57.5.4 Security and Functional Analysis and Reports

Several type of checks are performed when the TRNG is enabled.

The peripheral clock of the TRNG is monitored by specific circuitry to detect abnormal waveforms on the internal clock net that may affect the behavior of the TRNG. Corruption on the triggering edge of the clock or a pulse with a minimum duration may be identified. If the flag TRNG_WPSR.CGD is set, an abnormal condition occurred on the peripheral clock. This flag is not set under normal operating conditions.

The internal sequencer of the TRNG is also monitored and if an abnormal state is detected, the flag TRNG_WPSR.SEQE is set. This flag is not set under normal operating conditions.

The software accesses to the TRNG are monitored and if an incorrect access is performed, the flag TRNG_WPSR.SWE is set. The type of incorrect/abnormal software access is reported in the TRNG_WPSR.SWETYP field (see TRNG Write Protection Status Register for details). For example, reading the TRNG_ODATA when the TRNG is disabled is an error, as well as reading the TRNG_ODATA, when the TRNG_ISR.DATRDY flag is cleared. TRNG_WPSR.ECLASS is an indicator reporting the criticality of the SWETYP report.

The flags CGD, SEQE, SWE and WPVS are automatically cleared when TRNG_WPSR is read.

If one of these flags is set, the flag TRNG_ISR.SECE is set and can trigger an interrupt if the TRNG_IMR.SECE bit is ‘1’. SECE is cleared by reading TRNG_ISR.