52.5.3.1 Private Key Bus

The TZAESB features a Private Key internal register that can be accessed only through the dedicated Private Key bus from the TRNG or OTPC.

The Private Key internal register cannot be read from any peripheral or from software.

The TZAESB key used by the encryption/decryption engine is either the Private Key internal register content or the TZAESB_KEYWRx registers content.

By default, after a hardware reset, the TZAESB key is provided by the TZAESB_KEYWRx registers. The software can select the Private Key internal register by setting TZAESB_EMR.PKRS. The keys stored in TZAESB_KEYWRx remain available for later use by clearing TZAESB_EMR.PKRS.

Before selecting the Private Key internal register, the software must:

  1. Trigger the key transfer over the Private Key bus from the TRNG or OTPC Key Bus host.
  2. Wait for completion of the transfer signaled in the Key Bus host Status register.
  3. Check for any access violation in TZAESB_WPSR.PKRPVS.
Figure 52-3. Key Selection