| |
Datasheet Home \ Datasheet Details
Download
PDF Abstract Text:
PRELIMINARY DOCUMENT
This information pertains to a product under development. Its characteristics and specifications are subject to change without notice. IRE assumes no responsibility for the use of this information.
® IRE Secure Solutions, Inc.
ANALOG DEVICES
PRELIMINARY DOCUMENT
This information pertains to a product under development. Its characteristics and specifications are subject to change without notice. IRE assumes no responsibility for the use of this information.
Revision 5, May 1999
IRE Secure Solutions, Inc. maintains a Web site with up-to-date technical documentation for our customers. It is located at: http://www.ire-ma.com / Contact IRE Secure Solutions for registration information and a password.
Information furnished in this document is preliminary. No responsibility is assumed by Information Resource Engineering or Analog Devices for its use nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under the patent rights of Information Resource Engineering, Inc. or Analog Devices Inc.
IRE Secure Solutions
TABLE OF CONTENTS
CHAPTER 1. INTRODUCTION ....................................................... 1 1.1 SCOPE ...................................................................... 1 1.2 GENERAL DESCRIPTION....................................................... 1 1.2.1 DSP Core ................................................................. 2 1.2.2 Secure CGX Kernel (Firmware)................................................ 2 1.2.3 Protection Mode Control..................................................... 2 1.2.4 Protected Kernel RAM ....................................................... 2 1.2.5 Encrypt Block.............................................................. 2 1.2.6 Hash Block................................................................ 3 1.2.7 Random Number Generator (RNG) Block......................................... 3 1.2.8 Public Key Accelerator ...................................................... 3 1.2.9 PCI / Cardbus Interface ....................................................... 3 1.2.10 32-Bit DMA Controller ...................................................... 3 1.2.11 Application Registers ........................................................ 3 1.2.12 External Memory Interface.................................................... 4 1.2.13 Serial EEPROM Interface .................................................... 4 1.2.14 Interrupt Controller......................................................... 4 1.2.15 Laser Variable Storage....................................................... 4 1.2.16 Downloadable Secure Code................................................... 4 CHAPTER 2. 2.1 2.2 MEMORY CONFIGURATION ............................................ 5
MEMORY MAP ................................................................. 5 REGISTER SET .................................................................. 7 BUS INTERFACES..................................................... 11
CHAPTER 3.
3.1 HOST BUS MODE SELECTION ...................................................... 11 3.2 2183 IDMA HOST PROCESSOR BUS ................................................. 11 3.3 PCI / CARDBUS HOST PROCESSOR BUS ............................................... 12 3.3.1 PCI Interface Specifications.................................................. 12 3.3.2 PCI Address Map .......................................................... 12 3.3.3 PCI Target Mode Transfers .................................................. 13 3.3.4 PCI Master Mode Transfers .................................................. 13 3.3.5 PCI Transfers Using IDMA .................................................. 13
3.3.5.1 3.3.5.2 3.3.5.3 3.3.5.4 PCI IDMA Latency.............................................................. 14 PCI Access to Program Memory..................................................... 14 IDMA Indirect Address Register (IADDR)............................................. 14 IDMA Configuration Register (IDMACFG) ............................................ 15
