7.6.5.8.3 Errors

Upon detecting an error during an operation, the PUF controller cancels the command, presents an ERROR result code (PUF_ORR.RCODE > 0 and < 0xFA) and goes back to the state it was in before the command was issued. After an error, new commands can be executed by the PUF controller.

If an error occurs, the software determines what next steps apply:

  • The occurred error is acceptable—The error condition can be repaired and a retry can be done. For security reasons the number of acceptable (sequential) errors must be limited. If more than this number of errors occur, it can be considered an attack and the last error cannot be accepted.
  • The occurred error is not acceptable—Depending on the type and severity of the error, multiple actions can be initiated by software, for example:
    • Send a Stop command to PUF. This removes sensitive data from PUF and software can then perform other actions (e.g. ensure that the correct activation code is available), after which a new Start or Reconstruct command can be run.
    • Zeroize PUF, send Zeroize commands to other peripherals that have such command, and zeroize parts of system memory and registers that contain sensitive data.
    • Switch off the product/device, or the parts of the device that contain sensitive data.
    • Reset the product/device and check if the error remains.

The following table shows the possible error result codes for each operation type.

Table 7-17. Possible Error Result Codes per Operation
Operations / Result CodeDescriptionPossible Action
Enroll
Enroll / ERR_PUF_QUALITYPUF-dedicated SRAM quality verification fails.Try to repower the PUF or the product.
Start
Start / ERR_PRODUCTThe provided activation code (AC) is invalid.Provide an AC that was created with this product/device.
Start / ERR_TRANSFERThe provided AC is corrupted.
  • Verify the AC checksum.
  • Try sending the AC again (it might be a transient error).
  • Check that the AC buffer (if used) is not overwritten by another process.
Start / ERR_AUTHAuthentication of the provided AC failed.
  • Verify with the AC header that the AC was created for this device.
  • Check that the AC buffer (if used) is not overwritten by another process.
  • Try to repower the PUF or the product/device.
Start / ERR_PRODUCT_PH2The AC in the second phase is invalid.Provide an AC that was created with this product/device.
Start / ERR_TRANSFER_PH2The AC in the second phase is corrupted.
  • Verify the AC checksum.
  • Try sending the AC again (it might be a transient error).
  • Check that the AC buffer (if used) is not overwritten by another process.
Start / ERR_AUTH_PH2Authentication of the provided AC failed in the second phase.Check that the AC buffer (if used) is not overwritten by another process.
Reconstruct
Reconstruct / ERR_PRODUCTThe provided activation code (AC) is invalid.Provide an AC that was created with this product/device.
Reconstruct / ERR_TRANSFERThe provided AC is corrupted.
  • Verify the AC checksum.
  • Try sending the AC again (it might be a transient error).
  • Check that the AC buffer (if used) is not overwritten by another process.
Reconstruct / ERR_AUTHAuthentication of the provided AC failed.
  • Verify with the AC header that the AC was created for this device.
  • Check that the AC buffer (if used) is not overwritten by another process.
  • Try to repower the PUF or the product/device.
Get Key
Get Key / ERR_CONTEXTAn incorrect or unsupported context is provided.Provide a valid context.
Get Key / ERR_DESTINATIONA key destination that was set is not allowed by the key scope in the provided context and the current PUF.Provide a valid context.
Wrap Generated Random, Wrap
Wrap Generated Random, Wrap / ERR_CONTEXTAn incorrect or unsupported context is provided.Provide a valid context.
Unwrap
Unwrap / ERR_PRODUCTThe provided key code (KC) is invalid.Provide a KC with a valid context.
Unwrap / ERR_CONTEXTThe context in the key code (KC) header is incorrect.Provide a KC with a valid context.
Unwrap / ERR_DESTINATIONA key destination that was set is not allowed by the key scope in the KC header and the current PUF state.Provide a valid destination.
Unwrap / ERR_TRANSFERThe provided KC is corrupted.
  • Verify the KC checksum.
  • Try sending the KC again (it might be a transient error).
  • Check that the KC buffer (if used) is not overwritten by another process.
Unwrap / ERR_AUTHAuthentication of the provided KC failed.
  • Verify with the KC header that the AC was created for this device.
  • Ensure that the KC was created with the same AC as was used during the last Start or Reconstruct operation (this must be managed by the system software).
  • Check that the KC buffer (if used) is not overwritten by another process.
Generate Random
Generate Random / ERR_CONTEXTAn incorrect or unsupported context is provided.Provide a valid context.