5.4 Security Features

Table 5-2. Security Features
Peripheral	Function	Description	Comments
ARM926EJ-S MMU	Memory Management Unit	Memory Management Unit	–
PIO	I/O Control/ Peripheral Access	When a peripheral is not selected (PIO-controlled),  I/O lines have no access to the peripheral.	–
AES	Cryptography Standards	Hardware-accelerated AES up to 256 bits	FIPS-compliant
SHA	SHA up to 512 and HMAC-SHA
TDES	Hardware-accelerated Triple DES
TRNG	True Random Number Generator
AES, TDES	Cryptography Tamper	Immediate clear of keys in case of external tamper event detection (if enabled)
AES, TDES, SHA	Cryptography Integrity Checks	AES/TDES/SHA embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)	–
OTPC, AES, TDES, TRNG	Cryptography Private Key Bus	Capability to transfer a key to AES/TDES in a totally invisible manner from software	–
Secure Boot	Secure Boot	Code encrypted/decrypted, Trusted Code Authentication	Hardware SHA (HMAC) + Software RSA or AES Hardware (CMAC)
Memories	Scrambling	On-the-fly scrambling/unscrambling for memories	All external memories such as QSPI, DDR, and all memories on SMC
RTC	IO Tamper Pin	Eight tamper detection pins	VDDCORE WKUP1 to WKUP8 pins can be selected as a source of tamper, performing an immediate clear of AES/TDES keys (if enabled), immediate clear of scrambling keys in SDR/DDR/QSPI/SMC, and immediate clear of General Purposes Backup Registers (if enabled)
Timestamping	Timestamping of tamper events	All events are logged in the RTC. Timestamping gives the source of the reset/erase memory/interruption
Configuration	Protection against bad configuration (invalid entry for date and time are impossible)	–
Glitch Robustness	Glitch on 32 KHz does not corrupt the downstream counters	Glitch on 32 KHz can only create a phase shift of the downstream counters
Integrity Check	If RTC Status flag TDERR is set, counters integrity have been corrupted	–
Secure OTP	JTAG Access Control	Disable JTAG access by OTP bit	–
PIT64B, TC	Integrity Checks	PIT64B/TC embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)	–
GPBR	Access Protection	GPBR can be write-protected and/or read-protected	–
Tamper	GBPR can be immediately cleared on tamper detection (if enabled)	–

ARM926EJ-S MMU

Memory Management Unit

–

PIO

I/O Control/ Peripheral Access

When a peripheral is not selected (PIO-controlled),  I/O lines have no access to the peripheral.

–

AES

Cryptography Standards

Hardware-accelerated AES up to 256 bits

FIPS-compliant

SHA

SHA up to 512 and HMAC-SHA

TDES

Hardware-accelerated Triple DES

TRNG

True Random Number Generator

AES, TDES

Cryptography Tamper

Immediate clear of keys in case of external tamper event detection (if enabled)

AES, TDES, SHA

Cryptography Integrity Checks

AES/TDES/SHA embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)

–

OTPC, AES, TDES, TRNG

Cryptography Private Key Bus

Capability to transfer a key to AES/TDES in a totally invisible manner from software

–

Secure Boot

Code encrypted/decrypted, Trusted Code Authentication

Hardware SHA (HMAC) + Software RSA or AES Hardware (CMAC)

Memories

Scrambling

On-the-fly scrambling/unscrambling for memories

All external memories such as QSPI, DDR, and all memories on SMC

RTC

IO Tamper Pin

Eight tamper detection pins

VDDCORE WKUP1 to WKUP8 pins can be selected as a source of tamper, performing an immediate clear of AES/TDES keys (if enabled), immediate clear of scrambling keys in SDR/DDR/QSPI/SMC, and immediate clear of General Purposes Backup Registers (if enabled)

Timestamping

Timestamping of tamper events

All events are logged in the RTC. Timestamping gives the source of the reset/erase memory/interruption

Configuration

Protection against bad configuration (invalid entry for date and time are impossible)

–

Glitch Robustness

Glitch on 32 KHz does not corrupt the downstream counters

Glitch on 32 KHz can only create a phase shift of the downstream counters

Integrity Check

If RTC Status flag TDERR is set, counters integrity have been corrupted

–

Secure OTP

JTAG Access Control

Disable JTAG access by OTP bit

–

PIT64B, TC

Integrity Checks

PIT64B/TC embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)

–

GPBR

Access Protection

GPBR can be write-protected and/or read-protected

–

Tamper

GBPR can be immediately cleared on tamper detection (if enabled)

–