[Cryptech Tech] External review of Alpha schematics

Fredrik Thulin fredrik at thulin.net
Fri Jan 15 15:15:38 UTC 2016

Previous message (by thread): [Cryptech Tech] About the TRNG
Next message (by thread): [Cryptech Tech] External review of Alpha schematics
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We hired a Swedish company called Bitsim to do a first review of the Alpha schematics. 

The excellent review was done by Kent Damberg:


I have reviewed the schematic drawings for 'Cryptech Alpha board', rev 02 
(12/28/15), together with the block diagram, rev 0.010 (2015-05-27). I 
have spent 8 hours on this review.


**General**
  * The schematic drawing is obviously not finished. There are blank
    pages and several questions and TBDs that need to be taken care of.
    I will not repeat the questions already present in the schematics.

  * The header information should be updated with design name/ID and author.

  * The block diagram does not comply with the schematics:

    - Analog switch replaced by line driver (IC2)

    - There is no reset block to the Tamper Detect CPU (U10) in the schematics

    - I can't find any Reset_n signal to the FPGA (U13) nor any FPGA reset
      block (maybe it is supposed to indicate the FPGA configuration?).

    - Interfaces for Smart Card and display/control seems to be missing in
      the schematics

    - JTAG port for the ARM (U4) is not present in the schematics

    - JTAG port for the Tamper Detect CPU (U10) is not present in the
      schematics

    - Master Key Memory (U12) type is different (23A640 vs 23K640)

    - Power supply voltages does not comply with the schematics

    - The battery near the RTC on the block diagram is not present in the
      schematics

    - Minor differences in component names (suggestion: remove details
      from block diagram)

  * Some components in the schematic (U1, U2, U14, U15, Q3) doesn't show
    pin numbers which make it harder to review

  * The sheets seems to have different sizes (1-13 differs from 14-26)
    and origo is placed in different positions in different pages. Not
    important but looks a bit odd.

  * Eagle doesn't seem to have a symbol for unconnected pins. If nothing
    else, a comment would be good so it is obvious that the pin shall be
    unconnected and is not forgotten.

  * On prototype boards it can sometimes be beneficial to insert zero
    ohm resistances on certain nets, typical clock and reset signals, to
    simplify debug. Typical places can be voltage regulator outputs and
    signals that are buried in the PCB.

  * The selected package for the CPU (U4) is LQFP208. The size is 30x30
    mm compared to the TFBGA216 package that is only 13x13 mm. Also, the
    pitch is 0.5 mm for the LQFP208 while the TFBGA216 package has a
    ball pitch of 0.8 mm.

  * For debug purposes it is recommended to place test points for
    signals that are hard to reach, to simplify measurement. 


**Page by Page**

 1. Blank page

 2. The LTS3060ITS8 is a 8-lead device but the symbol shows only 6
    (there are 3 GND leads).
    The output capacitor C13 can have higher capacitance. The 2.2 uF is
    the lowest recommended value and since this is a X7R/25V type it may
    well fall below that. I recommend 4.7uF to add some margin. C7 may
    also be changed to 4.7uF.
    LMZ13608 has 11 pins plus an exposed pad (must be connected to pin
    5) but only 9 pins are shown in the schematic symbol.
    The output voltage for LMZ13608 is calculated as 0.795 V * (1 +
    R8/R9) which is 4.93 V. It is a bit low for a 5.0 V supply.
    I don't see any SH pin in the datasheet for the LMZ13608 device. Is
    it the one called NC?

 3. I assume that this part of the design is already carefully checked
    so I leave it without comments.

 4. The JTAG port is not connected. For debug puposes, it could be good
    to have access to the JTAG port, at least at the prototype board.

 5. The capacitors C22-C25 are connected between VCAP1/2 and VCCO_3V3.
    According to the datasheet as well as AN4488 they shall be connected
    to GND. It should be enough with one 2.2uF capacitor for each pin.

 6.   -

 7. U6 has no speed grade specified. TSOP-II package is selected. The
    BGA package is much smaller and easier to handle in production.

 8. Hard to see which resistor is R17 and R18. What is R17 (the left
    one) intended for?

 9.  From where is 3V3_BATT supplied? Is it an external power source
    from connector JP3? Or the JP4 jumper?

10. LED6 is the same type as LED1 at page 4 but they have different
    values at their resistors (220/330 ohm).
    The recommended protection devices on D+ and D- are missing.
    Hard to see what reference designators that belong to which
    component in some places.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20160115/6707376b/attachment-0001.html>

Previous message (by thread): [Cryptech Tech] About the TRNG
Next message (by thread): [Cryptech Tech] External review of Alpha schematics
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list