08.05.2018 15:39, Joachim Strömbergson пишет:
Pavel Shatov wrote:
Speaking of asynchronous signals, I think the original idea was to
have several tamper detection inputs in the tiny MKM FPGA. Suppose
that they are active-low, this way as soon as a tamper event from
a certain sensor is detected, the corresponding input goes low.
Tamper detection inputs can be AND'ed together and routed to the
reset signals of the flops where the master key stored. This way
the master key can we wiped asynchronously and even if the clock
signal is stopped for whatever reason.
As long as we can guarantee (as in really guarantee) that we never
get a drop on the input by mistake (glitches, drops etc) then sure
Your, Stuges and Fredriks knowledge on supply, board design, signal
integrity will be needed here.
I kind of understand Peter's concerns about register's reset input being
over sensitive and that potentially it can react to a glitch, but, well,
taper detection input is supposed to be sensitive, isn't it? I believe
that with careful board design we can avoid any glitches. I may be
wrong, but what I understood from Jacob's talk during the f2f was that
reaction time is very important. In that sense not having any
synchronous elements between tamper inputs and flip-flop reset inputs is
more attractive, because if we want to sample inputs pins, we need at
least a 2-stage synchronizer to not run into metastability, so the
reaction time will be 3 clock cycles at least.
--
With best regards,
Pavel Shatov
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
