[Cryptech Core] alpha schematics

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Pavel Shatov wrote:
> I'm also afraid, that "Analog switch to boot FPGA from config memory,
> or from ARM" is misleading.
> 
> FPGA has built-in config memory, that is volatile. There must be
> some external non-volatile memory, where the bitstream will be
> stored. Every time FPGA is powered up, config bitstream must be
> loaded from that external memory into FPGA's internal volatile
> latches. Now FPGA can try do this itself automatically (master mode),
> or it can just sit and wait for someone to send it the bitstream
> (slave mode).
> 
> Novena has the second variant. The bitstream is stored on the SD
> card, when we run configure script i.MX processor reads the bitsream
> from disk and directly sends it to the FPGA to configure it.
> 
> If I understand everything correctly, we want Alpha board to
> implement the first variant. The FPGA will automatically load
> bitstream from config memory. STM32 processor will not be able to
> directly configure FPGA anymore, it will only be able to re-write
> config memory with new bitstream (if allowed by insertion of jumper)
> and tell FPGA to re-load bitstream from config memory. Is this what
> we actually want?

That was at least my intention. Allowing the CPU to write new configs
and kick the FPGA into reconfigure itself. And then with the jumper
protect the config in the external config memory from being overwritten
when the system is used in operation.

This allows us to have a TRNG starting up automatically after power up
(and release of reset), having the FPGA handling the MKM without the CPU
configuring the FPGA, talking to the tamper chip etc. The FPGA becomes a
more independent part of the system.


> Given that the above assumption is valid, the problem is that we
> have one SPI slave (config memory) and two SPI masters (FPGA and
> STM32). I think, somewhat better solution than analog switch will be
> to use 3-stateable buffer, such as 74AHC244. It has a pair of 4-bit
> buses, exactly what we need for two SPI interfaces.

Sounds like a good solution.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWcm7TAAoJEF3cfFQkIuyNYAkQAIjsAvrMwR4k5V21CzXrKViy
VLfhQebc6bmWXDMIzO0AANl+zFkkD60IdvGEv1Q4FzMWu9gSzyqoT8PSHEsfIi3d
PRaW5PEuFcGxMdlWdV1PznKV6bw1z0SLGllHshd07HNTOOe61gcm9ZvJ5vQ4n5av
YvTEFADYiv94tWer0FioJUBK9viTVsa9lqknPMnXylCG+vJeEZE4OYBJN2IOJlpU
ZxhCJtAwMQR6E8gfWemAZ1Jfdwl9H38EdIV2NnCCbfeloGHRD9rbNOBxdDdYytjK
+AL5Ww8Me8JrVwOcvXrhhYmh54AhJr97v+H2Yn28G7/HD0ZTlOZN8Z9AOMp0p4VD
pe2R1DlWq2KLM2O0r5YBpJPVf2WEQ5vvZATNviCoc7xESed+aDsILSsLgPVhhEm8
sz/e9vGjOTFKZc5fFA9j2OP73XaA/9ENl5lIJc3Kl3+3eLsjWOBJIdi6Whekag9i
kSIDuQICAHWCHAdvEbS7vEnohKVg8NKLnH4OURSE6atOnzUiKYvlfNDJRvVg9WVT
3Wpy7uM9j3+MdsirGq7IR/N3SyDmo0runZMr8NHvpuSVXDSIAVthc1O54Mj+XUd6
4QHTMrhmCOcIkTPYaGLbeVLm4TgZyNcTa0ReBaLYuzKwJMq+wlkaVsyqtPtrWG9S
HQHdICXvTz6t/Jl/820W
=dgU7
-----END PGP SIGNATURE-----