Shared-MSS and Shared-Fabric Modes (For PolarFire SoC FPGA Only)

During device operation, the ownership of the User Cryptoprocessor can be switched between MSS and Fabric through a handshake interface. The handshake interface is asynchronous with synchronizers inside the MSS as required. The switching is not dynamic, and the handover requires co-operation between the MSS and Fabric design to ensure a secure handover. Assuming the fabric is initially the master, the ownership switching happens as follows:

  1. 1.The MSS requests a handover using Table 2.
  2. 2.The fabric design purges the Crypto core, and release it by asserting CRYPTO_RELEASE_F2M signal.
  3. 3.The Crypto core is put into reset, and the clock switched to the MSS by the Crypto ownership FSM.
  4. 4.The Crypto core is released from reset by the Crypto ownership FSM and then, it is available to the MSS

The same occurs in the opposite direction.

In the Shared-MSS mode, the Cryptoprocessor is initially connected to the MSS, and may be requested by the Fabric. In the Shared-Fabric mode, the Cryptoprocessor is initially connected to the Fabric, and may be requested by the MSS. The following table lists the handshake interface ports:

Table 1. Crypto Ownership Signals
Port Name Direction Description
CRYPTO_REQUEST_F2M Fabric to MSS Fabric request or is using the Cryptoprocessor
CRYPTO_MSS_REQUEST_M2F MSS to Fabric MSS request or is using the Cryptoprocessor
CRYPTO_RELEASE_F2M Fabric to MSS Fabric released the Cryptoprocessor
CRYPTO_MSS_RELEASE_M2F MSS to Fabric MSS released the Cryptoprocessor
CRYPTO_OWNER_M2F MSS to Fabric Indicates that the Fabric owns the Cryptoprocessor and the fabric interface is enabled
CRYPTO_MSS_OWNER_M2F MSS to Fabric Indicates that the MSS owns the Cryptoprocessor and the fabric interface is disabled

All the preceding signals should be considered as asynchronous to the fabric design and appropriate synchronization is used in the fabric design. Within the MSS, the FSM controlling this interface runs of the System Controller clock (80 MHz) and all inputs are synchronized. The following figure shows the Cryptoprocessor ownership FSM.

Figure 1. Cryptoprocessor Ownership FSM

When the Cryptoprocessor is disabled, then the ownership FSM stays in the reset state. Before handing over ownership, that is, asserting the release signals, it is recommended that the current owner purges the Cryptoprocessor to prevent sensitive data being accidentally released to the other system.

The MSS has no notification that the Fabric is requesting the use of the Cryptoprocessor, the fabric design should also connect its request signal to one of the general purpose F2M (fabric to MSS) interrupt signals so the MSS can be informed about the request and take the required actions to release the Cryptoprocessor to fabric.