From b092ffbcbe2c9398494f7dc9db6f0796971633e0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 13 Sep 2020 23:04:30 +0000 Subject: Import Cryptech wiki dump --- .../GitRepositories%2Fcore%2Futil%2Fmkmif | 131 +++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 raw-wiki-dump/GitRepositories%2Fcore%2Futil%2Fmkmif (limited to 'raw-wiki-dump/GitRepositories%2Fcore%2Futil%2Fmkmif') diff --git a/raw-wiki-dump/GitRepositories%2Fcore%2Futil%2Fmkmif b/raw-wiki-dump/GitRepositories%2Fcore%2Futil%2Fmkmif new file mode 100644 index 0000000..b109e97 --- /dev/null +++ b/raw-wiki-dump/GitRepositories%2Fcore%2Futil%2Fmkmif @@ -0,0 +1,131 @@ +{{{ +#!htmlcomment + +This page is maintained automatically by a script. Don't modify this page by hand, +your changes will just be overwritten the next time the script runs. Talk to your +Friendly Neighborhood Repository Maintainer if you need to change something here. + +}}} + +{{{ +#!html +

Master Key Memory Interface

+ +

This core provides a 32-bit interface to a master key memory (MKM) +implemented using an external volatile memory. The memory targeted is +Microchip 23K640, a +serial SRAM with a SPI interface.

+ +

Purpose and Functionality

+ +

The Master Key Memory is where a cryptographic master key is stored. The +key is used (for example) to cryptographically wrap other keys and +secrets. By wiping the MKM and thus the master key, the wrapped secrets +are protected against leakage to a local attacker that physically breaks +an active tamper detect shield.

+ +

The core will in future versions provide functionality to autonomously +protect against memory remanence effects by rotating bits in stored data, +and moving data to different addresses in the external memory. The core +will also be able to autonomously zeroise the memory when given an alarm +signal.

+ +

The current version however simply provides an interface to the slower, +serial memory including initializing the memory in the correct mode. The +core supports three commands: read word, write word, and initialize +memory.

+ +

Limitations

+ +

The SPI clock is generated by the core clock (clk) divided by the +SPI clock divisor * 2 (the divisor is the half period in cycles). The +default divisor is set to generate an SPI clock of less than 1 MHz when +the core clock is 50 MHz. For other speeds and other +core frequencies, the divisor will have to be adjusted.

+ +

The core will only read and write complete 32-bit words.

+ +

Commands given while the core is performing a read, write or +initialization operation will silently be ignored.

+ +

Implementation

+ +

The implementation is divided into three parts:

+ + + +

The current implementation will initiate the Microchip memory directly +after reset and set the memory in sequential mode. This means that it +would actually be possible to write a stream of data to the memory, but +since the API only handles a single 32-bit word, the mode is only used +to remove the need to update the address between bytes.

+ +

Implementation Results

+ +

Altera Cyclone IV E

+ + + +

Altera Cyclone V

+ + + +

Xilinx Spartan 6

+ + + +

Xilinx Artix 7

+ + + +

Status

+ +

(2016-05-10)

+ +

The core has now been verified in a Xilinx Spartan-6 FPGA and the target +Microchip memory connected to the FPGA memory. Read and write access has +successfully been performed with SPI clock speeds from 300 Hz to 10 MHz.

+ +

(2016-05-02)

+ +

Functional development completed. Simulation based debugging +completed. Built design for both Altera and Xilinx FPGAs.

+ +

(2016-04-25)

+ +

Refactored core into top_-, core- and spi-modules. Made the design much +simpler. First implementation almost completed.

+ +

(2016-04-21)

+ +

Core implementation started.

+}}} + +[[RepositoryIndex(format=table,glob=core/util/mkmif)]] + +|| Clone `https://git.cryptech.is/core/util/mkmif.git` || -- cgit v1.2.3