block/SAES: description: Secure advanced encryption standard hardware accelerator. items: - name: CR description: SAES control register. byte_offset: 0 fieldset: CR - name: SR description: SAES status register. byte_offset: 4 fieldset: SR - name: DINR description: SAES data input register. byte_offset: 8 - name: DOUTR description: SAES data output register. byte_offset: 12 - name: KEYR description: SAES key register 0. array: offsets: - 0 - 4 - 8 - 12 - 32 - 36 - 40 - 44 byte_offset: 16 - name: IVR description: SAES initialization vector register 0. array: len: 4 stride: 4 byte_offset: 32 - name: SUSPR description: SAES suspend registers. array: len: 8 stride: 4 byte_offset: 64 - name: IER description: SAES interrupt enable register. byte_offset: 768 fieldset: IER - name: ISR description: SAES interrupt status register. byte_offset: 772 fieldset: ISR - name: ICR description: SAES interrupt clear register. byte_offset: 776 fieldset: ICR fieldset/CR: description: SAES control register. fields: - name: EN description: 'SAES enable This bit enables/disables the SAES peripheral: At any moment, clearing then setting the bit re-initializes the SAES peripheral. This bit is automatically cleared by hardware upon the completion of the key preparation (Mode 2) and upon the completion of GCM/GMAC/CCM initial phase. The bit cannot be set as long as KEYVALID = 0 nor along with the following settings: KMOD = 01 + CHMOD = 011 and KMOD = 01 + CHMOD = 010 + MODE = 00. Note: With KMOD[1:0] other than 00, use the IPRST bit rather than the bit EN.' bit_offset: 0 bit_size: 1 - name: DATATYPE description: 'Data type selection This bitfield defines the format of data written in the SAES_DINR register or read from the SAES_DOUTR register, through selecting the mode of data swapping: For more details, refer to . Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: 1 bit_size: 2 enum: DATATYPE - name: MODE description: 'SAES operating mode This bitfield selects the SAES operating mode: Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: 3 bit_size: 2 enum: MODE - name: CHMOD description: 'Chaining mode selection This bitfield selects the AES chaining mode: others: Reserved Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: - start: 5 end: 6 - start: 16 end: 16 bit_size: 3 enum: CHMOD - name: DMAINEN description: 'DMA input enable This bit enables/disables data transferring with DMA, in the input phase: When the bit is set, DMA requests are automatically generated by SAES during the input data phase. This feature is only effective when Mode 1 or Mode 3 is selected through the MODE[1:0] bitfield. It is not effective for Mode 2 (key derivation).' bit_offset: 11 bit_size: 1 - name: DMAOUTEN description: 'DMA output enable This bit enables/disables data transferring with DMA, in the output phase: When the bit is set, DMA requests are automatically generated by SAES during the output data phase. This feature is only effective when Mode 1 or Mode 3 is selected through the MODE[1:0] bitfield. It is not effective for Mode 2 (key derivation).' bit_offset: 12 bit_size: 1 - name: GCMPH description: 'GCM or CCM phase selection This bitfield selects the phase of GCM, GMAC or CCM algorithm: The bitfield has no effect if other than GCM, GMAC or CCM algorithms are selected (through the ALGOMODE bitfield).' bit_offset: 13 bit_size: 2 enum: GCMPH - name: KEYSIZE description: 'Key size selection This bitfield defines the length of the key used in the SAES cryptographic core, in bits: When KMOD[1:0]=01 or 10 KEYSIZE also defines the length of the key to encrypt or decrypt. Attempts to write the bit are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: 18 bit_size: 1 enum: KEYSIZE - name: KEYPROT description: Key protection When set, hardware-based key protection is enabled. Attempts to write the bit are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access. bit_offset: 19 bit_size: 1 - name: NPBLB description: 'Number of padding bytes in last block The bitfield sets the number of padding bytes in last block of payload: ...' bit_offset: 20 bit_size: 4 - name: KMOD description: 'Key mode selection The bitfield defines how the SAES key can be used by the application: Others: Reserved With normal key selection, the key registers are freely usable, no specific usage or protection applies to SAES_DIN and SAES_DOUT registers. With wrapped key selection, the key loaded in key registers can only be used to encrypt or decrypt AES keys. Hence, when a decryption is selected in Wrapped-key mode read-as-zero SAES_DOUT register is automatically loaded into SAES key registers after a successful decryption process. With shared key selection, after a successful decryption process, SAES key registers are shared with the peripheral described in KSHAREID(1:0] bitfield. This sharing is valid only while KMOD[1:0]=10 and KEYVALID = 1. When a decryption is selected, read-as-zero SAES_DOUT register is automatically loaded into SAES key registers after a successful decryption process. With KMOD[1:0] other than zero, any attempt to configure the SAES peripheral for use by an application belonging to a different security domain (secure or non-secure) results in automatic key erasure and setting of the KEIF flag.\nAttempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: 24 bit_size: 2 enum: KMOD - name: KSHAREID description: 'Key share identification This bitfield defines, at the end of a decryption process with KMOD[1:0]=10 (shared key), which target can read the SAES key registers using a dedicated hardware bus. Others: Reserved Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: 26 bit_size: 2 enum: KSHAREID - name: KEYSEL description: 'Key selection The bitfield defines the source of the key information to use in the AES cryptographic core. Others: Reserved (if used, unfreeze SAES with IPRST) When KEYSEL is different from zero, selected key value is available in key registers when BUSY bit is cleared and KEYVALID is set in the SAES_SR register. Otherwise, the key error flag KEIF is set. Repeated writing of KEYSEL[2:0] with the same non-zero value only triggers the loading of DHUK or BHK if KEYVALID = 0. When the application software changes the key selection by writing the KEYSEL[2:0] bitfield, the key registers are immediately erased and the KEYVALID flag cleared. At the end of the decryption process, if KMOD[1:0] is other than zero, KEYSEL[2:0] is cleared. With the bitfield value other than zero and KEYVALID set, the application cannot transfer the ownership of SAES with a loaded key to an application running in another security context (such as secure, non-secure). More specifically, when security of an access to any register does not match the information recorded by SAES, the KEIF flag is set. Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.' bit_offset: 28 bit_size: 3 enum: KEYSEL - name: IPRST description: SAES peripheral software reset Setting the bit resets the SAES peripheral, putting all registers to their default values, except the IPRST bit itself and the SAES_DPACFG register. Hence, any key-relative data is lost. For this reason, it is recommended to set the bit before handing over the SAES to a less secure application. The bit must be low while writing any configuration registers. bit_offset: 31 bit_size: 1 fieldset/ICR: description: SAES interrupt clear register. fields: - name: CCF description: Computation complete flag clear Setting this bit clears the CCF status bit of the SAES_SR and SAES_ISR registers. bit_offset: 0 bit_size: 1 - name: RWEIF description: Read or write error interrupt flag clear Setting this bit clears the RWEIF status bit of the SAES_ISR register, and both RDERR and WRERR flags in the SAES_SR register. bit_offset: 1 bit_size: 1 - name: KEIF description: Key error interrupt flag clear Setting this bit clears the KEIF status bit of the SAES_ISR register. bit_offset: 2 bit_size: 1 - name: RNGEIF description: RNG error interrupt flag clear Application must set this bit to clear the RNGEIF status bit in SAES_ISR register. bit_offset: 3 bit_size: 1 fieldset/IER: description: SAES interrupt enable register. fields: - name: CCFIE description: Computation