CN / EN

All Products Applications & Designs Documentation Tools & Software Community About Goodix
Doc Feedback
Thanks for your interest, welcome to contact us.
Thanks for your feedback
No matches were found 114page(s) matching the search query
Documentation > GR5xx Firmware Encryption Application Note/ Security Modules and Algorithms/ Security Modules Copy URL

Security Modules

The security modules for encryption in a GR5xx SoC include TRNG, PRESENT-128, eFuse, KEYRAM, PKC, HMAC, and XIP_DEC.

  • True Random Number Generator (TRNG) module

    The TRNG module generates the random numbers used as masks in encryption and decryption. To ensure the quality of the random numbers and to correct the deviations in TRNG, linear-feedback shift registers (LFSRs) and Post-Process logics are added to the TRNG module.

  • PRESENT-128 module

    PRESENT is a type of lightweight block cipher, featuring a compact size of algorithm (approximately 40% of the size of AES). It can be applied in scenarios that require low energy and high efficiency.

    The PRESENT-128 module enables encrypting or decrypting 128-bit data in one operation, supported by its two 64-bit PRESENT cores.

  • eFuse module

    eFuse is a 512-byte one-time programmable (OTP) memory with random access interfaces, which stores security keys and chip calibration data.

  • KEYRAM module

    KEYRAM is mainly applied for key derivation and storage after a chip is powered on. In the secure boot process, true random numbers are generated as masks in each boot, to prevent decryption by others through proof by exhaustion. Security modules (such as AES, HMAC, and XIP_DEC) can read keys under encryption through the KeyPort bus. The keys stored in the KEYRAM module cannot be accessed through CPU or debugging ports.

  • Public Key Cryptography (PKC) module

    The PKC controller module focuses on basic modular arithmetic in public-key algorithms and 256-point elliptic curve cryptography (ECC) point multiplication, according to Federal Information Processing Standards (FIPS).

  • Hash Message Authentication Code (HMAC) module

    The HMAC module authenticates and validates messages with HMAC algorithm in full compliance with FIPS Publication 198-1. The HMAC module supports SHA256 and HMAC-SHA256.

  • XIP_DEC module

    The module is embedded with a PRESENT-128 submodule, so that firmware commands or data can be read for real-time decryption in execute in place (XIP) mode.

Note:

For more information about the XIP_DEC module, see the datasheet of the specific GR5xx SoC.

Scan to follow

Open WeChat, use "Scan" to follow.