53.4.11.1 Private Key Bus

The AES provides secure key transfer that requires a transfer command only, thus avoiding any manipulation of the key by software.

The AES features a set of Private Key internal registers that can be accessed only through the dedicated Private Key bus from the TRNG or OTPC.

The Private Key internal registers cannot be read from any peripheral or from software.

The AES key used by the encryption/decryption engine is either the Private Key internal registers content or the AES_KEYWRx registers loaded via the AES_KEYWRx.

To select the Private Key internal registers as the source of the AES key, AES_EMR.PKRS must be written to ‘1’.

When AES_EMR.PKRS is modified, it is mandatory to load the corresponding key value even if the key has been previously written with same value.

To write the Private Key internal registers, the software must:
  1. Write a ‘1’ in AES_EMR.PKRS.
  2. Trigger the key transfer over the Private Key bus from the TRNG or OTPC key bus host.
  3. Wait for completion of the transfer signaled in the TRNG or OTPC Status register.
  4. Check for any access violation in AES_WPSR.PKRPVS.
Figure 53-17. Key Selection