5.4 Security Features
| Peripheral | Function | Description | Comments |
|---|---|---|---|
| TrustZone | Security Enclave | Partition Secure/Non-secure world | Arm technology |
| Cortex MMU | Memory Management Unit | Cortex-A7 Memory Management Unit | – |
| PIO | I/O Control/ Peripheral Access | When a peripheral is not selected (PIO-controlled), IO lines have no access to the peripheral. | – |
| Freeze | Capability to freeze either the functional part or the physical part of the configuration. | Once the freeze command is issued, no modifications to the current configuration are possible. Only a hardware reset allows a change to the configuration. | |
| Public Key Coprocessor (CPKCC) and associated Classical Public Key Cryptography Library (CPKCL) | Cryptography | ECC (Asymmetric key algorithm, elliptic curves) | – |
| RSA (Asymmetric key algorithm) | |||
| TDES, TRNG, AES, SHA | Hardware-accelerated Triple DES | FIPS-compliant(1) | |
| True Random Number Generator | |||
| Hardware-accelerated AES up to 256 bits | |||
| SHA up to 512 and HMAC-SHA | |||
| AES, SHA, CPKCC, CPKLC | Secure Boot | Code encrypted/decrypted, Trusted Code Authentication |
Hardware AES: Encrypt, Decrypt, CMAC Hardware SHA CPKCC, CPKCL: RSA or elliptic curves |
| AES, TDES, SHA, PIT64B, TC | Security and safety analysis and report | Monitoring on states or sequences, clocks and waveforms. Error detection can occur only in abnormal operating conditions. | – |
| Register access protection | Checks for incorrect accesses. | – | |
| AES, TDES | Key clearing on event | Immediate clearing of the key in case of external tamper event detection | – |
| TZAESB | On-the-fly AES | On-the-fly encryption/decryption for NFC_RAM, DDR, QSPI and SMC memories, with respect to TrustZone using TZAESBASC | AES128 |
| TZAESBASC | Directs data transfer to either the TZAESB secure core or the unsecured TZAESB core | – | |
| Private Key Bus | Transfers hidden keys to crypto-engines | Capability to transfer keys to or from AES, TZAESB, TDES, TRNG, OTPC in a manner totally invisible by the software. | – |
| Memories | Scrambling | On-the-fly scrambling/unscrambling for memories | SMC, SECURAM, GPBR and QSPI |
| ICM | Memory Integrity Check Monitoring | Uses a hardware Secure Hash Algorithm (up to SHA256) |
SMC, DDR, internal SRAM and QSPI |
| SECUMOD | JTAG | JTAG entry monitor | These tampers (JTAG, test, PIOBUs, monitors, etc.) can be configured to immediately erase Backup memories (BUSRAM4KB and BUREG256b) or generate an interrupt or a wake-up signal. |
| Test | Test entry monitor | ||
| Voltage Monitoring | VBAT monitoring | ||
| VDDCPU monitoring | |||
| VDDCORE monitoring | |||
| Temperature Monitoring | Temperature monitoring | ||
| Frequency Monitoring | 32.768 kHz crystal oscillator monitoring | ||
| CPU clock monitoring | |||
| IO Tamper Pin | 4 tamper detection pins. Active and Dynamic modes supported. | ||
| Secure Backup SRAM (SECURAM) | 5 Kbytes scrambled and non-imprinting avoiding data persistance | 4 Kbytes erasable on tamper detection | |
| Secure Backup Registers | 256-bit register bank, scrambled | Erasable on tamper detection | |
| RTC | RTC | Timestamping of tamper events. Protection against bad configuration (invalid entry for date and time are impossible) | All events are logged in the RTC. Timestamping gives the source of the reset/erase memory/interruption |
| RTC robustness against glitch attack on 32 kHz crystal oscillator | – | ||
| Secure OTP | JTAG Access Control | Disable JTAG access by OTP bit | – |
| Secure Debug Disable | JTAG debug allowed in Normal mode only, not in Secure mode | TrustZone | |
| TZWDT | Watchdog | Protects against TrustZone starvation | TrustZone |
| GPBR | Peripheral Access and Protection | GPBR can be write protected, read protected and immediately cleared on external tamper event detection | – |
Note:
- Refer to each peripheral section for details on FIPS compliance.