SLAU846B June 2023 – November 2024 MSPM0G1105 , MSPM0G1106 , MSPM0G1107 , MSPM0G1505 , MSPM0G1506 , MSPM0G1507 , MSPM0G1519 , MSPM0G3105 , MSPM0G3105-Q1 , MSPM0G3106 , MSPM0G3106-Q1 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3505-Q1 , MSPM0G3506 , MSPM0G3506-Q1 , MSPM0G3507 , MSPM0G3507-Q1 , MSPM0G3519
Keys can be configured into the engine in one of two ways.
Secure key initialization via keystore controller: In this method, the intended AES key is securely transferred from the keystore controller into the engine via a secure private bus connecting the keystore controller and the AES. The keystore controller initiates the key transfer and waits for the AES engine to acknowledge transfer completion.
Software explicitly configures keys: In this method, software configures the key data into the engine by writing to the KEY0--KEY7 registers, writing 32-bits at a time starting with KEY0. For 128-bit keys, KEY0--KEY3 register will need to be written. For 256-bit keys, KEY0--KEY7 will need to be written.
In order to prevent key stealing attacks by partial modification method, the engine ensures that once a secure key transfer has completed via the keystore, software can no longer explicitly configure/modify the key. This status is provided by the STATUS.KEYWR field. If this field is 0, then software is allowed to write key data. If this field is 1, then software is not allowed to write key data. In order to allow software to write key data, the module has to be reset. The reset operation clears existing key data before new key data can be written by software.