SPRUJB6B November 2024 – May 2025 AM2612
If an error occurs, then the PK Engine will flush temporary values, and the internal state will also be flushed after the user clears the error state. The individual commands list which slots are cleared on error. However, there are two main exceptions to this behavior.
First, if the MCG detects that a command is invalid as issued, then there are no temporary values and no memory will be erased. Invalid commands include:
Invalid MCG opcode
Invalid special prime identifier
Invalid ROM parameter set identifier
Using ROM parameter sets with commands that do not support them (e.g., using an ECC ROM parameter set with RSA).
Modulus that is longer than MAU_MAX_LENGTH or shorter than MAU_MIN_LENGTH.
Second, the MCG acts as a sequencer for the MAU. In the case of a MAU error, the MCG does not flush that error and does not erase any memory. Since the MCG validates most parameters before starting, ordinarily it will not cause MAU errors. There are a few ways that a MAU error can be caused:
MAU error due to even modulus.
MAU error due to RNG not being seeded.
Insufficient memory, due to passing an RSA-sized modulus to an ECC command.
MAU errors (in particular, arithmetic overflow) that occur due to the user writing the MAU’s memory over AHB after the operation has begun.