Overview
AST, also known as the analog sensor top, is the OpenTitan analog and security companion. Within AST are various analog functions (such as clocks, regulators, random number generators) needed to make the device function, as well as physical security sensors necessary to protect the device from physical attacks or manipulation.
At a high level, AST communicates with a number of OpenTitan comportable modules. See diagram below.
In the following sections, each family of connection is briefly described and explained. Note, the analog connections to AST are not shown in the diagram, but will be explained as well.
Interface Signals Table
Table notes
Signal naming conventions used in this document
It complies with OpenTitan names and suffixes with some augmentations.
-
Clock signals start with clk_*
-
Inputs and outputs are marked with *_i/*_o
-
Analog signals are marked with *_a
-
Non-core level signals are marked with *_h
-
Dual and negative polarity signals are marked with *_p/n
Clock domains column
-
sys - system clock, mainly used for high performance and security modules. Up to 100MHz
-
io - peripheral clock source, mainly used for peripherals and I/O related functionality. Up to 96MHz (divided by 4 by the clock manager)
-
susb - USB module source clock. 48MHz
-
aon - Always-on domain clock. The only active clock while chip is in deep-sleep power state, 200KHz
-
async - when listed as async, it means it does not matter what domain drives the signal
-
Input clocks: Each functional interface has a dedicated clock named after the interface.
| Signal Name & Affiliation | I/O | Width | Clock Domain | Description |
|---|---|---|---|---|
| Power Supplies | ||||
| VCC | I | VCC is the main power supply. It is driven from an external source and is used to power the internal VCMAIN and VCAON power domains. VCC must always be present when the device is functioning; VCC is also used to power a number of pads that must be always on when the device is functioning. |
||
| AVCC | I | Analog blocks power supply. AVCC and AGND are analog supply and ground signals for the AST analog functions. They mainly serve for ADC and USB clock functionality. AVCC is expected to be driven by the same voltage regulator and have similar power availability as VCC. AVCC and AGND have dedicated package balls/pins. In the future, package pins sharing with VCC and GND may be considered based on post-silicon test results. | ||
| VCMAIN | O | Main core power, driven by internal capless voltage regulator | ||
| VCAON | O | Core voltage power for always-on domain (same voltage range as VCMAIN) | ||
| VIOA | I | IO supply, powering a set of pads. Unlike VCC, the IO supplies can be turned off by external components and the device will continue to function, the unpowered pads however, become inoperable. | ||
| VIOB | I | Same as VIOA, but for a different set of pads. | ||
| GND | I | Ground | ||
| AGND | I | Analog ground (see AVCC for further details) | ||
| Power Control and Reset | ||||
| otp_power_seq_i | I | 2 | async | Contains the power sequencing signals coming from the OTP macro. |
| otp_power_seq_h_o | O | 2 | async | Contains the power sequencing signals going to the OTP macro (VCC domain). |
| flash_power_down_h_o | O | 1 | async | Connected to flash (VCC domain). Used for flash power management. |
| flash_power_ready_h_o | O | 1 | async | Connected to flash (VCC domain). Used for flash power management. |
| vcmain_pok_o | O | 1 | async | Main core power-exist indication. Used by the OpenTitan power manager to determine the state of the main digital supply during power up and power down sequencing. |
| vcaon_pok_o | O | 1 | async | Always-on power-exist indication. Used by the OpenTitan power manager for power-on reset root. |
| vioa_pok_o | O | 1 | async | VIOA power-exist indications. Used as a power-OK status signal. |
| viob_pok_o | O | 1 | async | VIOB power-exist indication. Used as a power-OK status signal. |
| por_ni | I | 1 | async | Power on reset input signal to AST. See Resets section for further details |
| main_pd_ni | I | 1 | aon | Power down enable for main core power 0: main core power is down (deep-sleep state) 1: main core power is up It may take up to 200 uS from this signal transition to power switching completion by AST (not including boot time and so). Note that flash must be prepared for power down before this signal is asserted. |
| main_iso_en_i | I | 1 | aon | Isolation enable for main core power (VCMAIN). This signal is fed to AST for any local power clamping needs. This signal is only valid after aon core is available, until then, VCC / AVCC components must take appropriate steps to protect themselves. |
