The PUF uses approximately 4 Kb of helper data to help the PUF recreate the original KEK value over the complete guaranteed operating temperature and voltage range over the life of the part. The helper data consists of a Syndrome value, an Aux value, and a Chash value (see Table: PUF Helper Data). The helper data can either be stored in eFUSEs or in the boot image.
Table 12-6: PUF Helper Data
Field
|
Size (Bits)
|
Description
|
Syndrome
|
4060
|
These bits aid the PUF in recovering the proper PUF signature given slight variations in the ring oscillators over temperature, voltage, and time
|
Aux
|
24
|
This is a Hamming code that allows the PUF to perform some level of error correction on the PUF signature.
|
Chash
|
32
|
This is a hash of the PUF signature that allows the PUF to recognize if the regenerated signature is correct.
•If the CHASH is not programmed, then BH black key can be used so long as (EITHER bh_auth or rsa_en) is used.
•If the CHASH is programmed, then the eFUSE black key can be used so long as (EITHER bh_auth or rsa_en is used) AND the efuse syndrome data has not been invalidated.
•If the CHASH is programmed, then the BH black key can be used so long as (EITHER bh_auth or rsa_en) is used AND the efuse syndrome data has been invalidated.
|