8.6.4.8 Key Selection
AES_EMR.KSEL selects one of the two keys written by software via AES_KEYWRx.
AES_EMR.PKRS selects the key written by Private Key bus or the key resulting from the selection of the keys written by software.
When AES_EMR.PKRS is modified, it is mandatory to perform either a key write or a write in AES_CR.KSWP. The key write is mandatory when a new key value must be used. Writing AES_CR.KSWP to ‘1’ is mandatory if the key has been previously written and selected again after using another key.
If Private Key internal registers and software-loaded keys are already written, selecting one or the other requires that AES_EMR.PKRS/KSEL are configured prior to writing AES_CR.KSWP=1.
When AES_EMR.KSEL is modified, it is mandatory to perform either a key write (write KEY1 or KEY2) or a write in AES_CR.KSWP. The key write is mandatory when a new key value must be used. Writing AES_CR.KSWP to ‘1’ is mandatory if the key has been previously written and selected again after using another key.
When KEY1 and KEY2 are already loaded, selecting one or the other requires that AES_EMR.KSEL is configured prior to writing AES_CR.KSWP=1.
If two keys must be consecutively loaded, the sequence of actions is as follows:
- Verify no processing is in progress (AES_ISR.DATRDY=0).
- Configure AES_EMR.KSEL and/or AES_EMR.PKRS according to the first key to load.
- Write AES_KEYWRx or initiate a transfer on the Private Key bus for the first key.
- Verify no processing is in progress (AES_ISR.DATRDY=0).
- Modify AES_EMR.KSEL and/or AES_EMR.PKRS according to the second key to load.
- Verify the new configuration AES_EMR.KSEL and/or AES_EMR.PKRS.
- Write AES_KEYWRx or initiate a transfer on the Private Key bus for the second key.