| Clock Outputs | ||||
| clk_src_sys_o | O | 1 | sys | 100 MHz clock with jitter (main clock domain). Used as the main system clock. |
| clk_src_sys_val_o | O | 1 | async | System clock valid. Used as "ack" signals for the power manager (TBD - add a link) |
| clk_src_sys_en_i | I | 1 | aon | System clock enable. |
| clk_src_sys_jen_i | I | 1 | async | System clock jitter enable |
| clk_src_aon_o | O | 1 | aon | 200 KHz clock for always-on domain. |
| clk_src_aon_val_o | O | 1 | async | aon clock valid |
| clk_src_usb_o | O | 1 | susb | 48 MHz clock for USB. To comply with USB full speed clock specification, it supports frequency accuracy of +/-2500 ppm when usb_ref_pulse_i is available and +/-2% otherwise. It may take up to 50 ms for this clock to reach the accuracy target from the time ‘usb_ref_pulse_i’ is available. USB clock calibration interface is further detailed here. |
| clk_src_usb_val_o | O | 1 | async | USB clock valid |
| clk_src_usb_en_i | I | 1 | aon | USB clock enable |
| usb_ref_pulse_i | I | 1 | usb | USB reference pulse +/-500ppm. When valid, it is expected to pulse every 1ms. |
| usb_ref_val_i | I | 1 | usb | USB reference valid. This bit serves as a valid signal for the usb_ref_pulse_i signal. It is set to 1 after the first valid usb_ref_pulse_i event is detected and remains high as long as usb_ref_pulse_i continues to behave as expected (per usb_ref_pulse description). Once usb_ref_pulse deviates from its expected behavior, usb_ref_val_i immediately negates to 0 and remains 0 until after the next valid usb_ref_val pulse. |
| clk_src_io_o | O | 1 | io | 96 MHz clock with +/-2% frequency accuracy. Used for peripherals that require a fixed frequency, for example SPI and UART |
| clk_src_io_val_o | O | 1 | async | I/O and timer clock valid. Used as "ack" signals for the power manager (TBD - add a link). |
| clk_src_io_en_i | I | 1 | aon | I/O and timer clock enable |
| Clock & Reset Inputs | ||||
| clk_ast_adc_i | I | 1 | adc | ADC interface clock input |
| clk_ast_rng_i | I | 1 | rng | RNG interface clock input |
| clk_ast_usb_i | I | 1 | usb | USB reference interface clock input |
| clk_ast_es_i | I | 1 | es | Entropy source interface clock input |
| clk_ast_alert_i | I | 1 | alert | Alert interface clock input |
| clk_ast_tlul_i | I | 1 | tlul | TLUL bus interface clock input |
| rst_ast_adc_ni | I | 1 | adc | ADC interface reset (active low) |
| rst_ast_rng_ni | I | 1 | rng | RNG interface reset (active low) |
| rst_ast_usb_ni | I | 1 | usb | USB reference interface reset (active low) |
| rst_ast_es_ni | I | 1 | es | Entropy source interface reset (active low) |
| rst_ast_alert_ni | I | 1 | alert | Alert interface interface reset (active low) |
| rst_ast_tlul_ni | I | 1 | tlul | TLUL bus reference interface reset (active low) |
| Register Access Interface | ||||
| tlul | I/O | TBD | tlul | TLUL bus interface. Mainly used for configuration, calibration and trimming. At boot time, data is copied from non-volatile storage into AST registers by the SW boot entity. This interface has no further use beyond this point. Runtime interaction with AST is performed by other signals as described in this document. |
| Analog modules | ||||
| adc_a0_ai | I | 1 | async | ADC analog input channels 0 to be measured. Signal type is awire (see ana_pkg.sv) |
| adc_a1_ai | I | 1 | async | ADC analog input channels 1 to be measured. Signal type is awire (see ana_pkg.sv) |
| adc_d_o | O | 10 | adc | ADC digital data |
| adc_chnsel_i | I | 2 | adc | ADC input channel select (one hot). No more than one channel should be selected at a time. Any change in ‘adc_chnsel_i’ value must go through all ‘0’. Changing ‘adc_chnsel_i’ from ‘0’ value to non-’0’ value starts an ADC conversion. |
| adc_d_val_o | O | 1 | adc | ADC digital data valid |
| adc_pd_i | I | 1 | adc | ADC power down - for saving power during deep-sleep state between measurements. When this signal is high, ADC module is in off state, otherwise, it is in active state. A setup time of TBD must be provided from activating ADC until performing a measurement (by asserting one of adc_cs signals) |
| entropy_req_o | O | 1 | es | Request entropy from CSRNG |
| entropy_ack_i | I | 1 | es | CSRNG entropy request acknowledge |
| entropy_i | I | 1 | es | Random input from chip level. |
| rng_en_i | I | 1 | rng | Input from controller to enable RNG |
| rng_val_o | O | 1 | rng | RNG bit valid. This is a per-transaction valid. rng_b_o can be sampled whenever this bit is high. |
| rng_b_o | O | 4 | rng | RNG digital bit streams. The downstream controller of this signal should sample at the rates of 200 KHz / 100KHz / 50KHz / 25KHz / 12.5KHz (50 KHz is the target, the rest are for fallback and upside). |
