3.2 PUF Operations

During start-up, triggered by the initialization and start of the driver, the PUF module first tests the PUF-dedicated SRAM for defects. If defects are found, the PUF SRAM is disqualified, and the PUF module does not allow any operations. This prevents security breaches due to a malfunctioning PUF.

Enrollment is done to obtain the device’s intrinsic PUF key, and as a result creates helper data (the activation code). This code must be stored in a Non-volatile Memory (NVM) area. From then on, the device’s activation code can be provided to reconstruct the intrinsic PUF key (Start or Reconstruct command).

When the intrinsic PUF key is available, which is the case after enrollment and after successful reconstruction, key operations can be performed.

When all required key operations have been completed, a Stop command removes all key material from the PUF module. When more key operations need to be performed later, this can be enabled by a new reconstruction.

A Built-In Self-Test (BIST) is available to test digital logic in the field. It clears and then tests all digital logic. After BIST has completed, operations can be resumed as if the PUF module had just been reset.