56.4.5.1 Private Key Bus

The TDES provides secure key transfer that requires a transfer command only, thus avoiding any manipulation of the key by software.

The TDES features a set of Private Key internal registers that can be accessed only through the dedicated Private Key bus from the TRNG or OTPC.

The Private Key internal registers cannot be read from any peripheral or from software.

The TDES key used by the encryption/decryption engine is either the Private Key internal registers content or the internal key registers loaded via the TDES_KEYxWRy.

To select the Private Key internal registers as the source of the TDES key, TDES_MR.PKRS must be written to ‘1’.

To write the Private Key internal registers, the software must:

  1. Write a ‘1’ in TDES_MR.PKRS.
  2. Trigger the key transfer over the Private Key bus from the KEY_BUS_MASTERS key bus host.
  3. Wait for completion of the transfer signaled in the KEY_BUS_MASTERS status register.
  4. Check for any access violation in TDES_WPSR.PKRPVS.
Figure 56-6. Key Selection

While TDES_MR.PKWO=0, it is possible to write the Private Key internal registers as many times as required.

As soon as the bit TDES_MR.PKWO=1, the next write sequence on Private Key internal registers is the last one. Any additional write sequence in the Private Key internal registers has no effect, thus providing write-protection of these registers. A hardware reset is the only way to exit from the write-protected state.