The FSS module provides
the following features:
- Supports
on-the-fly safety, implemented by the ECCM module, which
provides SECDED ECC protection to the data path of
flash.
- Supports
on-the-fly security, implemented by the OTFA module, which
provides encryption/decryption and authentication.
- OTFA and ECCM
modules are independently enabled and work on data path to
OSPI target
- 4 regions
configurable for ECCM and 4 regions configurable for
Authentication.
- Support Execute
In Place (XIP) transactions with or without ECCM, Encryption
and/or Authentication. XIP here refers to the CPU code
execution from flash. Although XIP referred by this feature
is a generic term for CPU code execution from flash, the
Flash XIP Mode provided by flash device is also preserved
regardless of whether ECCM, Encryption and/or Authentication
is enabled.
- All combinations
of enabling or bypassing each of the features (ECCM,
Authentication, Encryption) are supported for both reads and
writes as follows:
- Bypass, No authentication, ECCM or address
translation
- ECCM only
- Authentication only
- ECCM + Authentication
- EFUSE input to
enable or disable authentication
- The OTFA module
supports Modified-Read. For example, requests that are in an
authentication region and have a start address that is not
on a 32-byte boundary and/or the size is not multiple of
32-bytes the OTFA will issue a modified read transaction
with 32-byte aligned address and a size of 32-byte multiple
to ensure that authentication and decryption can be
performed. The OTFA module will then return only the
requested bytes back on the S0 Data interface. Please refer
to OTFA specification section
- The ECCM module
supports Modified-Read. For example, requests that are in an
ECCM region and have a start address that is not on a
32-byte boundary and/or the size is not multiple of 32-bytes
the ECCM module will issue a modified read transaction with
32-byte aligned address and a size of 32-byte multiple to
ensure that ECCM check can be performed. The ECCM module
will then return only the requested bytes back on the S0
Data interface. Please refer to ECCM specification section
for more information.
- Writes to ECCM
regions (when ECCM is enabled) must be 32-byte aligned and
have size that is a 32-byte multiple. An error interrupt
will be issued if either of these conditions are not
met.
- Writes outside
ECCM regions are not required to be 32-byte aligned nor have
a size that is 32-byte multiple. This applies when ECCM is
enabled, but the request is outside ECCM region
- Writes to ECCM
regions when ECCM is not enabled are not required to be
32-byte aligned nor have a size that is 32-byte
multiple
- Configurable MAC
size of 4, 8, 12, or 16 bytes per 32 bytes of data
- FSS has a Second
ECC S0 interface for ECC on read return data.
- ECC calculation
on read return data is at SOC side interface of OTFA (that
is OTFA is NOT protected by ECC). SOC level logic performs
ECC checking and error handling.
- Double pumping
for OTFA read path safety. This feature involves sending
each read command and read return twice through OTFA and
comparing the two commands/returns to detect any permanent
or transient faults
- Error injection
support for double pumping diagnostic
- Only the
following OTFA modes are supported - AES_CTR (only
encryption, no authentication), GMAC (only authentication,
no encryption), GCM (both encryption and authentication),
and Disabled (no encryption or authentication; bypass of
crypto functions)
- FOTA HW ENGINE
for FOTA implementation
- Write buffer (for
storing one block of FOTA write data) accessible through the
config interface.
- Internal 2KB
program memory for FOTA HW ENGINE.
- Internal 256-byte
data memory for FOTA HW ENGINE.
- FOTA completion
interrupt initiated by FOTA HW ENGINE firmware
- FOTA error
interrupt initiated by FOTA HW ENGINE firmware
- JTAG debug
interface for FOTA HW ENGINE (direct export to SOC level
logic)