3.3.6 PCI Core Configuration Registers............................................. 15 3.4 EXTERNAL MEMORY INTERFACE ................................................... 17 3.4.1 EMI Data Memory Width .................................................... 17 3.4.2 EMI Bus Arbitration (DMA / DSP) .............................................. 18 3.4.3 EMI Bus Request / Grant..................................................... 18 CHAPTER 4. 32-BIT DMA CONTROLLER............................................. 19
4.1 OVERVIEW ................................................................... 19 4.2 DMA CONTROLLER FUNCTIONAL DESCRIPTION ........................................ 20 4.2.1 DMA Arbitration - Master vs. Target........................................... 20 4.2.2 DMA Arbitration - Software Applications ....................................... 20 4.2.3 Memory Arbitration........................................................ 20 4.2.4 DSP Initiated Transfers (Master Mode) ......................................... 21
4.2.4.1 Memory Map................................................................... 22
IRE Secure Solutions
DMA Control Flow .............................................................. 23
4.2.5 PCI Host Initiated Transfers (Target Mode) ...................................... 23 4.2.6 Byte Enables (PCI)......................................................... 24 4.3 DMA REGISTER SET ............................................................ 25 4.3.1 DMA Host Address Low Register (DMAHAL)..................................... 25 4.3.2 DMA Host Address High Register (DMAHAH).................................... 26 4.3.3 DMA Local Address Low Register (DMALAL).................................... 26 4.3.4 DMA Local Address High Register (DMALAH) ................................... 27 4.3.5 DMA Command Register (DMACMD).......................................... 27 4.3.6 DMA Status / Configuration Register (DMASC) .................................... 28 4.3.7 PCI Core Status / Configuration Register (PCICSC) ................................ 29 4.3.8 DMA External Memory Status Register (DMAEMS) ................................ 29 4.3.9 PCI Target Page Register (TARGPAGE) ........................................ 30 4.3.10 Target Read Count Register (TARGRDCNT) ..................................... 30 4.3.11 Endian Register (PCIENDIAN) ............................................... 31 CHAPTER 5. HASH / ENCRYPT SUBSYSTEM .......................................... 32
IRE Secure Solutions
5.3.17 5.3.18 5.3.19 CHAPTER 6.
6.1 OVERVIEW ................................................................... 54 6.2 FUNCTIONAL DESCRIPTION ....................................................... 54 6.3 APPLICATION REGISTERS REGISTER SET .............................................. 54 6.3.1 Mailbox Data Register (MAILDAT)............................................ 55 6.3.2 DSP AppRegs Status Register (DSPAPPSTAT) .................................... 56 6.3.3 Host AppRegs Status Register (HOSTAPPSTAT) .................................. 56 6.3.4 AppRegs Lock (APPLOCK) .................................................. 57 6.3.5 DSP (Host) Miscellaneous Semaphore Register (DSPSEMA, HOSTSEMA)............... 58 6.3.6 Select Delay Register (SELDEL) .............................................. 59 6.3.7 Hash / Encrypt Byte Enable Register (HEBYTEEN) ................................. 59 6.3.8 Reset Reason / Instruction Register (RSTREASON) ................................. 59 6.3.9 External Memory Configuration Register (EXMEMCFG)............................ 61 CHAPTER 7. INTERRUPT CONTROLLER ............................................ 62
7.1 INTERRUPT CONTROLLER OVERVIEW ................................................ 62 7.2 INTERRUPT SOURCE DESCRIPTIONS ................................................. 63 7.3 INTERRUPT CONTROL REGISTERS (INTC) ............................................ 64 7.3.1 DSP Unmasked Status Register (DUSTAT) ....................................... 65 7.3.2 DSP Masked Status Register (DMSTAT)......................................... 65 7.3.3 DSP Clear Interrupt Register (DICLR).......................................... 66 7.3.4 DSP Mask Control Register (DIMASK) ......................................... 66 7.3.5 DSP Interrupt Configuration Register (DICFG) ................................... 67 7.3.6 Force DSP Interrupt Register (DIFRC) ......................................... 67 7.3.7 DSP or Host H / E Errors Register (DSPHERR, HOSTHERR)......................... 68 7.3.8 Host Unmasked Status Register (HUSTAT)....................................... 68 7.3.9 Host Masked Status Register (HMSTAT)......................................... 69 7.3.10 Host Clear Interrupt Register (HICLR).......................................... 69 7.3.11 Host Mask Control Register (HIMASK) ......................................... 70 7.3.12 Host Interrupt Configuration Register (HICFG) ................................... 70 7.3.13 Force Host Interrupt Register (HIFRC) ......................................... 71 CHAPTER 8. SERIAL EEPROM...................................................... 72
