FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32H573 : RNG Seed Error (SEIS) when used with TZEN=1 and STiRoT

hicham75
Associate

‎2025-01-10 07:57 AM

Hi,

I try to use PKA for some ECDSA computation. For this purpose I needed to use PKA block. However, in SR register, I never get INITOK bit set.

 

I am working with TrustZone enabled. So, STiRoT is executed before my program.

After investigation, I've seen that bit SEIS in  RNG_SR is set. (while CEIS=0)

Despite reference manual stating in this case, it means some thing went wrong and RNG was able to auto-reset and recover, I think this is what is preventing PKA INITOK to be set.

"INITOK: PKA initialization OK
This bit is asserted when PKA initialization is complete. When RNG is not able to output proper
random numbers INITOK stays at 0."

With same program and with TrustZone disabled(Hence, STiRoT is not executed), RNG is correctly configured without any SEIS error and PKA INITOK bit is set.

 

I am using RNG in A configuration.

RNG = {
  CR = 0xf00e04,
  SR = 0x41,
  DR = 0x31b4c84e,
  NSCR = 0x3af66,
  HTCR = 0x6a91
}

HCLK(AHB2) is 250 Mhz and HSI48 is used for RNG sampling.

Could someone help with this issue or point any additional configuration to be checked?

 

Regards

 

 

 

 

 

Labels:
0 Kudos
3 REPLIES 3
STea
ST Employee

‎2025-01-14 06:29 AM

Hello @hicham75 ,

Thank you for sharing this. 
You will need to clear this flag as you don't have SECS and only SEIS is set indicating that the RNG has automatically recovered for the error and you application must clear this flag in order to make PKA init working properly 

STea_0-1736864673371.png

it is worth noting that this will not impact the security entropy or performance of your application since you are using the recommended configurations in AN4230.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
hicham75
Associate

‎2025-01-14 06:32 AM

Hi @STea ,

Thank you for your reply.

Unfortunately, I've already read that in another post. I tried to clear it but it will be set few instructions later.

Even, If I ignore it and proceed, PKA_SR_INITOK will not be set and PKA init will timeout.

I think it's related.

 

 

0 Kudos
STea
ST Employee
In response to hicham75

‎2025-01-14 07:28 AM

Hello @hicham75 ,

Can you share the project which you are using and the configuration and tool versions to try and reproduce this from our side.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Top