54.5.4 PUF Controller States
The PUF controller provides several operations which are triggered by software commands or hardware events. For several reasons (security, etc.), not all operations are available at all times. The following figure illustrates the operation capabilities.
After power-up and reset is released (refer to the section “Special Function Registers (SFR)” for details on reset deassertion), the PUF controller begins in the Uninitialized state, and runs its initialization sequence (see Initialization Operation ). This is indicated by the flag BUSY=1 in the Status register (PUF_SR).
Reset takes precedence over all PUF controller functionalities. As long as the reset is held active, the PUF controller stays in the Uninitialized state, and commands or hardware events have no effect.
When initialization finishes successfully, the PUF controller moves to the Initialized state. It moves to the Locked state on failure.
In the Initialized state, several operations can be performed: BIST, Test PUF, Test SRAM, Generate Random, Reseed, Enroll, Start, Reconstruct, Stop.
After a successful Enroll operation (see Enroll Operation), the PUF controller is in the Enrolled state and can perform a Generate Random operation, a Reseed, key operations or a Stop operation (when no further actions is required at that moment).
After a successful Start (see Start Operation) or Reconstruct (see Reconstruct Operation), the PUF controller is in the Started state. In this state, a Generate Random operation, a Reseed, key operations or a Stop operation can be done.
A Stop operation (see Stop Operation) brings the PUF controller to the Stopped state. In this state, no sensitive data is present in the controller and the following operations can be performed: BIST, Test Memory, Generate Random, Reseed, Start, Reconstruct.
When in Started or Enrolled state, key operations can be performed (see Get Key Operation to Unwrap Operation). After such an operation is complete, the PUF controller returns to the state it was in before the operation.
In an Initialized, Enrolled, Started or Stopped state, random data can be generated with the Generate Random command (see Generate Random Operation). The random data is output via the Data Output register (PUF_DOR) in the user interface.
With the Reseed operation (see Reseed Operation), the DRNG is seeded with new entropy and its reseed counter is reset. This can be done at any moment that another operation can be started. The entropy can be provided via the Data Input register (PUF_DIR) in the user interface.
In Initialized or Stopped state, the PUF SRAM can be tested with the Test Memory operation (see Test Memory Operation). Details on the memory test are provided in PUF SRAM Test.
With the Test PUF operation (see Test PUF Operation), diagnostic information about the PUF quality is collected and presented in the Score register (PUF_PSR). This operation is intended for production test purposes. It can only be executed once per reset or power cycle. Details on the diagnostics are provided in PUF Diagnostics.
The Zeroize command (see Test PUF Operation) erases all critical security parameters and prevents the PUF controller from executing any more commands by entering the Zeroized state. The only way to leave this state consists in power-cycling the device, which puts the PUF controller in Uninitialized state and starts initialization. This command can be run via the Control register (PUF_CR).
If an operation is unsuccessful, the PUF_SR.ERROR flag is set. In this case, the PUF controller returns to the state it was in when the command was issued.
If a failure (unrecoverable error) occurs during any of the above-mentioned operations (including Initialization and Zeroize), the PUF controller goes to the Locked state. In this state, no commands can be executed except Zeroize. After a reset, the PUF controller attempts to initialize.
Errors and failures are detailed in PUF Error Handling. The Locked and Zeroized states are indicated by the OK, ERROR and ZEROIZED flags in PUF_SR. See the following table.
| PUF_SR Flag | Locked State | Zeroized State |
|---|---|---|
| OK | 0 | 1 |
| ERROR | 1 | 0 |
| ZEROIZED | 1 | 1 |
A BIST operation (see PUF Built-In Self-Test (BIST)) can be performed when the PUF controller is in Initialized or Stopped state.
During BIST, no other operations can be performed. After BIST has finished, the PUF controller enters the Uninitialized state and begins initialization. It behaves the same way as for a reset, except that the BIST result is reported in the Test register (PUF_TEST) with the BISTOK and BISTERR flags.
The following table provides the list of operations with their inputs and outputs. Input, Result and Output columns are defined as follows:
- Input: data (via PUF_DIR) or settings (via other registers)
- Result: indicates whether the result of the operation is provided via PUF_SR and the Operation Result register (PUF_ORR)
- Output: data (via PUF_DOR) or
information (via other registers)
Table 54-3. Overview of Operations Operation Input Result Output Initialization None Yes None Enroll None Yes Activation code via PUF_DOR. PUF Score via PUF_PSR Start Activation code (2x) via PUF_DIR Yes PUF score via PUF_PSR Reconstruct Activation code via PUF_DIR Yes PUF score via PUF_PSR Stop None Yes None Get Key Key destination context for keys via PUF_DIR Yes Keys via PUF_DOR Generate Random Context for random via PUF_DIR Yes Random data via PUF_DOR Reseed External random
Entropy via PUF_DIR
Yes Random data via PUF_DOR Test Memory None Yes None Test PUF None Yes PUF score via PUF_PSR Zeroize None Yes None BIST None None Bist results via PUF_TEST