aboutsummaryrefslogtreecommitdiff
path: root/pelican/content/AlphaReviewLog.md
blob: 2d49480ca37c050198af1191bec1283083e6790e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282

   

Review feedback of the Alpha schematics

Power subsystem

Comment Who Resolution Status
The LTS3060ITS8 is a 8-lead device but the symbol shows only 6 (there are 3 GND leads). \
Kent \
ft to correct mapping of pins between symbol and package \
Done
The output capacitor C13 can have higher capacitance. The 2.2 uF is the lowest recommended value and since this is a X7R/25V type it may well fall below that. I recommend 4.7uF to add some margin. C7 may also be changed to 4.7uF. \
Kent \
Updated schematics \
Done
LMZ13608 has 11 pins plus an exposed pad (must be connected to pin 5) but only 9 pins are shown in the schematic symbol. \
Kent \
Will change symbol to show both name and pin number(s) \
Done
The output voltage for LMZ13608 is calculated as 0.795 V * (1 + R8/R9) which is 4.93 V. It is a bit low for a 5.0 V supply. \
Kent \
5 volts not used, just an intermediate voltage. No change required. \
Done
I don't see any SH pin in the datasheet for the LMZ13608 device. Is it the one called NC? \
Kent \
ft check symbol, then ask Pavel to review \
ft done, pavel
What form factor and main power supply should we use for the Alpha? \
ft \
Try to find drawing with dimensions for NUC computers, to see if we can use that form factor and power supplies \
Pavel

Entropy source

Comment Who Resolution Status
Add optocoupler as per Jacob's suggestion on tech@ 2015-07-24? The suggestion is to add a fast optocoupler to really isolate AGND from GND. \
Jacob W \
As this appears to require a bigger digitizer, which in turn might require another 3V3 regulator, we don't want to add that to this otherwise quite well tested part of the circuitry for the Alpha. \
Done

STM32

Comment Who Resolution Status
The JTAG port is not connected. For debug puposes, it could be good to have access to the JTAG port, at least at the prototype board. \
Kent \
We don't know of a reason to add the full JTAG, when we have SWD. At least not if we keep the LQFP package because then we don't think we need to be able to do boundary scan. \
Done
The capacitors C22-C25 are connected between VCAP1/2 and VCCO_3V3. According to the datasheet as well as AN4488 they shall be connected to GND. It should be enough with one 2.2uF capacitor for each pin. \
Kent \
Yes, change to GND instead of 3V3. Our interpretation is that we actually should have 2x2.2 for both VCAP1 and VCAP2. We also prefer 2x2.2 over 1x4.7 so not changing that. \
Done

2x512 Mbit SDRAM for the ARM

Comment Who Resolution Status
U6 has no speed grade specified. TSOP-II package is selected. The BGA package is much smaller and easier to handle in production. \
Kent \
We will investigate packages and speed \
Pavel

Keystore memory, 128 Mbit

Comment Who Resolution Status
Hard to see which resistor is R17 and R18. What is R17 (the left one) intended for? \
Kent \
Fixed the resistors. CS should be connected to ARM, default is "not enabled" through pull-up. \
Done

RTC

Comment Who Resolution Status
From where is 3V3_BATT supplied? Is it an external power source from connector JP3? Or the JP4 jumper? \
Kent \
Yes, external power source connected to JP4. \
Done
Do we need a separate RTC chip at all? \
Jacob W \
Keeping it for the Alpha since it is already there. \
Done

Micro SD card

Comment Who Resolution Status
Which connector to use? Haven't found a good one with Eagle symbol. Some different kinds available. \
ft \
Remove SD card. \
Done
Novena seems to have card reset capability (power control from MCU). Do we want the same? \
ft \
Remove SD card. \
Done
Novena has two SD slots, and list power at 200mA. Do we need a separate power regulator for the SD card, or can we use VCCO_3V3? \
ft \
Remove SD card. \
Done

2x USB UARTs for management and application access

Comment Who Resolution Status
Should we add an EEPROM for FTDI USB related settings or not? \
ft \
Not adding anything not strictly necessary to the schematics. \
Done
LED6 is the same type as LED1 at page 4 but they have different values at their resistors (220/330 ohm). \
Kent \
Went with 330 for consistency. \
Done
The recommended protection devices on D+ and D- are missing. \
Kent \
Pavel to look for reference \
pavel
Hard to see what reference designators that belong to which component in some places. \
Kent \
Fredrik will improve clarity \
Done

AVR Tiny Tamper Detect MCU

Fredrik to verify if Kent had comments about AVR |Comment |Who |Resolution |Status | |---|---|---|---| | | \ | | \ | |

Analog switch controlling access to the MKM

Comment Who Resolution Status
Suggest changing this chip to an 74AC244 like the one used for the FPGA config memory. \
Pavel \
Will change. \
Done

