7.6.5.8.3 Errors
Upon detecting an error during an operation, the PUF controller cancels the command, presents an ERROR result code (PUF_ORR.RCODE > 0 and < 0xFA) and goes back to the state it was in before the command was issued. After an error, new commands can be executed by the PUF controller.
If an error occurs, the software determines what next steps apply:
- The occurred error is acceptable—The error condition can be repaired and a retry can be done. For security reasons the number of acceptable (sequential) errors must be limited. If more than this number of errors occur, it can be considered an attack and the last error cannot be accepted.
- The occurred error is not acceptable—Depending on the type and severity of the error, multiple actions can be initiated by software, for example:
- Send a Stop command to PUF. This removes sensitive data from PUF and software can then perform other actions (e.g. ensure that the correct activation code is available), after which a new Start or Reconstruct command can be run.
- Zeroize PUF, send Zeroize commands to other peripherals that have such command, and zeroize parts of system memory and registers that contain sensitive data.
- Switch off the product/device, or the parts of the device that contain sensitive data.
- Reset the product/device and check if the error remains.
The following table shows the possible error result codes for each operation type.
Operations / Result Code | Description | Possible Action |
---|---|---|
Enroll | ||
Enroll / ERR_PUF_QUALITY | PUF-dedicated SRAM quality verification fails. | Try to repower the PUF or the product. |
Start | ||
Start / ERR_PRODUCT | The provided activation code (AC) is invalid. | Provide an AC that was created with this product/device. |
Start / ERR_TRANSFER | The provided AC is corrupted. |
|
Start / ERR_AUTH | Authentication of the provided AC failed. |
|
Start / ERR_PRODUCT_PH2 | The AC in the second phase is invalid. | Provide an AC that was created with this product/device. |
Start / ERR_TRANSFER_PH2 | The AC in the second phase is corrupted. |
|
Start / ERR_AUTH_PH2 | Authentication of the provided AC failed in the second phase. | Check that the AC buffer (if used) is not overwritten by another process. |
Reconstruct | ||
Reconstruct / ERR_PRODUCT | The provided activation code (AC) is invalid. | Provide an AC that was created with this product/device. |
Reconstruct / ERR_TRANSFER | The provided AC is corrupted. |
|
Reconstruct / ERR_AUTH | Authentication of the provided AC failed. |
|
Get Key | ||
Get Key / ERR_CONTEXT | An incorrect or unsupported context is provided. | Provide a valid context. |
Get Key / ERR_DESTINATION | A key destination that was set is not allowed by the key scope in the provided context and the current PUF. | Provide a valid context. |
Wrap Generated Random, Wrap | ||
Wrap Generated Random, Wrap / ERR_CONTEXT | An incorrect or unsupported context is provided. | Provide a valid context. |
Unwrap | ||
Unwrap / ERR_PRODUCT | The provided key code (KC) is invalid. | Provide a KC with a valid context. |
Unwrap / ERR_CONTEXT | The context in the key code (KC) header is incorrect. | Provide a KC with a valid context. |
Unwrap / ERR_DESTINATION | A key destination that was set is not allowed by the key scope in the KC header and the current PUF state. | Provide a valid destination. |
Unwrap / ERR_TRANSFER | The provided KC is corrupted. |
|
Unwrap / ERR_AUTH | Authentication of the provided KC failed. |
|
Generate Random | ||
Generate Random / ERR_CONTEXT | An incorrect or unsupported context is provided. | Provide a valid context. |