SLUUDG7 December   2025 MSPM33C321A

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Overview of Security Functionality
    1. 1.1 Terminology
  5. 2Secure Execution Environment
    1. 2.1 TrustZone
      1. 2.1.1 Implementation Defined Attribution Unit
      2. 2.1.2 Security Attribution Unit
      3. 2.1.3 TrustZone software development
    2. 2.2 Memory Protection Unit
      1. 2.2.1 TrustZone and MPU
    3. 2.3 Global Security Controller
      1. 2.3.1 GSC Memory configuration
        1. 2.3.1.1 Security Exceptions through the GSC & SAU
        2. 2.3.1.2 Priviledge exceptions with GSC & MPU
  6. 3Security Modules
    1. 3.1 AES
      1. 3.1.1 AES Overview
      2. 3.1.2 AES Usage
        1. 3.1.2.1 Configuration
        2. 3.1.2.2 Setup
        3. 3.1.2.3 Operation
    2. 3.2 Keystore
      1. 3.2.1 Overview
      2. 3.2.2 Keystore Usage
        1. 3.2.2.1 Configuration
        2. 3.2.2.2 Setup
        3. 3.2.2.3 Operation
    3. 3.3 SHA2
      1. 3.3.1 SHA Introduction
        1. 3.3.1.1 SHA features
      2. 3.3.2 SHA Performance
      3. 3.3.3 SHA Usage
        1. 3.3.3.1 Configuration
        2. 3.3.3.2 Setup
        3. 3.3.3.3 Operation
    4. 3.4 PKA
      1. 3.4.1 PKA Introduction
        1. 3.4.1.1 PKA features
      2. 3.4.2 PKA Usage
        1. 3.4.2.1 Configuration
        2. 3.4.2.2 Setup
        3. 3.4.2.3 Operation
    5. 3.5 PQC
      1. 3.5.1 ML-DSA
        1. 3.5.1.1 ML-DSA Introduction
        2. 3.5.1.2 ML-DSA Usage
          1. 3.5.1.2.1 Configuration
          2. 3.5.1.2.2 Setup
          3. 3.5.1.2.3 Operation
  7. 4Revision History

3.1.1 AES Overview

The AES accelerator module performs encryption and decryption of 128-bit data blocks with a 128-bit or 256-bit key in hardware. AES is a symmetric-key block cipher algorithm specified in FIPS PUB 197.

The AES accelerator features include:

  • AES 128-bit block encryption and decryption
  • Key scheduling in hardware
  • Enc/decrypt only modes: CBC, CFB-1, CFB-8, CFB-128, OFB-128, CTR/ICM
  • Authentication only modes: CBC-MAC, CMAC
  • AES-CCM
  • AES-GCM
  • AES-CCM and AES-GCM modes support continuation with hold/resume of payload data
  • 32-bit word access to provide key data, input data, and output data
  • AES ready interrupt
  • DMA triggers for input/output data
  • Supported in RUN and SLEEP (see the Operating Modes section of the device technical reference manual)

A high level block diagram of the AES engine is shown in Figure 3-1. The AES engine consists of a processing core that performs both encryption/decryption as well as Galois field multiplication. The core is driven with configuration and data inputs that software will configure via memory mapped registers.

AES Block DiagramFigure 3-1 AES Block Diagram