9.1 BOOT LOADING OVERVIEW ....................................................... 75 9.2 BYTE MEMORY BOOTING ........................................................ 75 9.3 HOST BUS BOOTING ............................................................ 75 9.3.1 PCI Bus Booting........................................................... 75 9.3.2 IDMA Bus Booting ......................................................... 76 9.4 LOCAL ROM BOOTING .......................................................... 76 CHAPTER 10. ACRONYMS & TERMS............................................... 77
APPENDIX A ................................................................................ 78
IRE Secure Solutions
FIGURES
TABLES
TABLE 1 TABLE 2 TABLE 3 TABLE 4 TABLE 5 TABLE 6 TABLE 7 TABLE 8 TABLE 9 ADSP 2141 UNPROTECTED REGISTER SET ...........................................9 ADSP 2141 PROTECTED REGISTER SET ............................................10 BUS MODE SELECTION........................................................11 PCI CONFIGURATION REGISTERS .................................................15 DMA CONTROLLER REGISTER SET ................................................25 HASH / ENCRYPT REGISTERS.....................................................44 APPLICATION REGISTER SET ....................................................54 INTERRUPT SOURCES .........................................................64 INTERRUPT REGISTER SET......................................................64
IRE Secure Solutions
CHAPTER 1. INTRODUCTION
1.1 SCOPE
GENERAL DESCRIPTION
The ADSP 2141 is a highly integrated Security System-on-a-Chip ASIC which incorporates a sophisticated, general purpose DSP, along with a number of high-performance Cryptographic function blocks, as well as a PCI, IDMA and Serial EEPROM interface. It is fabricated in .35µ CMOS triple-layer metal technology utilizing a 3.3V Power Supply. It is initially available in a 208-pin MQFP package with a Commercial (0° - 70°C) Temperature Range.
Kernel Protection Logic
Interrupts
2183 Mode
IDMA Bus
PCI Mode
Flags
ADSP 2183 DSP Core
DMA-32 Controller
PCI or Cardbus Interface
Port 0
Serial Ports
Kernel ROM 32k x 24
(DES, 3DES)
(MD5, SHA-1)
Port 1
(4k x 16) Prog RAM 16k x 24
EMI Bus 16 / 24
Data RAM 16k x 16
Interrupt Controller
Timer
INTHost
Laser Variable Store
External Memory Interface
26-bits addr. 32-bits data
Application Registers & Mailbox
Serial EEPROM Interface
RAM / ROM
Figure 1 ADSP 2141 Functional Block Diagram
Protected Kernel RAM
Encrypt Block
Hash Block
RNG Block
Public Key Accelerator
16 / 32-bit Host Bus
IDMA Interface
IRE Secure Solutions
1.2.1 DSP Core
1.2.2 Secure CGX Kernel (Firmware)
1.2.3 Protection Mode Control
1.2.4 Protected Kernel RAM
1.2.5 Encrypt Block
IRE Secure Solutions
1.2.6 Hash Block
1.2.7 Random Number Generator (RNG) Block
1.2.8 Public Key Accelerator
The Public Key Accelerator module works in concert with the CGX Secure Kernel firmware to provide full Public Key services to the host application. The CGX Kernel provides Macro-level library functions to perform Diffie-Hellman Key Agreement, RSA Encrypt or Decrypt, Calculate and Verify Digital Signatures, etc. The hardware accelerator block speeds the computation-intensive operations such as large-vector multiply, adds / subtracts, squaring, etc.
1.2.9 PCI / Cardbus Interface
A full 66 / 33MHz PCI v2.1 bus interface provides a high-performance bus connection to a Host processor. The 32-bit PCI interface supports both Bus Master and Target modes. The ADSP 2141 is capable of using DMA to directly access data on other PCI entities and read or write that data to various registers within the chip (including the Hash / Encryption engine) or to its external data memory.