FPGA configuration

Comment Who Resolution Status
The mode signals are fixed to SPI Master mode. If more flexibility is needed, see next comment, jumpers may be added. \
Kent \
This is intentional. \
Done
One-bit data us for the configuration memory makes the configuration rather slow. If higher speed is preferable the SPI memory supports 4-bit data. \
Kent \
Bitstream is around 65 MBit, takes 4-5 seconds to load using single bit (@ 15MHz). We think that should be good enough. \
Done

FPGA I/O

Comment Who Resolution Status
A lot of the FPGA I/Os are unused. For debug purposes some of these can be made available by connecting them to a pin header. Unconnected BGA balls are very hard to use. \
Kent \
Added two more GPIOs from AVR to FPGA and two more from AVR to ARM. Remaining question is how many we should add from FPGA to ARM. \
Pavel
A zero ohm resistor at the oscillator output can simplify debug. \
Kent \
Fredrik will add zero ohm resistor \
Done
Joachim suggests, that we may want to have some high-speed extension interface for debugging and dumping large amounts of data. For example, we can implement GMII or RGMII using external GbE PHY and GPIO header(s). In that sense, at least one of the GPIO header pins should be connected to clock-capable (MRCC) FPGA pin. \
Pavel \
Pavel will finalize notes in schematics to enable this. \
pavel

FPGA voltage regulators

Comment Who Resolution Status
U14 and U15 have 38 pins but only 11 are visible in the schematic symbol. No pin numbers are visible. The NC pins must not be connected which should be shown. \
Kent \
Fredrik will update symbol to show pins. \
Done
I am not familiar with the EN6347Q device so I would add ferrite cores on the outputs, for debug and measurement. Maybe that's what the zero ohm resistors are intended for? \
Kent \
Will change 0-ohm to ferrites. Pavel will look up part number, Fredrik will update schematics. \
pavel, ft

FPGA power regulators

Comment Who Resolution Status
The EN5364 device has 68 pins and 2 exposed pads but the symbol only shows 19 pins, without pin number. \
Kent \
Fredrik will update symbol to show pins \
Done

Additional comments from Kent

I have reviewed the schematic drawings for 'Cryptech Alpha board', rev 02 (12/28/15), together with the block diagram, rev 0.010 (2015-05-27). I have spent 8 hours on this review.

General

The block diagram does not comply with the schematics:

|Analog switch replaced by line driver (IC2) | \ |---| |Kent | \ | | |There is no reset block to the Tamper Detect CPU (U10) in the schematics | \ |Kent | \ | | |I can't find any Reset_n signal to the FPGA (U13) nor any FPGA reset block (maybe it is supposed to indicate the FPGA configuration?). | \ |Kent | \ | | |Interfaces for Smart Card and display/control seems to be missing in the schematics JTAG port for the ARM (U4) is not present in the schematics | \ |Kent | \ | | |JTAG port for the Tamper Detect CPU (U10) is not present in the schematics | \ |Kent | \ | | |Master Key Memory (U12) type is different (23A640 vs 23K640) | \ |Kent | \ | | |Power supply voltages does not comply with the schematics | \ |Kent | \ | | |The battery near the RTC on the block diagram is not present in the schematics | \ |Kent | \ | | |Minor differences in component names (suggestion: remove details from block diagram) | \

|The header information should be updated with design name/ID and author. | \ |---| |Kent | \ | | |Some components in the schematic (U1, U2, U14, U15, Q3) doesn't show pin numbers which make it harder to review | \ |Kent | \ | | |The sheets seems to have different sizes (1-13 differs from 14-26) and origo is placed in different positions in different pages. Not important but looks a bit odd. | \ |Kent | \ | | |Eagle doesn't seem to have a symbol for unconnected pins. If nothing else, a comment would be good so it is obvious that the pin shall be unconnected and is not forgotten. | \ |Kent | \ | | |On prototype boards it can sometimes be beneficial to insert zero ohm resistances on certain nets, typical clock and reset signals, to simplify debug. Typical places can be voltage regulator outputs and signals that are buried in the PCB. | \ |Kent | \ | | |The selected package for the CPU (U4) is LQFP208. The size is 30x30 mm compared to the TFBGA216 package that is only 13x13 mm. Also, the pitch is 0.5 mm for the LQFP208 while the TFBGA216 package has a ball pitch of 0.8 mm. | \ |Kent | \ |Joachim and ft thinks LQFP package makes sense for the Alpha - gives 208 "test points" and physical size not that important | |For debug purposes it is recommended to place test points for signals that are hard to reach, to simplify measurement. | \ |Kent | \ | |

Not Reviewed

A one day review doesn't allow a thorough design review. Some prioritizations are necessary. I have not reviewed:

FPGA pinout. The FPGA vendor tool (Vivado) does some of the checks. It checks that clock signals are placed at clock pins, that selected I/O types are compatible with the bank structure. Vivado can also check that not to much I/O switching power per bank is used and can also calculate power consumption (with correct user input).
Power calculations. The FPGA power is heavily dependent on how it is used. This can be estimated with the Vivado tool.
Supply voltage quality. This requires simulations that are out of scope for this review.
Power sequencing.
Physical properties like PCB symbols, layout issues, thermal design and board area use.
Production test or optimization for production.