{{{ #!htmlcomment This page is maintained automatically by a script. Don't modify this page by hand, your changes will just be overwritten the next time the script runs. Talk to your Friendly Neighborhood Repository Maintainer if you need to change something here. }}} {{{ #!html

Master Key Memory Interface

This core provides a 32-bit interface to a master key memory (MKM) implemented using an external volatile memory. The memory targeted is Microchip 23K640, a serial SRAM with a SPI interface.

Purpose and Functionality

The Master Key Memory is where a cryptographic master key is stored. The key is used (for example) to cryptographically wrap other keys and secrets. By wiping the MKM and thus the master key, the wrapped secrets are protected against leakage to a local attacker that physically breaks an active tamper detect shield.

The core will in future versions provide functionality to autonomously protect against memory remanence effects by rotating bits in stored data, and moving data to different addresses in the external memory. The core will also be able to autonomously zeroise the memory when given an alarm signal.

The current version however simply provides an interface to the slower, serial memory including initializing the memory in the correct mode. The core supports three commands: read word, write word, and initialize memory.

Limitations

The SPI clock is generated by the core clock (clk) divided by the SPI clock divisor * 2 (the divisor is the half period in cycles). The default divisor is set to generate an SPI clock of less than 1 MHz when the core clock is 50 MHz. For other speeds and other core frequencies, the divisor will have to be adjusted.

The core will only read and write complete 32-bit words.

Commands given while the core is performing a read, write or initialization operation will silently be ignored.

Implementation

The implementation is divided into three parts:

The current implementation will initiate the Microchip memory directly after reset and set the memory in sequential mode. This means that it would actually be possible to write a stream of data to the memory, but since the API only handles a single 32-bit word, the mode is only used to remove the need to update the address between bytes.

Implementation Results

Altera Cyclone IV E

Altera Cyclone V

Xilinx Spartan 6

Xilinx Artix 7

Status

(2016-05-10)

The core has now been verified in a Xilinx Spartan-6 FPGA and the target Microchip memory connected to the FPGA memory. Read and write access has successfully been performed with SPI clock speeds from 300 Hz to 10 MHz.

(2016-05-02)

Functional development completed. Simulation based debugging completed. Built design for both Altera and Xilinx FPGAs.

(2016-04-25)

Refactored core into top_-, core- and spi-modules. Made the design much simpler. First implementation almost completed.

(2016-04-21)

Core implementation started.

}}} [[RepositoryIndex(format=table,glob=core/util/mkmif)]] || Clone `https://git.cryptech.is/core/util/mkmif.git` ||