1.2.10 32-Bit DMA Controller
The ADSP 2141 incorporates a high-performance 32-bit DMA controller which can be set-up to efficiently move data between Host PCI memory, the Hash / Encrypt blocks, and / or External Memory. The DMA controller can be used with the PCI bus in Master mode, thus autonomously moving 32-bit data with minimal DSP intervention. Up to 255 long words (1020 bytes) can be moved at a time.
1.2.11 Application Registers
The Application Registers are a set of memory-mapped registers which facilitate communications between the ADSP 2141 DSP and a Host processor via the PCI bus. One of the features is a 44 byte mailbox which is set-up to hold the CGX command structure passed between the Host and DSP processors. The Application Registers also provide the mechanism which allows the DSP to arbitrate whether it or the DMA controller (Host) has ownership of the External Memory interface.
IRE Secure Solutions
1.2.12 External Memory Interface
The External Memory Interface (EMI) allows connecting various memories and / or peripheral devices to the ADSP 2141. It supports an asynchronous static RAM-style interface using RD, WR, and CS control signals. Various memory spaces are supported, including: Program Memory (PM), Data Memory (DM), I / O Memory (IO), and Byte Memory (BM). Separate chip selects are used to access each area and a Combined Memory Select (CMS) can be configured to activate for more than one area.
1.2.13 Serial EEPROM Interface
The Serial EEPROM interface is used to allow an external non-volatile memory to be connected to the ADSP 2141 for the purpose of storing PCI or Cardbus configuration information (Plug and Play), as well as generalpurpose non-volatile storage. For example, encrypted (Black) Keys or a digital certificate could be stored into EEPROM for fast recovery after a power outage.
1.2.14 Interrupt Controller
1.2.15 Laser Variable Storage
The Laser Variable Storage consists of 256 bits of Factory programmed data which is only accessible to the internal function blocks and the Security Kernel. Included in these Laser Variable bits are: · · · · Triple-DES Local Storage Variable (Master Key-Encryption-Key) Randomizer Seed Program Control Data Bits (Enables / Disables various IC features and configures the IC) CRC of the Laser Data
The Program Control Data Bits (PCDBs) include configuration for permitted Key Lengths, Algorithm Enables, Red KEK loading, Internal IC Pulse Shaping Characteristics, etc. Some of the PCDB settings may be overridden with a Digitally Signed Token which may be loaded into the ADSP 2141 when it boots. These Tokens are created by IRE and each is targeted to a specific ADSP 2141 using a chip-unique serial number.
1.2.16 Downloadable Secure Code
The ADSP 2141 is designed to allow additional Security Functions to be added to the device through a Secure Download feature. Up to 16k words of code may be downloaded into internal memory within the DSP and this code can be given the security privileges of the Kernel firmware. All downloaded firmware is authenticated with a Digital Signature and verified with an on-chip Public Key. Additional functions could include new Encryption, Hash or Public Key algorithms such as IDEA, RC-4, RIPEMD, Elliptic Curve, etc.
IRE Secure Solutions
CHAPTER 2. MEMORY CONFIGURATION
The ADSP 2141 provides a large amount of on-chip zero wait-state RAM, a block of mask-programmed ROM and also provides an external memory bus interface in order to allow a considerable expansion using off-chip devices. The on-chip RAM consists of three separate groups: 16k x 24 of Internal Program RAM, 16k x 16 of Internal Data RAM, and 4k x 16 of Kernel RAM.
Memory Map
The ADSP 2141 memory map is very similar to that of the ADSP 2183, except that it includes significantly more Off-Chip memory addressing, and has additional Crypto Registers which are accessible to the User.
0x3FFF
8K Kernel Top Kernel Mode
8K Kernel Base Kernel Mode
8K Internal Page
8K External Page 0
8K External Page 1
8K External Page 8191
0x2000 0x1FFF
8K Internal (Common Bank)
Up to 64 Megawords External Program Memory
(PMOVLAYL alternates 1, 2, 1, 2..)