| Countermeasures and Alerts | ||||
| as_alert_po/no | O | 2 | alert | Active shield alert |
| as_alert_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| as_alert_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| cg_alert_po/no | O | 2 | alert | Clock glitch detector alert |
| cg_alert_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| cg_alert_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| gd_alert_po/no | O | 2 | alert | Voltage glitch detector alert |
| gd_alert_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| gd_alert_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| ts_alert_hi_po/no | O | 2 | alert | Temperature sensor alert for high temperature band |
| ts_alert_hi_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| ts_alert_hi_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| ts_alert_lo_po/no | O | 2 | alert | Temperature sensor alert for low temperature band |
| ts_alert_lo_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| ts_alert_lo_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| ls_alert_po/no | O | 2 | alert | Light sensor alert (TBD) |
| ls_alert_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| ls_alert_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| ot_alert_po/no | O | TBD | alert | Other alerts (TBD) |
| ot_alert_ack_i | I | 1 | alert | single pulse ack, source and destination assumed to be synchronous |
| ot_alert_trig_i | I | 1 | alert | Alert force trigger by software - connected to a chip register |
| Trimming Test and Debug | ||||
| scan_mode_i | I | 1 | Scan mode indication signal. Controllable only when DFT features are enabled (Test and RMA states). Otherwise, these signals are grounded to 0. | |
| scan_reset_ni | I | 1 | Scan reset | |
| clk_ast_ext_i | I | 1 | async | External clock. While AST generates most of its clocks on-die, it still needs an external clock for clock calibration and first flash/OTP programming. Clock calibration: AST clock sources are inaccurate by default and must be calibrated prior to use. The results of the calibration are stored in OTP and reloaded by software upon system boot. First Flash / OTP programming: AST clock sources are inaccurate by default and may be out of range for initial flash and OTP programming. In this situation, an external clock may be required for initial programming such that a software image can be loaded to calibrate clocks and advance life cycle. |
| vcc_supp_i | I | 1 | async | VCC Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant ‘1’ and will be disconnected inside the AST. |
| vcmain_supp_i | I | 1 | async | VCMAIN Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant ‘1’ and will be disconnected inside the AST. |
| vcaon_supp_i | I | 1 | async | VCAON Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant ‘1’ and will be disconnected inside the AST. |
| vioa_supp_i | I | 1 | async | VIOA Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant ‘1’ and will be disconnected inside the AST. |
| viob_supp_i | I | 1 | async | VIOB Supply Test. (supply indication for DV purposes). In FPGA Verilog view, the respective POK signal follows this signal. In other Verilog views this signal should be connected to constant ‘1’ and will be disconnected inside the AST. |
| ast2pad_a_io | I/O | TBD | async | Analog debug signals. These signals should be connected directly to chip PADs. They can share PADs with functional signals but when they are used for their analog debug function, the functional I/O must be in tri-state. |
| padmux2ast_i | I | TBD | async | Digital debug input signals (routed to pin mux). These signals are controllable only when DFT features are enabled (Test and RMA states). Otherwise, these signals are grounded to 0. |
| ast2padmux_o | O | TBD | async | Digital debug output signals (routed to pin mux). These signals are only outputted when DFT features are enabled (Test and RMA states). Otherwise, these signals are grounded to 0. |
| usb_io_cal_o | O | 32 | async | USB I/O calibration and trimming |
| lc_root_clk_byp_i | I | 4 | async | External clock mux override for OTP bootstrap purposes. When this bit is set, clk_ast_ext_i serves as the io_clk clock root. Signal type is lc_tx_t (see lc_ctl_pkg.sv) On = 4'b1010; Off = 4'b0101 Note: When ‘On’, clk_src_io_o clock max frequency is limited to 50 MHz |
| lc_dft_en_i | I | 4 | async | DFT enable. Signal type is lc_tx_t (see lc_ctl_pkg.sv) On = 4'b1010; Off = 4'b0101 |
Interfaces Description Note
The information below augments the Interface Signals Table. For further details, see the corresponding signals description in the table.
