TrustRAM (TRAM) Overview
The TrustRAM (TRAM) embedded in the SAM L10/L11 offers these advanced security features for Secure information storage:
- 256-byte security RAM
- Address scrambling to the RAM
- Data scrambling to/from the RAM
- Silent access of data for improved side-channel resistance
- Data remanence prevention
- Active shielding to prevent tamper on physical RAM
- Full erasure of scramble key and RAM data on tamper detection
The TrustRAM (TRAM) is the controller interface for a 256-byte security RAM, which is intended for volatile secret data. The TRAM is capable of performing address map scrambling as well as data scrambling for both write and read accesses to the security RAM. The TRAM can also perform silent access of the data stream to improve side-channel attacks resistance. The TRAM can execute two automated tasks that are triggered by external events: remanence prevention and erase.
When a remanence periodic event occurs, the physical data stored in the RAM is inverted to prevent physical “burn-in” signatures. When a tamper event occurs, the TRAM executes a full erase of the control signals as well as the data in the security RAM. Both automated tasks do not require CPU interaction and can be performed in all Sleep modes.
TrustRAM Initialization
The following bits are enable-protected, meaning that they can only be written when the TRAM is disabled (CTRLA.ENABLE=0):
- Tamper Erase bit in the Control A register (CTRLA.TAMPERS)
- Data Remanence Protection bit in the Control A register (CTRLA.DRP)
- Silent Access bit in the Control A register (CTRLA.SILACC)
The following registers are enable-protected:
- Data Scramble Control register (DSCC)
- All RAM (RAM[0:63]) addresses
Enable-protected bits in the CTRLA register can be written at the same time as CTRLA.ENABLE is written to one, but not at the same time as CTRLA.ENABLE is written to zero. Enable-protection is denoted by the Enable-Protected property in the register description.
Scrambling
The Data Scramble Control register (DSCC) must be configured before the CTRLA.ENABLE is set. These settings cannot be changed while the module is enabled. The scrambling logic is enabled by writing a one to the enable bit in the Data Scramble Control register (DSCC.DSCEN). Scrambling is disabled by writing a zero to DSCC.DSCEN. Writing a zero to CTRLA.ENABLE will also disable the scrambling, but will not clear the DSCC.DSCEN bit.
The TRAM executes the following protocols:
- When the CPU writes to the security RAM, the data and its bitwise inversion are stored into the RAM.
- When the CPU reads from the security RAM, both the data and its bitwise inversion are retrieved from the RAM.
If the TRAM cannot verify that both values complement each other, a bus error is returned.
Silent Access
Silent access bit (CTRLA.SILACC) must be configured before CTRLA.ENABLE is set. This setting cannot be changed while the module is enabled. When this mode is enabled, only 128 bytes of the security RAM are accessible since the other 128 bytes are reserved to store the 1's complement (bitwise inverted) values. The physical access to the RAM is now twice as wide compared to the bus access. Therefore, only 8-bit byte access and 16-bit half-word access are supported in this mode. 32-bit word writes accesses are ignored and 32-bit word read accesses return 0.
Data Remanence
Data Remanence Prevention bit (CTRLA.DRP) must be configured before CTRLA.ENABLE is set. This setting cannot be changed while the module is enabled. When this feature is enabled, the RTC Periodic Interval Daily Event (RTC_PERD) will trigger the automated data remanence routine. An internal counter will count from 0 to 63 and serves as the address access bus to the security RAM. For every address iteration, the TRAM reads the word data from the security RAM, inverts the value and writes back to the same address. To prevent linear access to the security RAM, the remanence address value is scrambled using the same protocols as a CPU address scramble. After remanence has updated all address locations, the routine will end by toggling the RAM inversion status bit (STATUS.RAMINV).
Data remanence is a low-priority routine. If the CPU attempts to access the security RAM while remanence is active, the routine is temporarily paused until the CPU access is completed. If a tamper full erase event is detected, the remanence routine is aborted and the internal address counter will reset to 0.
Refer to the product data sheet for more details.