0x0000
0x3FFF
8K Kernel Top Kernel Mode
8K Kernel Kernel Mode
8K Kernel Base Kernel Mode
8K Internal
0x2000 0x1FFF
8K External (Boot From External Program Memory)
0x0000
(See ADSP 2183 documentation)
0x3FFF 32 Memory-mapped 0x3FE0 Registers 0x3FDF
8160 words Internal (Common Bank)
Up to 64 Megawords External Data Memory
(DMOVLAYL alternates 1, 2, 1, 2..) 8K External Page 0
0x2000 0x1FFF 0x1000 0x0FFF 0x0000
Memory-mapped Registers 4K Kernel RAM (Kernel Mode)
(DMOVLAY-000F)
8K Internal Page
8K External Page 1
8K External Page 8191
Figure 4 Data Memory
IRE Secure Solutions
15 14 13 12 11 10 x msb PMOVLAYH External Address x x x x x 9 x 8 x 7 x 6 x 5 x 4 x 3 x 2 x 1 x 0 x lsb PMOVLAYL Page Select
15 14 13 12 11 10 x msb DMOVLAYH External Address x x x x x 9 x 8 x 7 x 6 x 5 x 4 x 3 x 2 x 1 x 0 x lsb DMOVLAYL Page Select
IRE Secure Solutions
Register Set
UNPROTECTED REGISTERS
0x1880-1895 0x0000-002B 0x0000-0015 0x18A0 0x0040 0x0020 0x18A1 0x0042 0x0021 0x18A2 0x0044 0x0022 0x18A3 N / A N / A 0x18A4 N / A N / A 0x18A5 0x18A6 N / A 0x004C R / O N / A 0x0026 R / O
APPLICATION REGISTERS Mailbox Data R / W Status R 0x0000 Lock R / W 0x0000 Misc. Semaphore R / W 0x0000 Select Delay R / W 0x0014 Hash / Encrypt Byte R / W 0x0003 Enables Reset Violation R 0x0000 Memtype / Addr ExtMem Configuration R / W 0x0001 DMA & PCI REGISTERS
DSP-Visible Registers: 0x1840 N / A 0x1841 N / A 0x1842 N / A 0x1843 N / A 0x1844 N / A 0x1845 N / A 0x1846 N / A 0x1847 N / A PCI Host-Visible Registers: N / A 0x00C0 N / A N / A 0x00C4 0x00C8
Host Address 15:0 Host Address 31:16 Local Address 15:0 Local Address 31:16 Command Status / Config. PCI Core Status / Config. PCI Extmem Status PCI Target Page PCI Target Read Count Endian
R / W Lower 16-bits of Host Address R / W Upper 16-bits of Host Address R / W Lower 16-bits of Local Address R / W Upper 16-bits of Local Address R / W 0x0000 DMA Command R / W 0x8000 Status / Configuration Register for DMA R / W 0x8800 Status / Configuration for PCI core R PCI External Memory Status R / W 0x0000 Target Page specifier when ADSP 2141 External Memory is Target R / W 0x00FF Maximum number of dwords for Target Read Transfer R / W 0x0000 Big / Little Endian select
IRE Secure Solutions
UNPROTECTED REGISTERS (cont.)