Power Connectivity
Note: Power signals may not appear in the verilog files, however, they are described for completeness.
External Supplies
AST has four external power supplies VCC, AVCC, VIOA and VIOB. VCC is the main supply, AVCC is an analog VCC supply. VIOA and VIOB are two additional I/O supplies.
Core Supplies
The core supplies are generated from the VCC supply. These are two core supply domains: VCMAIN and VCAON. VCAON, as its name implies, is the always on core supply used to power components that stay active during device low power states. VCMAIN on the other hand, powers most chip logic such as RISC-V processor, crypto modules and almost all memories and peripherals. The VCMAIN supply can be turned off when requested, VCAON on the other hand, is active whenever VCC is active. AST core logic is powered by VCAON.
Power Control and Reset
Core Power Control and Indication
VCMAIN is the only supply that can be directly influenced by OpenTitan. The power manager can request VCMAIN to shutdown through main_pd_n. The state of VCMAIN is reflected by the vcmain_pok_o signal.
IO Power Indication
IO power state is reflected to OpenTitan by vioa_pok_o and viob_pok_o signals
Main (VCC) Power Detection and Flash Protection
On VCC power-down detection, ‘flash_power_ready_h_o’, ‘vcaon_pok_o’ and ‘vcmain_pok_o’ are immediately negated. This means that negation of the VCC supply always triggers the flash brown-out (BOR) protection circuitry.
When entering deep-sleep mode, ‘flash_power_down_h_o’ is asserted before negating VCMAIN until VCMAIN is back up.
Resets
The AST supports the generation of the root reset for the reset manager. It is driven by ‘vcaon_pok_o’ which is generated inside AST. The ‘vcaon_pok_o’ is activated when the following conditions are met: VCC is detected, internal voltage regulator is active and ‘por_ni’ reset input is inactive. ‘por_ni’ is driven by an external chip reset pin. The following table and diagrams describe the AST sub-modules resets.
| Components | Reset by | Comments |
|---|---|---|
| Regulators, ‘power-OK’ logic and always-on clock | self-restart / tlul-reset** | tlul-reset is driven by ‘rst_ast_tlul_ni’ signal. ‘tlul-reset**’ means that in this case, it does not cause a full restart, but calibration and trimming values are lost. The affected module is designed to withstand such loss of calibration without causing harmful transition effects. However, from that point, the module is in its default uncalibrated configuration until re-calibrated by the boot code (as in regular boot). When uncalibrated, the always-on clock frequency is 200 kHz ~+/-30% (TBD) |
| Calibration trimming and other registers | tlul-reset | |
| System/USB/IO clock generators | vcmain_pok_o / tlul-reset** | vcmain_pok_o is also fed by vcaon_pok_o and por_ni. After reset, clocks are not calibrated and have no jitter until configured by the booter. Until that point, their clock frequency range is -10% ~ -60% (TBD) of the target frequency. |
| Other interface functions | Input reset / tlul-reset** | Per the corresponding interface clock domain reset input. |
Clock Outputs
AST generates four clocks: System clock, IO clock, USB clock and Always-on clock. Most clocks have ‘enable’ inputs and a corresponding ‘valid’ output. When the enable is de-asserted, the corresponding clock stops and valid is dropped to 0. When the enable is asserted, the clocks begin outputting in a “glitchless” manner and the valid is raised to 1. Unless noted otherwise, clocks duty cycle is 50% +/-5%.
The OpenTitan power and clock managers are responsible for manipulating the enables and observing the valids to know when clocks can be safely released to the system.
USB Clock Calibration
The USB clock requires an accuracy that cannot be achieved by the AST clocks natively. As a result, information from USB frames are used to calibrate the clock.
