8.9.5 Functional Description

As soon as the TRNG is enabled in the Control register (TRNG_CR), the generator provides one 32-bit random value at a maximum streaming rate of 84 clock cycles. Entropy rate increases at a lower frequency. It is possible to divide by 2 the streaming rate by configuring the Mode register (TRNG_MR) to achieve better entropy if the streaming rate does not require new data every 84 clock cycles. For a lower streaming rate, the software intervention is required to skip, on a regular basis, the data ready information reported in the Status register (TRNG_ISR).

Health tests are performed on-the-fly as soon as the TRNG receives a clock. Two tests are provided:

  • The first test monitors important failures of the noise source by monitoring a stuck-at output of the noise source for a predetermined period. A failure is reported when the noise source output values are equal for sixteen consecutive sample periods (one sample period is 84 MCK clock cycles). In case of detection, an interrupt is triggered and the source of interrupt is reported in the Interrupt Status register (TRNG_ISR).
  • The second test is designed to detect a large loss of entropy that might occur in case of some physical failure (an environmental change does not affect the noise source in a factor different from the other peripherals of the product because the noise source is made of the same standard cells). A window monitoring period is defined by 512 random samples (each sample period lasts 84 MCK clock cycles). At the beginning of the monitoring period, the random value provided by the noise source is loaded into an internal register and compared with every new sample during the monitoring period. Any new value equal to the internal register value increments a counter. If the counter reaches a configurable threshold, an interrupt is triggered and the source of interrupt is reported in TRNG_ISR. The detection threshold is configurable in the Health Test Configuration register (TRNG_HTMR).

When the TRNG is disabled (TRNG_CR.ENABLE=0), the noise source is disabled and the health tests remain active while the peripheral clock MCK is turned on. Thus, an auto-check of the health test circuitry is provided.

A health test auto-check can be performed when the TRNG is enabled by writing a 1 in TRNG_FIR.NSFHT. The noise sources will be disabled consecutively during a period long enough to cause the flag TRNG_ISR.RCHT to raise. Only the flag TRNG_ISR.RCHT is set because only one noise source is disabled at a time and entropy still exists. Then all the noise sources are set in a mode where the entropy is strongly impacted and thus the flag TRNG_ISR.APHT raises. The test is automatically ended when APHT=1 and the TRNG is set back to the normal operating mode. For security reasons, this auto-check is disabled until the next system reset. During the auto-check period (from NSFHT command launching to APHT rising), the TRNG does not provide data with correct randomness.

Figure 8-39. Health Test Auto-Check

A sequence of random values can be generated by the TRNG and a random value can be directly loaded through the private key bus into specific private key internal registers of the private key bus clients (for example, AES or other encryption unit). There is no possibility of reading these keys from the processor and software from system bus. This is done by writing the Private Key Bus Control register (TRNG_PKBCR) with the appropriate destination encryption unit (KSLAVE), length of the key to be generated (KLENGTH) and TrustZone security attribute (KID). KID must correspond to the security level programmed in the MATRIX Security Peripheral Select x register for the destination encryption unit.

This random value transferred through the private key bus cannot be used for encrypted communications with remote equipment, but is useful while the system remains in Active mode to reinforce the security of data processed by the application running on the system and stored temporarily in external memories. The cryptography keys are never known to application software, thus they cannot be exchanged or provided to the external world in any case.

Note: Putting the system into Backup mode causes the key stored in the encryption engine to be lost. Local encryption and decryption of data can still be performed by using a key unknown to the software if the key is stored in a non-volatile area, for example in the OTP memory. The TRNG can transfer a random value to the non-volatile memory of the system to store the key for further decryption. When the key is required for decryption, it can be transferred by the private key bus from the OTP memory to the encryption module.

By writing a ‘1’ to the HALFR bit in the Mode register (TRNG_MR), the random values are provided every 168 cycles instead of every 84 cycles. HALFR must be written to ‘1’ when the TRNG peripheral clock frequency is above 100 MHz.

The TRNG interrupt line can be enabled in the Interrupt Enable register (TRNG_IER), and disabled in the Interrupt Disable register (TRNG_IDR). This interrupt is set when a new random value is available or when a transfer over the private key bus is complete and is cleared when the Status register (TRNG_ISR) is read. The flag TRNG_ISR.DATRDY is set when the random data is ready to be read out on the 32-bit Output Data register (TRNG_ODATA). The flag TRNG_ISR.EOTPKB is set when the transfer through the private key bus is complete.

Normal Operating Mode

The normal operating mode checks that the TRNG_ISR.DATRDY flag equals ‘1’ before reading TRNG_ODATA when a 32-bit random value is required by the software application.

Figure 8-40. TRNG Data Generation Sequence

Key Bus Operating Mode

After a write to KSLAVE, KID and KLENGTH in TRNG_PKBCR, the software:

  • waits for the end of transfer of the key indicated by the TRNG_ISR.EOTPKB flag being read at ‘1’, optionally after a TRNG interrupt,
  • checks for any key bus access violation in the selected private key bus destination client status register,
  • uses the private key bus destination client or launches any other private key bus transfer.
Figure 8-41. TRNG Private Key Bus
Figure 8-42. TRNG Private Key Bus Transfer