DSP ADDRESS (word) TARGET ADDRESS (byte) DMA Local ADDRESS (word) REGISTER NAME R / W Reset Default DESCRIPTION
0x1A13 0x1A14
0x0226 0x0228
0x0113 0x0114 0x0116 0x0117 0x0118 0x0119 0x011A 0x011B 0x011C 0x0120-0123 0x0124-0127 0x0128-012B 0x012C-012F 0x0130-0133 0x0134-013D 0x013E-0147 0x0148 0x0150-0153 0x0154-0157 0x0158-015B 0x015C-015F 0x0160-0163 0x0164-016D 0x016E-0177 0x0178 0x01C0
Status Registers: 0x1A16 0x022C 0x1A17 0x1A18 0x1A19 0x1A1A 0x1A1B 0x1A1C 0x022E 0x0230 0x0232 0x0234 0x0236 0x0238
Context 0 Registers: 0x1A20-1A23 0x0240-0247 0x1A24-1A27 0x0248-024F 0x1A28-1A2B 0x0250-0257 0x1A2C-1A2F 0x0258-025F 0x1A30-1A33 0x0260-0267 0x1A34-1A3D 0x0268-027B 0x1A3E-1A47 0x027C-028F 0x1A48-1A49 0x0290 Context 1 Registers: 0x1A50-1A53 0x02A0-02A7 0x1A54-1A57 0x02A8-02AF 0x1A58-1A5B 0x02B0-02B7 0x1A5C-1A5F 0x02B8-02BF 0x1A60-1A63 0x02C0-02C7 0x1A64-1A6D 0x02C8-02DB 0x1A6E-1A77 0x02D0-02EF 0x1A78-1A79 0x02F0 Data In / Out FIFOs: 0x1AC0 0x0380
IRE Secure Solutions
UNPROTECTED REGISTERS (cont.)
DSP ADDRESS (word) TARGET ADDRESS (byte) DMA Local ADDRESS (word) REGISTER NAME R / W Reset Default DESCRIPTION
INTERRUPT CONTROLLER REGISTERS DSP-Visible Registers: 0x1800 N / A 0x1801 0x1801 0x1802 0x1803 0x1804 0x1805 N / A N / A N / A N / A N / A N / A N / A N / A N / A N / A N / A N / A N / A 0x0040 0x0042 0x0042 0x0044 0x0046 0x0048 0x004A DSP Unmasked Status DSP Masked Status DSP Clear Int DSP Mask Control DSP Int Config. Force Host Int H / E Error Code Host Unmasked Status Host Masked Status Host Clear Int Host Mask Control Host Int Config. Force DSP Int H / E Error Code Interrupt source current states - prior to mask R Interrupt source current states - post mask W Clear selected Interrupt R / W 0x0000 Interrupt mask register R / W 0x0001 DSP Interrupt configuration register Force interrupt to Host (PCI) W R / W 0x0000 Provides the H / E Error Code (write 0 clears) Interrupt source current states - prior to mask R Interrupt source current states - post mask W Clear selected interrupt R / W 0x0000 Interrupt mask register R / W 0x0001 Host interrupt configuration register W Force interrupt to DSP R 0x0000 Provides the H / E Error Code (write 0 clears) R R -
Host-Visible Registers: N / A 0x0080 N / A N / A N / A N / A N / A N / A 0x0084 0x0084 0x0088 0x008C 0x0090 0x0094
IDMA INTERFACE REGISTERS Host-Visible Registers: 0x3FE0 0x00A0 N / A N / A 0x0050 IDMA Indirect Address Address latch for IDMA Indirect transfers (also specifies DM or PM) R / W 0x0001 IDMA Configuration (Direct or Indirect) R / W 32K IDMA Data Range (Explicit address for Direct, any address for Indirect) W -
0x00A4 0x0052 IDMA Config. 0x8000-FFFF 0x4000-7FFF IDMA Data
0x1900 0x1901 0x1902 0x1903 0x1904 0x1905 0x1906 0x1907 0x1908 0x1909 0x190A 0x190B 0x190C 0x190F
Table 1 ADSP 2141 Unprotected Register Set
IRE Secure Solutions
PROTECTED REGISTERS
DSP ADDRESS (word) REGISTER NAME R / W Reset Default DESCRIPTION
Byte count, for hash resume: Crypto Context 0
Key 3, for Triple DES: Crypto Context 1 Key 2, for Triple DES: Crypto Context 1 Key 1, for Triple DES or DES: Context 1 IV for key decryption: Crypto Context 1 IV for data encrypt / decrypt: Crypto Context 1 (Inner) Digest: Crypto Context 1 Outer Digest: Crypto Context 1 Byte count, for hash resume: Crypto Context 1 FIFO: Data In / Data Out
Table 2 ADSP 2141 Protected Register Set
IRE Secure Solutions
CHAPTER 3. BUS INTERFACES
The ADSP 2141 supports multiple bus interfaces in order to allow it to be integrated into a wide variety of host systems. These buses are: · Host Processor bus PCI (also Cardbus) - or 2183 IDMA · External Memory Interface (EMI) bus
These buses will be described in the following sections.
