54.5.5.15 Zeroize Operation

The Zeroize operation removes all sensitive data from the PUF controller and the PUF SRAM. This disables all commands until the next power cycle. The Zeroize command can be used when a security breach is detected. When the Zeroize operation is successful, the PUF controller goes to the Zeroized state. If the operation fails, the PUF controller enters the Locked state.

As part of the Zeroize operation, the DRBG1 and DRBG2 are uninstantiated.

Zeroize operation is performed by writing PUF_CR.ZEROIZE=1.

Zeroize takes precedence over all other activities of the PUF controller, except when BIST is running. This means it can also be started during initialization, or while another operation is active. Zeroize cancels the current operation.

Note: When Zeroize occurs during an operation, any ongoing data transfers via PUF_DIR or PUF_DOR are interrupted. Software must ensure that these events can be handled.