[Cryptech Tech] External review of Alpha schematics

Joachim Strömbergson joachim at secworks.se
Mon Jan 25 14:31:02 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Really good review by Kent. Eight hours well spent.

One thing I note is that Kent seems to suggest changing from a QFP to
BGA for the M4-chip. My impression was that we wanted not to use BGA
unless we really had to.

The FPGA is only available in BGA package so we will need to be able to
handle BGAs. But would we gain anything by switching to BGA for the M4
too? The pitch is bigger with BGA, but having exposed legs makes QFP
easier to debug.

Yours
JoachimS


Fredrik Thulin wrote:
> We hired a Swedish company called Bitsim to do a first review of the 
> Alpha schematics.
> 
> 
> 
> The excellent review was done by Kent Damberg:
> 
> 
> 
> 
> 
> I have reviewed the schematic drawings for 'Cryptech Alpha board',
> rev 02
> 
> (12/28/15), together with the block diagram, rev 0.010 (2015-05-27).
> I
> 
> have spent 8 hours on this review.
> 
> 
> 
> 
> 
> *General*
> 
> * The schematic drawing is obviously not finished. There are blank
> 
> pages and several questions and TBDs that need to be taken care of.
> 
> I will not repeat the questions already present in the schematics.
> 
> 
> 
> * The header information should be updated with design name/ID and
> author.
> 
> 
> 
> * The block diagram does not comply with the schematics:
> 
> 
> 
> - Analog switch replaced by line driver (IC2)
> 
> 
> 
> - There is no reset block to the Tamper Detect CPU (U10) in the 
> schematics
> 
> 
> 
> - I can't find any Reset_n signal to the FPGA (U13) nor any FPGA
> reset
> 
> block (maybe it is supposed to indicate the FPGA configuration?).
> 
> 
> 
> - Interfaces for Smart Card and display/control seems to be missing
> in
> 
> the schematics
> 
> 
> 
> - JTAG port for the ARM (U4) is not present in the schematics
> 
> 
> 
> - JTAG port for the Tamper Detect CPU (U10) is not present in the
> 
> schematics
> 
> 
> 
> - Master Key Memory (U12) type is different (23A640 vs 23K640)
> 
> 
> 
> - Power supply voltages does not comply with the schematics
> 
> 
> 
> - The battery near the RTC on the block diagram is not present in
> the
> 
> schematics
> 
> 
> 
> - Minor differences in component names (suggestion: remove details
> 
> from block diagram)
> 
> 
> 
> * Some components in the schematic (U1, U2, U14, U15, Q3) doesn't
> show
> 
> pin numbers which make it harder to review
> 
> 
> 
> * The sheets seems to have different sizes (1-13 differs from 14-26)
> 
> and origo is placed in different positions in different pages. Not
> 
> important but looks a bit odd.
> 
> 
> 
> * Eagle doesn't seem to have a symbol for unconnected pins. If
> nothing
> 
> else, a comment would be good so it is obvious that the pin shall be
> 
> unconnected and is not forgotten.
> 
> 
> 
> * On prototype boards it can sometimes be beneficial to insert zero
> 
> ohm resistances on certain nets, typical clock and reset signals, to
> 
> simplify debug. Typical places can be voltage regulator outputs and
> 
> signals that are buried in the PCB.
> 
> 
> 
> * The selected package for the CPU (U4) is LQFP208. The size is
> 30x30
> 
> mm compared to the TFBGA216 package that is only 13x13 mm. Also, the
> 
> pitch is 0.5 mm for the LQFP208 while the TFBGA216 package has a
> 
> ball pitch of 0.8 mm.
> 
> 
> 
> * For debug purposes it is recommended to place test points for
> 
> signals that are hard to reach, to simplify measurement.
> 
> 
> 
> 
> 
> *Page by Page*
> 
> 
> 
> 1. Blank page
> 
> 
> 
> 2. The LTS3060ITS8 is a 8-lead device but the symbol shows only 6
> 
> (there are 3 GND leads).
> 
> The output capacitor C13 can have higher capacitance. The 2.2 uF is
> 
> the lowest recommended value and since this is a X7R/25V type it may
> 
> well fall below that. I recommend 4.7uF to add some margin. C7 may
> 
> also be changed to 4.7uF.
> 
> LMZ13608 has 11 pins plus an exposed pad (must be connected to pin
> 
> 5) but only 9 pins are shown in the schematic symbol.
> 
> The output voltage for LMZ13608 is calculated as 0.795 V * (1 +
> 
> R8/R9) which is 4.93 V. It is a bit low for a 5.0 V supply.
> 
> I don't see any SH pin in the datasheet for the LMZ13608 device. Is
> 
> it the one called NC?
> 
> 
> 
> 3. I assume that this part of the design is already carefully
> checked
> 
> so I leave it without comments.
> 
> 
> 
> 4. The JTAG port is not connected. For debug puposes, it could be
> good
> 
> to have access to the JTAG port, at least at the prototype board.
> 
> 
> 
> 5. The capacitors C22-C25 are connected between VCAP1/2 and
> VCCO_3V3.
> 
> According to the datasheet as well as AN4488 they shall be connected
> 
> to GND. It should be enough with one 2.2uF capacitor for each pin.
> 
> 
> 
> 6.   -
> 
> 
> 
> 7. U6 has no speed grade specified. TSOP-II package is selected. The
> 
> BGA package is much smaller and easier to handle in production.
> 
> 
> 
> 8. Hard to see which resistor is R17 and R18. What is R17 (the left
> 
> one) intended for?
> 
> 
> 
> 9.  From where is 3V3_BATT supplied? Is it an external power source
> 
> from connector JP3? Or the JP4 jumper?
> 
> 
> 
> 10. LED6 is the same type as LED1 at page 4 but they have different
> 
> values at their resistors (220/330 ohm).
> 
> The recommended protection devices on D+ and D- are missing.
> 
> Hard to see what reference designators that belong to which
> 
> component in some places.
> 
> 
> 
> 11. Same comments as for page 10.
> 
> 
> 
> 12. Same comment about LED resistors as on page 10.
> 
> 
> 
> 13. The use of the analog mux is obviously under discussion.
> 
> 
> 
> 14. The mode signals are fixed to SPI Master mode. If more
> flexibility
> 
> is needed, see comment for page 16, jumpers may be added.
> 
> 
> 
> 15. -
> 
> 
> 
> 16. One-bit data us for the configuration memory makes the
> configuration
> 
> rather slow. If higher speed is preferable the SPI memory supports
> 
> 4-bit data.
> 
> 
> 
> 17. A lot of the FPGA I/Os are unused. For debug purposes some of
> these
> 
> can be made available by connecting them to a pin header.
> 
> Unconnected BGA balls are very hard to use.
> 
> A zero ohm resistor at the oscillator output can simplify debug.
> 
> 
> 
> 18. -
> 
> 
> 
> 19. U14 and U15 have 38 pins but only 11 are visible in the
> schematic
> 
> symbol. No pin numbers are visible. The NC pins must not be
> 
> connected which should be shown.
> 
> I am not familiar with the EN6347Q device so I would add ferrite
> 
> cores on the outputs, for debug and measurement. Maybe that's what
> 
> the zero ohm resistors are intended for?
> 
> 
> 
> 20. -
> 
> 
> 
> 21. -
> 
> 
> 
> 22. -
> 
> 
> 
> 23. -
> 
> 
> 
> 24. -
> 
> 
> 
> 25. The EN5364 device has 68 pins and 2 exposed pads but the symbol
> only
> 
> shows 19 pins, without pin number.
> 
> 
> 
> 26. -
> 
> 
> 
> 
> 
> *Not Reviewed*
> 
> 
> 
> A one day review doesn't allow a thorough design review. Some
> 
> prioritizations are necessary. I have not reviewed:
> 
> 
> 
> * FPGA pinout. The FPGA vendor tool (Vivado) does some of the
> checks.
> 
> It checks that clock signals are placed at clock pins, that selected
> 
> I/O types are compatible with the bank structure. Vivado can also
> 
> check that not to much I/O switching power per bank is used and can
> 
> also calculate power consumption (with correct user input).
> 
> 
> 
> * Power calculations. The FPGA power is heavily dependent on how it
> is
> 
> used. This can be estimated with the Vivado tool.
> 
> 
> 
> * Supply voltage quality. This requires simulations that are out of
> 
> scope for this review.
> 
> 
> 
> * Power sequencing.
> 
> 
> 
> * Physical properties like PCB symbols, layout issues, thermal
> design
> 
> and board area use.
> 
> 
> 
> * Production test or optimization for production.
> 
> 
> 
> 
> 
> <End of review>
> 
> 
> 
> _______________________________________________ Tech mailing list 
> Tech at cryptech.is https://lists.cryptech.is/listinfo/tech


- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWpjGmAAoJEF3cfFQkIuyNQUgP/j+mbVOxzTdWM/SQofeEBWid
iKT6d0tybXH5Qe4ywrCOMpoI1bvWxlpWTC03HkNpx/YM03206gl3DOKizTeS7nuV
E99Rw+k/kSyB6Xfo34kZm6MbN9MG8grDnrvaup+2PWUmi/EcX22pJBpXRyHXD7nM
CqJq2vv3gbflHxQWRem0DZX2en0U4n1ZzDvVpLi52A+a7+ku0cGMBTiiStPY9vtj
h9BBbgY7goZqWypo/gwFv1Qy0qCJjf2PYwpahslkgftv9dP7npzCMU8fPwwCBT1b
PIwrf/4Z2+JAaRm0knim/7OrjPDqeAlxPieRipRjV9fVRGxkf6oHe6Wu9/CLL1Cd
WXWYnIq8ILWyFVNs4cH3lqt0KWOlNLrLaDwxpAaYp8PJjGe3G/FUK6HPC8J+bo/B
MOWTgeP5Qp6rv4BG9oEdwo4tSGX2ALulBh9ehUl52JAUDWWYQsknC7GGrjUu98xm
u/ewH328OR8ItQKrMhNeAbU9DWTgOdX2315c2iMVxAgwIIsjg9Dhh/SgPEY0eywM
xCIouYwxFaBCuUP5SAr/W+DezI4q9/3eOQB/LacNZSQV5NLOF6ZEUN6tvRrvQCXN
rDP1pWM7ML95qKs+I+39j4+xOUyIdU1Dz5gTmGFysNjGoB69xybs2QwWQUBGkd+e
L5+HBPgG3FzAnTif6vMT
=QzXk
-----END PGP SIGNATURE-----


More information about the Tech mailing list