Host Bus Mode Selection
Table 3 Bus Mode Selection A number of pins on the ADSP 2141 are internally multiplexed in order to change bus personalities. Refer to the ADSP2141 SafeNet DSP Datasheet for pin assignments. Note also that the 32-bit DMA engine is only enabled for the PCI bus mode. This selection may not be changed after the ADSP 2141 comes out of power-up Reset. It is typically expected that the Bus Mode signals are tied to ground or VDD on the PC Board.
2183 IDMA Host Processor Bus
IRE Secure Solutions
PCI / Cardbus Host Processor Bus
When the ADSP 2141 is configured for the PCI host bus mode, the Multiplex bus pins become personalized to directly connect to a 3.3V PCI local bus. The PCI core on the ADSP 2141 is compliant with version 2.1 of the standard and supports a 32-bit wide bus. The PCI clock speed may be run from 10MHz to 66MHz2, and it may be asynchronous to the ADSP 2141 master clock.
3.3.1 PCI Interface Specifications
The PCI interface does NOT support the following: · I / O Mode Read / Write · · Fast Back-to-Back transactions Memory Write Invalidate operations
3.3.2 PCI Address Map
The ADSP 2141 appears as a Target on the PCI Bus with a single contiguous memory space of 128k bytes. The ADSP 2141 presents a 17 bit 16:0 address interface as a PCI Target. Inbound PCI address bits 31:17 are decoded by the ADSP 2141 PCI core to determine whether or not the PCI access matches the PCI Memory Base Address Register, thus determining whether the access is to the ADSP 2141 or not. However, bits 31:17 are not otherwise reflected in the ADSP 2141 register addresses.
0x1FFFF 64K External Memory Page (Window into External Memory selected by Target Page Register) 128 kbytes
Byte Address (above base)
0x10000 0x0FFFF
64 kbytes IDMA access to internal DSP data memory or program memory Reserved Kernel RAM ADSP 2141 Registers 32 kbytes
0x08000 0x04000 0x00000
PCI Base Address
Figure 5 PCI Target Mode Memory Map
66MHz rating is pending IC characterization - 12 Rev 5
IRE Secure Solutions
3.3.3 PCI Target Mode Transfers
3.3.4 PCI Master Mode Transfers
The ADSP 2141 can use PCI Master Mode transfers for the most efficient transfer of data into or out of the device. Master mode transfers are always performed under control of the DSP. Refer to CHAPTER 4 for more information on the DMA controller and initiating master transfers.
3.3.5 PCI Transfers Using IDMA
In order to allow PCI access to the internal Program Memory (PM) and Data Memory (DM) of the ADSP 2141, the IDMA engine must be used. A state machine in the ADSP 2141 interfaces between the 16-bit internal IDMA interface and the 32-bit PCI interface.
IRE Secure Solutions
PCI IDMA Latency
Since the IDMA process requires 5 or more ADSP 2141 clock cycles for each word it transfers, its throughput cannot match that of the PCI bus. For Host Target writes to IDMA memory, burst transfers should be limited to 8 dwords or fewer, since the PCI core FIFO can store that many while it waits for IDMA completion. For Host Target PCI / IDMA reads, only one dword should be accessed at a time, since the latency of an IDMA read typically causes a PCI abort and retry. The requested data will be available by the time the retry occurs, so the PCI access will succeed. However, a second word of IDMA data may not be ready during that PCI cycle.