Clock & Reset Inputs
The root clocks and resets are generated inside AST. However, the clocks go through gating and optional division in the OpenTitan top level and propagate back into AST as feedback clocks, each with associated synchronized reset to ensure it can synchronize with the various comportable modules. The input resets are used for the different AST interface functions. For further details about AST resets, see Resets section.
Note: There are several reason for routing leaf clocks back into AST instead of using the root clocks directly
-
The leaf clocks may be divided down from the root clock and that frequency is used to drive the interface. For example, clk_src_io_clk_o is 96MHz, but comportable modules use either 48MHz or 24MHz.
-
The leaf clocks and root clocks have very different clock tree depths and may be difficult for timing closure if they interacted directly.
-
Decouple AST internal design from OpenTitan top-level interfaces clock and reset selection.
Register Access Interface
AST registers can be accessed via TL-UL interface. These registers are used for test and calibration purposes and are not required for runtime operation. See the Interface Signals Table for more details.
ADC
AST contains an analog to digital converter that can be used to sample various input signals. For OpenTitan this will primarily be used for debug cable detection. To activate the ADC, the corresponding comportable module must first select the channel to sample, and then activate the ADC through `adc_pd_i`. Once activated, the ADC will produce an output synchronous to the adc controller.
ADC Usage Flow
-
Activate the ADC by negating ‘adc_pd_i’
-
Wait 30 uS for the ADC to wake up.
-
Select an analog channel to measure by setting the corresponding bit in ‘adc_chnsel_i’ bus. This triggers a measurement.
-
Wait unitl ‘adc_d_val’ is set and read the result via ‘adc_d_o’
-
Clear ‘adc_chnsel_i’ bus to 0. Note that adc_chnsel must be cleared to 0 before a new channel is selected.
-
Repeat steps 3-5 if more channels or more measurements are required
-
Deactivate the ADC by setting ‘adc_pd’ to save power.
https://wavedrom.com/editor.html
{signal: [ {node: ‘.a..b……..', phase:0.2},
{name: ‘adc_pd_i’ , wave: ‘10|..|…..|….|..1’},
{name: ‘clk_ast_adc_i’, wave: ‘p.|..|…..|….|…'},
{name: ‘adc_chnsel_i’ , wave: ‘0.|.3|..04.|….|0..'},
{name: ‘adc_d_val_o’ , wave: ‘0.|..|.1.0.|.1..|.0.'},
{name: ‘adc_d_o’ , wave: ‘x.|..|.3.x.|.4..|.x.', data: [‘ch0’, ‘ch1’, ‘ch1’]},
],edge: [ ‘a<->b wakeup time’, ] }
Random Number Generator
AST contains a random number generator that outputs random number bitstreams whenever it is enabled. After enabled by the comportable controller through ‘rng_en_i’, the AST begins generating multiple independent four random bit streams. rng_b_o bit streams are valid and can be sampled whenever `rng_val_o` is asserted according to the following diagram.
The expected rng_b_o valid output rate is about 50KHz.
Entropy Consumption
AST consumes entropy for defensive purposes. However, AST does not consume its raw entropy directly. Instead, AST receives entropy from the CSRNG. The details of this interface are still under discussion.
{signal: [
{name: ‘clk_ast_es_i’ , wave: ‘p.|……….'},
{name: ‘entropy_req_o’ , wave: ‘01|.0.1…..0’},
{name: ‘entropy_ack_i’ , wave: ‘0.|10.1.01..0’},
{name: ‘entropy_i’ , wave: ‘xx|2x.22x222x’},
] }
Countermeasures and Alerts
Alert Events
AST’s sensors and detectors, when triggered, output alert events to a sensor controller. The event signals are level until acknowledged by the controller. Further, the events are differentially encoded to ensure they cannot be hard-wired or faulted to either ‘1’ or ‘0’.
Inside the sensor controller, the events are then converted into alerts as part of the wider OpenTitan alert handling system.
Alert Signaling
Outgoing alert events are level. Incoming event ack signals clear the alert event (similar to an interrupt). Outgoing alert events should be OR’d inside the sensor or power manager (depending on what level of deep sleep support is needed) to generate wakeup, that way AST does not need to do any additional handling for wakeups during low power mode.
Countermeasures
Most countermeasure enablement is controlled by Nuvoton via the registers interface. Clock jitter is an exception because there is a reasoning for dynamically turning it on and off (security/performance tradeoff). Unless stated otherwise, countermeasures are active in all modes but deep-sleep.