complete flag interrupt enable This bit enables or disables (masks) the SAES interrupt generation when CCF (computation complete flag) is set. bit_offset: 0 bit_size: 1 - name: RWEIE description: Read or write error interrupt enable This bit enables or disables (masks) the SAES interrupt generation when RWEIF (read and/or write error flag) is set. bit_offset: 1 bit_size: 1 - name: KEIE description: Key error interrupt enable This bit enables or disables (masks) the SAES interrupt generation when KEIF (key error flag) is set. bit_offset: 2 bit_size: 1 - name: RNGEIE description: RNG error interrupt enable This bit enables or disables (masks) the SAES interrupt generation when RNGEIF (RNG error flag) is set. bit_offset: 3 bit_size: 1 fieldset/ISR: description: SAES interrupt status register. fields: - name: CCF description: 'Computation complete flag This flag indicates whether the computation is completed: The flag is set by hardware upon the completion of the computation. It is cleared by software, upon setting the CCF bit of the SAES_ICR register. Upon the flag setting, an interrupt is generated if enabled through the CCFIE bit of the SAES_IER register. The flag is significant only when the DMAOUTEN bit is 0. It may stay high when DMA_EN is 1.' bit_offset: 0 bit_size: 1 - name: RWEIF description: Read or write error interrupt flag This read-only bit is set by hardware when a RDERR or a WRERR error flag is set in the SAES_SR register. RWEIF bit is cleared when application sets the corresponding bit of SAES_ICR register. An interrupt is generated if the RWEIE bit has been previously set in the SAES_IER register. This flags has no meaning when key derivation mode is selected. bit_offset: 1 bit_size: 1 - name: KEIF description: 'Key error interrupt flag This read-only bit is set by hardware when key information failed to load into key registers or key register usage is forbidden. Setting the corresponding bit of the SAES_ICR register clears the KEIF and generates interrupt if the KEIE bit of the SAES_IER register is set. KEIF is triggered upon any of the following errors: SAES fails to load the DHUK (KEYSEL = 001 or 100). SAES fails to load the BHK (KEYSEL = 010 or 100) respecting the correct order. AES fails to load the key shared by SAES peripheral (KMOD=10). When KEYVALID = 1 and (KEYPROT = 1 or KEYSEL is not 0x0), the security context of the application that loads the key (secure or non-secure) does not match the security attribute of the access to SAES_CR or SAES_DOUT. In this case, KEYVALID and EN bits are cleared. SAES_KEYRx register write does not respect the correct order. (For KEYSIZE = 0, SAES_KEYR0 then SAES_KEYR1 then SAES_KEYR2 then SAES_KEYR3 register, or reverse. For KEYSIZE = 1, SAES_KEYR0 then SAES_KEYR1 then SAES_KEYR2 then SAES_KEYR3 then SAES_KEYR4 then SAES_KEYR5 then SAES_KEYR6 then SAES_KEYR7, or reverse). KEIF must be cleared by the application software, otherwise KEYVALID cannot be set.' bit_offset: 2 bit_size: 1 - name: RNGEIF description: RNG error interrupt flag This read-only bit is set by hardware when an error is detected on RNG bus interface (e.g. bad entropy). RNGEIE bit is cleared when application sets the corresponding bit of SAES_ICR register. An interrupt is generated if the RNGEIE bit has been previously set in the SAES_IER register. Clearing this bit triggers the reload of a new random number from RNG peripheral. bit_offset: 3 bit_size: 1 fieldset/SR: description: SAES status register. fields: - name: RDERR description: 'Read error flag This flag indicates the detection of an unexpected read operation from the SAES_DOUTR register (during computation or data input phase): The flag is set by hardware. It is cleared by software upon setting the RWEIF bit of the SAES_ICR register. Upon the flag setting, an interrupt is generated if enabled through the RWEIE bit of the SAES_ICR register. The flag setting has no impact on the SAES operation. Unexpected read returns zero.' bit_offset: 1 bit_size: 1 - name: WRERR description: 'Write error This flag indicates the detection of an unexpected