, the corresponding clock stops and valid is dropped to 0. When the enable is asserted, the clocks begin outputting in a ‘glitchless’ manner and the valid is raised to 1. Unless noted otherwise, clocks duty cycle is 50% +/-5%. At boot time, clocks start toggling at a different (typically slower) frequency than their target. They are configured to their target frequency by the ROM code. Once configured, their frequency is maintained within +/-3% of their target as long as the chip remains in its intended operating conditions until the next boot.
The OpenTitan power and clock managers are responsible for manipulating the enables and observing the valids to know when clocks can be safely released to the system.
USB Clock Calibration
The USB clock requires an accuracy that cannot be achieved by the AST clocks natively. As a result, information from USB frames are used to calibrate the clock.
Clock and Reset Inputs
The root clocks and resets are generated inside AST. However, the clocks go through gating and optional division in the OpenTitan top level and propagate back into AST as feedback clocks, each with associated synchronized reset de-assertion to ensure it can synchronize with the various comportable modules. The input resets are used for the different AST interface functions. For further details about AST resets, see Resets section.
Note: There are several reasons for routing leaf clocks back into AST instead of using the root clocks directly
-
The leaf clocks may be divided down from the root clock and that frequency is used to drive the interface. For example, clk_src_io_clk_o is 96MHz, but comportable modules use either 48MHz or 24MHz.
-
The leaf clocks and root clocks have very different clock tree depths and may be difficult for timing closure if they interacted directly.
-
Decouple AST internal design from OpenTitan top-level interfaces clock and reset selection.
Register Access Interface
AST registers can be accessed via TL-UL interface. These registers are used for test and calibration purposes and are not required for runtime operation. See the Interface Signals Table for more details.
AST registers initialization during boot.
In PROD*/DEV Lifecycle states, the ROM code must copy all AST REGA registers values from OTP to AST. During other Lifecycle states, the ROM code may also copy all AST REGA registers. It is recommended for the ROM code to condition the copy by a digest verification of the register values. If such a digest is too complicated, a simple tag can be used to condition the copy instead. The AST register copy operation must be performed in order and must include all REGA registers (starting from REGA0 and ending at the last REGA). AST sets the ast_init_done_o signal after the copy completion.
After the copy, ROM code can either poll for ast_init_done_o assertion with 100 us timeout (in practice, it should take way less) or ignore it and let the next SW layers handle it. It is recommended to set an OTP field for determining the ROM code action.
The boot code is expected to check all AST output alert signals before handing over the control to the next code layer (ROM_EXT). The ROM code response per alert should be defined in a dedicated OTP space. Recommended response types (per alert):
-
Do nothing and don’t clear the event
-
Do nothing (continue to the next SW layer) and clear the event
-
Log the event in some NV space and halt
-
Halt immediately
Note that in TEST_UNLOCK*/RMA state, the booter should always act per #1 regardless of the OTP setting.
It is recommended to redundantly code the OTP fields that control the ROM code branching and also to protect the branching code from fault injection.
ADC
AST contains an analog to digital converter that can be used to sample various input signals. For OpenTitan this will primarily be used for debug cable detection. To activate the ADC, the corresponding comportable module must first activate the ADC through ‘adc_pd_i’. Once activated, it should select the channel to sample. Channel transition from zero to non-zero value starts the ADC conversion. The ADC output is synchronous to the ADC controller.
ADC Usage Flow
-
Activate the ADC by negating ‘adc_pd_i’
-
Wait 30 uS for the ADC to wake up.
-
Select an analog channel to measure by setting the corresponding bit in ‘adc_chnsel_i’ bus. This triggers a measurement.
-
Wait until ‘adc_d_val’ is set and read the result via ‘adc_d_o’
-
Clear ‘adc_chnsel_i’ bus to 0. Note that adc_chnsel must be cleared to 0 before a new channel is selected.
-
Repeat steps 3-5 if more channels or more measurements are required
-
Deactivate the ADC by setting ‘adc_pd_i’ to save power.
Random Number Generator
AST contains a random number generator that outputs random number bitstreams whenever it is enabled. After enabled by the comportable controller through ‘rng_en_i’, the AST begins generating multiple independent four random bit streams. rng_b_o bit streams are valid and can be sampled whenever ‘rng_val_o’ is asserted according to the following diagram.
The expected rng_b_o valid output rate is about 50KHz. For more information on the RNG interface, please see the OpenTitan entropy source module.
Entropy Consumption
AST consumes entropy for defensive purposes. However, AST does not consume its raw entropy directly. Instead, AST receives entropy from the Entropy Distribution Network (EDN). Note that entropy_ack and entropy_i are packed into enropy_rsp_i in the interface. Also note that once entropy_req_o is set, it will remain set until ack or until reset.
Countermeasures and Alerts
Alert Events
AST’s sensors and detectors, when triggered, output alert events to a sensor controller. The event signals are level until acknowledged by the controller. Further, the events are differentially encoded to ensure they cannot be hard-wired or faulted to either ‘1’ or ‘0’.
Inside the sensor controller, the events are then converted into alerts as part of the wider OpenTitan alert handling system.
Alert Signaling
Outgoing alert events are level. Incoming event ack signals clear the alert event (similar to an interrupt). Outgoing alert events should be OR’d inside the sensor or power manager (depending on what level of deep sleep support is needed) to generate wakeup, that way AST does not need to do any additional handling for wakeups during low power mode.
The AST defines each alert signal in both positive (P) and negative (N) polarity (see ast_dif_t typedef with ‘p’ and ‘n’ signals), however, the P and N signals are not necessarily fully differential, for example, at times, it might occur that both P and N are at the same value. For alert_o case, the correct way to treat it is to propagate an alert signal if either P is high or N is low.
Countermeasures
Most countermeasure enablement is controlled by Nuvoton via the registers interface. Clock jitter is an exception because there is a reasoning for dynamically turning it on and off (security/performance tradeoff). Unless stated otherwise, countermeasures are active in all modes but deep-sleep.