7.6.5.4 PUF Controller States

The PUF controller provides several operations which are triggered by software commands or hardware events. For several reasons (security, etc.), not all operations are available at all times. The following figure illustrates the operation capabilities.

Figure 7-35. Operation Diagram
Figure 7-36. Operation Diagram

After power-up and reset is released (refer to the section “Special Function Registers (SFR)” for details on reset deassertion), the PUF controller begins in the Uninitialized state, and runs its initialization sequence (see Initialization Operation ). This is indicated by the flag BUSY=1 in the Status register (PUF_SR).

Reset takes precedence over all PUF controller functionalities. As long as the reset is held active, the PUF controller stays in the Uninitialized state, and commands or hardware events have no effect.

When initialization finishes successfully, the PUF controller moves to the Initialized state. It moves to the Locked state on failure.

In the Initialized state, several operations can be performed: BIST, Test PUF, Test SRAM, Generate Random, Reseed, Enroll, Start, Reconstruct, Stop.

Note: An operation can only be performed when it is not disabled (See PUF Hardware Settings Register). This is valid in all states. PUF Hardware Settings Register is controlled by the SFR.

After a successful Enroll operation (see Enroll Operation), the PUF controller is in the Enrolled state and can perform a Generate Random operation, a Reseed, key operations or a Stop operation (when no further actions is required at that moment).

After a successful Start (see Start Operation) or Reconstruct (see Reconstruct Operation), the PUF controller is in the Started state. In this state, a Generate Random operation, a Reseed, key operations or a Stop operation can be done.

A Stop operation (see Stop Operation) brings the PUF controller to the Stopped state. In this state, no sensitive data is present in the controller and the following operations can be performed: BIST, Test Memory, Generate Random, Reseed, Start, Reconstruct.

When in Started or Enrolled state, key operations can be performed (see Get Key Operation to Unwrap Operation). After such an operation is complete, the PUF controller returns to the state it was in before the operation.

In an Initialized, Enrolled, Started or Stopped state, random data can be generated with the Generate Random command (see Generate Random Operation). The random data is output via the Data Output register (PUF_DOR) in the user interface.

With the Reseed operation (see Reseed Operation), the DRNG is seeded with new entropy and its reseed counter is reset. This can be done at any moment that another operation can be started. The entropy can be provided via the Data Input register (PUF_DIR) in the user interface.

In Initialized or Stopped state, the PUF SRAM can be tested with the Test Memory operation (see Test Memory Operation). Details on the memory test are provided in PUF SRAM Test.

With the Test PUF operation (see Test PUF Operation), diagnostic information about the PUF quality is collected and presented in the Score register (PUF_PSR). This operation is intended for production test purposes. It can only be executed once per reset or power cycle. Details on the diagnostics are provided in PUF Diagnostics.

The Zeroize command (see Test PUF Operation) erases all critical security parameters and prevents the PUF controller from executing any more commands by entering the Zeroized state. The only way to leave this state consists in power-cycling the device, which puts the PUF controller in Uninitialized state and starts initialization. This command can be run via the Control register (PUF_CR).

If an operation is unsuccessful, the PUF_SR.ERROR flag is set. In this case, the PUF controller returns to the state it was in when the command was issued.

If a failure (unrecoverable error) occurs during any of the above-mentioned operations (including Initialization and Zeroize), the PUF controller goes to the Locked state. In this state, no commands can be executed except Zeroize. After a reset, the PUF controller attempts to initialize.

Errors and failures are detailed in PUF Error Handling. The Locked and Zeroized states are indicated by the OK, ERROR and ZEROIZED flags in PUF_SR. See the following table.

Table 7-10. Locked and Zeroized State Details
PUF_SR FlagLocked StateZeroized State
OK01
ERROR10
ZEROIZED11

A BIST operation (see PUF Built-In Self-Test (BIST)) can be performed when the PUF controller is in Initialized or Stopped state.

During BIST, no other operations can be performed. After BIST has finished, the PUF controller enters the Uninitialized state and begins initialization. It behaves the same way as for a reset, except that the BIST result is reported in the Test register (PUF_TEST) with the BISTOK and BISTERR flags.

The following table provides the list of operations with their inputs and outputs. Input, Result and Output columns are defined as follows:

  • Input: data (via PUF_DIR) or settings (via other registers)
  • Result: indicates whether the result of the operation is provided via PUF_SR and the Operation Result register (PUF_ORR)
  • Output: data (via PUF_DOR) or information (via other registers)
    Table 7-11. Overview of Operations
    OperationInputResultOutput
    InitializationNoneYesNone
    EnrollNoneYesActivation code via PUF_DOR. PUF Score via PUF_PSR
    StartActivation code (2x) via PUF_DIRYesPUF score via PUF_PSR
    ReconstructActivation code via PUF_DIRYesPUF score via PUF_PSR
    StopNoneYesNone
    Get KeyKey destination context for keys via PUF_DIRYesKeys via PUF_DOR
    Generate RandomContext for random via PUF_DIRYesRandom data via PUF_DOR
    Reseed

    External random

    Entropy via PUF_DIR

    YesRandom data via PUF_DOR
    Test MemoryNoneYesNone
    Test PUFNoneYesPUF score via PUF_PSR
    ZeroizeNoneYesNone
    BISTNoneNoneBist results via PUF_TEST