write operation to the SAES_DINR register (during computation or data output phase): The flag is set by hardware. It is cleared by software upon setting the RWEIF bit of the SAES_ICR register. Upon the flag setting, an interrupt is generated if enabled through the RWEIE bit of the SAES_ICR register. The flag setting has no impact on the SAES operation. Unexpected write is ignored.' bit_offset: 2 bit_size: 1 - name: BUSY description: 'Busy This flag indicates whether SAES is idle or busy during GCM payload encryption phase: The flag is set upon SAES initialization, upon fetching random number from the RNG, or upon transferring a shared key to a target peripheral. When GCM encryption is selected, the flag must be at zero before selecting the GCM final phase.' bit_offset: 3 bit_size: 1 - name: KEYVALID description: Key Valid flag This bit is set by hardware when the amount of key information defined by KEYSIZE in SAES_CR has been loaded in SAES_KEYx key registers. In normal mode when KEYSEL equals to zero, the application must write the key registers in the correct sequence, otherwise the KEIF flag of the SAES_ISR register is set and KEYVALID stays at zero. When KEYSEL is different from zero the BUSY flag is automatically set by SAES. When key is loaded successfully, the BUSY flag is cleared and KEYVALID set. Upon an error, the KEIF flag of the SAES_ISR register is set, the BUSY flag cleared and KEYVALID kept at zero. When the KEIF flag is set, the application must clear it through the SAES_ICR register, otherwise KEYVALID cannot be set. See the KEIF bit description for more details. For more information on key loading please refer to. bit_offset: 7 bit_size: 1 enum/CHMOD: bit_size: 3 variants: - name: ECB description: Electronic codebook value: 0 - name: CBC description: Cipher-block chaining value: 1 - name: CTR description: Counter mode value: 2 - name: GCM_GMAC description: Galois counter mode and Galois message authentication code value: 3 - name: CCM description: Counter with CBC-MAC value: 4 enum/DATATYPE: bit_size: 2 variants: - name: None description: No swapping (32-bit data). value: 0 - name: HalfWord description: Half-word swapping (16-bit data) value: 1 - name: Byte description: Byte swapping (8-bit data) value: 2 - name: Bit description: Bit-level swapping value: 3 enum/GCMPH: bit_size: 2 variants: - name: InitPhase description: Initialization phase value: 0 - name: HeaderPhase description: Header phase value: 1 - name: PayloadPhase description: Payload phase value: 2 - name: FinalPhase description: Final phase value: 3 enum/KEYSEL: bit_size: 3 variants: - name: SoftwareKey description: Software key, loaded in key registers SAES_KEYx value: 0 - name: DHUK description: Derived hardware unique key value: 1 - name: BHK description: Boot hardware key value: 2 - name: XOR_DHUK_BHK description: XOR of DHUK and BHK value: 4 enum/KEYSIZE: bit_size: 1 variants: - name: Bits128 description: 128-bit value: 0 - name: Bits256 description: 256-bit value: 1 enum/KMOD: bit_size: 2 variants: - name: Normal description: AES peripheral value: 0 - name: WrappedKey description: |- Wrapped key for SAES mode. Key loaded in key registers can only be used to encrypt or decrypt AES keys. Hence, when a decryption is selected, read-as-zero SAES_DOUTR register is automatically loaded into SAES key registers after a successful decryption process. value: 1 - name: SharedKey description: |- Shared key mode. After a successful decryption process (unwrapping), SAES key registers are shared with the peripheral described in KSHAREID[1:0] bitfield. This sharing is valid only while KMOD[1:0] at 0x2 and KEYVALID=1. When a decryption is selected, read-as-zero SAES_DOUTR register is automatically loaded into SAES key registers after a successful decryption process. value: 2 enum/KSHAREID: bit_size: 2 variants: - name: AES description: AES peripheral value: 0 enum/MODE: bit_size: 2 variants: - name: Encryption value: 0 - name: KeyDerivation description: Key derivation (or key preparation), for ECB/CBC decryption only value: 1 - name: Decryption value: 2