52.5 Functional Description

The TrustZone Advanced Encryption Standard Bridge (TZAESB) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The TZAESB algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information.

Encryption converts data to an unintelligible form called ciphertext. Decrypting the ciphertext converts the data back into its original form, called plaintext.

The TZAESB is capable of using cryptographic keys of 128 bits to encrypt and decrypt data in blocks of 128 bits. This 128-bit key is defined in the Key registers (TZAESB_KEYWRx) or in the Private Key internal register that is only writable from the Private Key bus.

The Advanced Encryption Standard Bridge (TZAESB) integrates two AES cores which can be configured separately.

Figure 52-2. TZAESB Top View

Each core has its own configuration and therefore its own cipher key, nonce, etc. Each TZAESB Core configuration (except the security attribute) must be written through the peripheral bus. For details, refer to:

“TrustZone AES Bridge Address Space Controller (TZAESBASC)” in the section “System Interconnect and Security (SIS)”,
the “Memory Mapping” figure in the section” Memories”.