Configuration bits can be further made as non-readable (write-only), to avoid leaking knowledge of sensitive regions.
When reading the data, the controller will return additional flag (as sideband AHB/AXI) to indicate if the data is plaintext or not, as shown in Fig 5.
A scrambled data will be available as plaintext to the secure master. The data will be saved encrypted at destination (re-scrambled), based on the flag.
Note that gaining knowledge of the function, through test/debug paths, should not be an issue as the RNG source forces a different behavior for each session.
The obfuscation function can be a simple scrambler or a cryptographic function (eg AES), based on the area and performance overheads acceptable in the system
Summary: There are multiple access-restriction solutions in the industry, catering to master based access controls. The solutions either provide complete access or complete denial of content (in any form). In this article, we discussed a solution that creates another layer with interpretable access vs black-box access.
About the authors:
Sandeep Jain (email@example.com) is Security designer at NXP
Kirk Taylor (firstname.lastname@example.org) is Security architect at NXP
Pradip Singh (email@example.com) is Security FW designer at NXP
- US 8560863 B2 - Systems and techniques for datapath security in a system-on-a-chp device
- NXP Extended Resource Domain Controller xRDC
- US9400890 - Method and devices for selective RAM scrambling