1.10.4 Security Features

Table 1-5. Security Features
Peripheral	Function	Description	Comments
Arm926EJ-S MMU	Memory Management Unit	Memory Management Unit	–
PIO	I/O Control/ Peripheral Access	When a peripheral is not selected (PIO-controlled),  I/O lines have no access to the peripheral.	–
AES	Cryptography Standards	Hardware-accelerated AES up to 256 bits	FIPS-compliant
SHA	SHA up to 512 and HMAC-SHA
TDES	Hardware-accelerated Triple DES
TRNG	True Random Number Generator
AES, TDES	Cryptography Tamper	Immediate clear of keys in case of external tamper event detection (if enabled)	–
AES, TDES, SHA	Cryptography Integrity Checks	AES/TDES/SHA embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)	–
OTPC, AES, TDES, TRNG	Cryptography Private Key Bus	Capability to transfer a key to AES/TDES in a totally invisible manner from software	–
Secure Boot	Secure Boot	Code encrypted/decrypted, Trusted Code Authentication	Hardware SHA (HMAC) + Software RSA or AES Hardware (CMAC)
Memories	Scrambling	On-the-fly scrambling/unscrambling for memories	All external memories such as QSPI, DDR, and all memories on SMC
Physical Unclonable Function	Key Generation	Key creation, derivation, wrapping and management	Includes NIST SP 800-90B compliant DRNG
RTC	IO Tamper Pin	Eight tamper detection pins	VDDCORE WKUP1 to WKUP8 pins can be selected as a source of tamper, performing an immediate clear of AES/TDES keys (if enabled), immediate clear of scrambling keys in DDR/QSPI/SMC, and immediate clear of General Purpose Backup Registers (if enabled)
Timestamping	Timestamping of tamper events	All events are logged in the RTC. Timestamping gives the source of the reset/erase memory/interruption
Configuration	Protection against bad configuration (invalid entry for date and time are impossible)	–
Glitch Robustness	Glitch on 32 KHz does not corrupt the downstream counters	Glitch on 32 KHz can only create a phase shift of the downstream counters
Integrity Check	If RTC Status flag TDERR is set, counters integrity have been corrupted	–
Secure OTP	JTAG Access Control	Disable JTAG access by OTP bit	–
PIT64B, TC	Integrity Checks	PIT64B/TC embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)	–
GPBR	Access Protection	GPBR can be write-protected and/or read-protected	–
Tamper	GBPR can be immediately cleared on tamper detection (if enabled)	–

Arm926EJ-S MMU

Memory Management Unit

–

PIO

I/O Control/ Peripheral Access

When a peripheral is not selected (PIO-controlled),  I/O lines have no access to the peripheral.

–

AES

Cryptography Standards

Hardware-accelerated AES up to 256 bits

FIPS-compliant

SHA

SHA up to 512 and HMAC-SHA

TDES

Hardware-accelerated Triple DES

TRNG

True Random Number Generator

AES, TDES

Cryptography Tamper

Immediate clear of keys in case of external tamper event detection (if enabled)

–

AES, TDES, SHA

Cryptography Integrity Checks

AES/TDES/SHA embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)

–

OTPC, AES, TDES, TRNG

Cryptography Private Key Bus

Capability to transfer a key to AES/TDES in a totally invisible manner from software

–

Secure Boot

Code encrypted/decrypted, Trusted Code Authentication

Hardware SHA (HMAC) + Software RSA or AES Hardware (CMAC)

Memories

Scrambling

On-the-fly scrambling/unscrambling for memories

All external memories such as QSPI, DDR, and all memories on SMC

Physical Unclonable Function

Key Generation

Key creation, derivation, wrapping and management

Includes NIST SP 800-90B compliant DRNG

RTC

IO Tamper Pin

Eight tamper detection pins

VDDCORE WKUP1 to WKUP8 pins can be selected as a source of tamper, performing an immediate clear of AES/TDES keys (if enabled), immediate clear of scrambling keys in DDR/QSPI/SMC, and immediate clear of General Purpose Backup Registers (if enabled)

Timestamping

Timestamping of tamper events

All events are logged in the RTC. Timestamping gives the source of the reset/erase memory/interruption

Configuration

Protection against bad configuration (invalid entry for date and time are impossible)

–

Glitch Robustness

Glitch on 32 KHz does not corrupt the downstream counters

Glitch on 32 KHz can only create a phase shift of the downstream counters

Integrity Check

If RTC Status flag TDERR is set, counters integrity have been corrupted

–

Secure OTP

JTAG Access Control

Disable JTAG access by OTP bit

–

PIT64B, TC

Integrity Checks

PIT64B/TC embed integrity checks on configuration registers and algorithm circuitries and a specific flag in status register. If this specific flag is set, an integrity error has been detected. This can occur only on abnormal operating conditions (electromagnetic attacks, VDD glitches, etc.)

–

GPBR

Access Protection

GPBR can be write-protected and/or read-protected

–

Tamper

GBPR can be immediately cleared on tamper detection (if enabled)

–