Tamper Events/Response Configuration - 3.3 English

Control Interfaces and Processing System LogiCORE IP Product Guide (PG352)

Document ID
Release Date
3.3 English

Tamper events are interrupts from a tamper monitoring function and user can select different responses to each tamper events.

Figure 1. Tamper Response System

Tamper monitoring system in CIPS generates interrupts when it detects the following events.

Supply Glitch
Whenever there is a glitch in power supply happens, then this event will get generated. Glitching the power supply (low or high) can cause insecurely designed state machines to skip states. Glitches are injected at various points in time and vary in pulse widths.
Temperature Deviation
When device temperature goes out of specification (high or low) then this event will be generated. This is commonly done with a voltage attack. Both low and high temperature cause race conditions that can trip just about any type of circuity.
Debug (JTAG) toggle detect
Debug interfaces attack the Silicon devices, most frequently this is the JTAG port but with the growing complexity of devices more advanced debug interfaces are becoming more prominent. This event would be generated when there is a toggle in debug interfaces.
Custom User (External MIO) event
This event is generated when Tamper monitoring system detects any interrupt (active-High) on external MIO.
Voltage Alarm
When selected voltage supplies are out of the configured thresholds, this event would be generated.

CIPS has different responses to each of these tamper events, which are described below.

BBRAM Zeroization
When a tamper event is detected, it is required that the you can immediately erase the key stored in BBRAM. However, in high grade crypto applications, it is not sufficient to simply delete the key when done or when a tamper event is detected. It is required to be zeroized (erase + verify). CIPS provides this response for all the tamper events.
Secure Lockdown
Upon detection of a tamper event, you want the system to go into some form of lockdown state. CIPS provides lockdown response for all the tamper events.
Secure Lockdown (With IO Tristate)
Some systems require a more severe response to a tamper event and even secure lockdown is not enough. It such cases it is necessary to also tristate all IO to the device. This makes it impossible for the adversary to gain any level of access to the device after a tamper event. CIPS provides lockdown with IO Tristate response for all the tamper events.
System Reset
You might want to only Reset the system, upon receiving the tamper event. CIPS provides System Reset response for all the tamper events.
System Interrupt
You might only want to know that the tamper event is occurred. Tamper response system generates an interrupt to system, upon receiving any tamper event.

You can select BBRAM Zeroization for any tamper event.

The Tamper Events and Voltage page is used to enable a security related tamper event and select the systematic tamper response and whether or not the Zeroize BBRAM response is enabled for the event.

If the Voltage Alarm is selected, the Voltages tab can be used to select the voltage rail to be monitored as well as options such as the ADC mode, Averaging, and upper/lower threshold.

Figure 2. Tamper Events/Response Configuration

Figure 3. Voltage Monitoring Tab

The Device Security tab is used to configure the Glitch Detector settings, including enabling the Glitch Detector feature and configuring the VCC PMC threshold as well as pulse width and Depth Sensitivity. This also allows enabling the Known Answer Test (KATs) which will run after every software update or partial reconfiguration.

The Clock Monitor feature can be configured under the Clock Monitor tab. To enable clock monitoring for a clock, select the Enable radio button next to the clock monitor to be enabled and configured Low/High threshold. Each individual clock monitor indicates if the monitored clock frequency is outside the upper/lower threshold values.

Figure 4. Device Security

Figure 5. Clock Monitoring Tab