54.5.2 AES Mode Register

This register can only be written if the WPEN bit is cleared in the AES Write Protection Mode Register.

Name: AES_MR
Offset: 0x04
Reset: 0x00080000
Property: Read/Write

Bit 3130292827262524 
 TAMPCLR        
Access R/W 
Reset  
Bit 2322212019181716 
 CKEY[3:0] CFBS[2:0] 
Access WWWWR/WR/WR/W 
Reset 000000 
Bit 15141312111098 
 LODOPMOD[2:0]KEYSIZE[1:0]SMOD[1:0] 
Access R/WR/WR/WR/WR/WR/WR/WR/W 
Reset 00000000 
Bit 76543210 
 PROCDLY[3:0]DUALBUFF GTAGENCIPHER 
Access R/WR/WR/WR/WR/WR/WR/W 
Reset 0000000 

Bit 31 – TAMPCLR Tamper Clear Enable

ValueDescription
0

A tamper detection event has no effect on the AES_KEYWRx key.

1

A tamper detection event immediately clears the AES_KEYWRx key.

Bits 23:20 – CKEY[3:0] Key

ValueNameDescription
0xE PASSWD

This field must be written with 0xE the first time AES_MR is programmed. For subsequent programming of AES_MR, any value can be written, including that of 0xE.

Always reads as 0.

Bits 18:16 – CFBS[2:0] Cipher Feedback Data Size

ValueNameDescription
0 SIZE_128BIT

128-bit

1 SIZE_64BIT

64-bit

2 SIZE_32BIT

32-bit

3 SIZE_16BIT

16-bit

4 SIZE_8BIT

8-bit

Bit 15 – LOD Last Output Data Mode

Warning: In DMA mode, reading to the Output Data registers before the last data encryption/decryption process may lead to unpredictable results.
ValueDescription
0

No effect.

After each end of encryption/decryption, the output data are available either on the output data registers (Manual and Auto modes) or at the address specified in the Channel Buffer Transfer Descriptor for DMA mode.

In Manual and Auto modes, the DATRDY flag is cleared when at least one of the Output Data registers is read.

1

The DATRDY flag is cleared when at least one of the Input Data Registers is written.

No more Output Data Register reads are necessary between consecutive encryptions/decryptions (see Last Output Data Mode).

Bits 14:12 – OPMOD[2:0] Operating Mode

For CBC-MAC operating mode, set OPMOD to CBC and LOD to 1.

When switching from an operating mode requiring the initialization vectors (e.g. CBC, GCM) to another operating mode that does not require initialization vectors (e.g. ECB) and a message of one block has been processed, initialization vector registers (AES_IVRx) must be cleared before switching to the new mode.

ValueNameDescription
0 ECB

ECB: Electronic Codebook mode

1 CBC

CBC: Cipher Block Chaining mode

2 OFB

OFB: Output Feedback mode

3 CFB

CFB: Cipher Feedback mode

4 CTR

CTR: Counter mode (16-bit internal counter)

5 GCM

GCM: Galois/Counter mode

6 XTS

XTS: XEX-based tweaked-codebook mode

Bits 11:10 – KEYSIZE[1:0] Key Size

ValueNameDescription
0 AES128

AES Key Size is 128 bits

1 AES192

AES Key Size is 192 bits

2 AES256

AES Key Size is 256 bits

Bits 9:8 – SMOD[1:0] Start Mode

If a DMA transfer is used, configure SMOD to 2. See DMA Mode for more details.

ValueNameDescription
0 MANUAL_START

Manual Mode

1 AUTO_START

Auto Mode

2 IDATAR0_START

AES_IDATAR0 access only Auto Mode (DMA)

Bits 7:4 – PROCDLY[3:0] Processing Delay

Processing Time = N × (PROCDLY + 1)

where

  • N = 10 when KEYSIZE = 0
  • N = 12 when KEYSIZE = 1
  • N = 14 when KEYSIZE = 2

The processing time represents the number of clock cycles that the AES needs in order to perform one encryption/decryption.

Note: The best performance is achieved with PROCDLY equal to 0.

Bit 3 – DUALBUFF Dual Input Buffer

ValueNameDescription
0 INACTIVE

AES_IDATARx cannot be written during processing of previous block.

1 ACTIVE

AES_IDATARx can be written during processing of previous block when SMOD = 2. It speeds up the overall runtime of large files.

Bit 1 – GTAGEN GCM Automatic Tag Generation Enable

ValueDescription
0

Automatic GCM Tag generation disabled.

1

Automatic GCM Tag generation enabled.

Bit 0 – CIPHER Processing Mode

ValueDescription
0

Decrypts data.

1

Encrypts data.