During debug or test, the descrambler can be permanently disabled –
- No master can access plaintext data
- Avoids ram zero-ising FSM
Data travel across the RAM controller and memory are secure, avoids side-channel based attacks.
Consider a 64kB RAM with 64-bits data, thus a depth of 8K addresses
If we implement 1-bit for each word to indicate whether the data is encrypted or not -> 8K bits will be needed.
We can also create blocks/page/group of larger words to reduce config bits.
Thus, in a best Case: 1–bit is needed, if entire RAM is marked as secure.
When reading the data, the controller will return additional flag (as sideband AHB/AXI) to indicate if the data is plaintext or not. A scrambled data will be saved as-is at destination, and will not be re-scrambled, based on the flag, as shown in Fig4.