True random number generator (RNG) RM0453
636/1450 RM0453 Rev 5
Health checks
This component ensures that the entire entropy source (with its noise source) starts then
operates as expected, obtaining assurance that failures are caught quickly and with a high
probability and reliability.
The RNG implements the following health check features in accordance with NIST
SP800-90B. The described thresholds correspond to the value recommended for register
RNG_HTCR (configuration A in Section 22.6.2).
1. Startup health tests, performed after reset and before the first use of the RNG as
entropy source:
– Repetition count test, flagging an error when the noise source has provided more
than 42 consecutive bits at a constant value (0 or 1).
– Adaptive proportion test running on a window of 1024 consecutive bits: the RNG
verifies that the first bit on the outputs of the noise source is not repeated more
than 628 times.
– Known-answer tests, to verify the conditioning stage.
2. Continuous health tests, running indefinitely on the outputs of the noise source:
– Repetition count test, similar to the one running in startup tests.
– Adaptive proportion test, similar to the one running in startup tests.
3. Vendor specific continuous tests
– Transition count test, flagging an error when the noise source has delivered more
than 32 consecutive occurrences of 2-bit patterns (01 or 10).
– Real-time “too slow” sampling clock detector, flagging an error when one RNG
clock cycle (before divider) is smaller than AHB clock cycle divided by 32.
4. On-demand test of digitized noise source (raw data)
– Supported by restarting the entropy source and rerunning the startup tests (see
software reset sequence in Section 22.3.4: RNG initialization). Other kinds of
on-demand testing (software based) are not supported.
The CECS and SECS status bits in the RNG_SR register indicate when an error condition is
detected, as detailed in Section 22.3.7: Error management.
Note: An interrupt can be generated when an error is detected.
Above the health test thresholds are modified by changing the value in the RNG_HTCR
register. See Section 22.6: RNG entropy source validation for details.
To Next Page
Loading...