PCI Access to Program Memory
IDMA Indirect Address Register (IADDR)
IRE Secure Solutions
IDMA Configuration Register (IDMACFG)
3.3.6 PCI Core Configuration Registers
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
I / O and Dual Base mapping of the ADSP 2141 is not supported. These registers will always read back as 0
Table 4 PCI Configuration Registers
IRE Secure Solutions
Interrupt Line Retry Timeout Value TRDY Timeout Value
PCI Command Register (visible only at Host) Bit Description 15:10 Reserved 9 Master Fast Back-to-Back Enable 8 System Error (SERR#) Enable
IRE Secure Solutions
Wait Cycle Control / Address Stepping Enable Parity Error Enable VGA Snoop Enable Memory Write and Invalidate Enable Special Cycles Enable Bus Master Enable Memory Access Enable I / O Access Enable
In a typical system, the BIOS would write a value of 0x01C6 to the Command Register in order to enable Bus Mastering, Memory-mapped access, and error reporting.
External Memory Interface
The External Memory Interface (EMI) bus is a logical extension to the EMI bus presented on a standard ADSP 218x processor. The ADSP 2141 has enhanced this bus as follows: · · Extended data bus width from 8 / 16 / 24-bits to 8 / 16 / 24 / 32-bits Additional Addressing: from 14-bits (16k words) to 26-bits (64M words) for both PM and DM
The EMI interface can support multiple memory types including: I / O, Program Memory (PM), Byte Memory (BM), and 16-bit or 32-bit Data Memory (DM).
3.4.1 EMI Data Memory Width
IRE Secure Solutions
3.4.2 EMI Bus Arbitration (DMA / DSP)
3.4.3 EMI Bus Request / Grant
ADSP 2141
Host Bus Memory etc.
Tri-state EMI Bus
Crypto Registers, etc.
DSP Core
Co-Processor
EXMEMCFG
IN T See text
Figure 6 EMI Bus Request / Grant
IRE Secure Solutions
CHAPTER 4. 32-BIT DMA CONTROLLER
4.1 Overview
The ADSP 2141 integrates a high-performance 32-bit DMA controller in order to facilitate bulk data movements within the chip without requiring continuous DSP supervision. The DMA subsystem allows 32-bit transfers to occur within the ADSP 2141 at up to 40 Mwords per second (160 Mbytes / s). The 32-bit DMA controller is only enabled when the PCI bus mode is selected (section 3.3). The following figure illustrates the functionality of the 32-bit DMA subsystem.
ADSP 2183 DSP Core EMI
EMI Bus
Master
DSP Registers
Host Addr Low Host Addr Hi Local Addr Low
CONTROL
Target
Hardware Control
Arbiter
Local Addr Hi DMA Command Status / Config. PCI Status / Config. PCI ExtMem Status
Host Registers
PCI Target Page PCI Target Read Cnt Endian Select
32-bit Bus
Internal DM (16k x 16) IDMA Internal PM (16k x 24)
DMA xfer queued int DMA xfer complete int
Working Registers
Kernel RAM (4k x 16)
16 Case 1
Local addr.
Host addr.
DMA ENGINE
Case 3 Case 2
PCI Bus
Crypto Registers, AppRegs (mailbox)
Host addr.
Local addr.
ADSP 2141 Boundary
External Memory (16k x 32, 256k x 32, External Memory 1M x 32, etc.)
Figure 7 32-bit DMA Subsystem
Hash / Encrypt
IRE Secure Solutions
DMA Controller Functional Description
4.2.1 DMA Arbitration - Master vs. Target
4.2.2 DMA Arbitration - Software Applications
4.2.3 Memory Arbitration
IRE Secure Solutions
Memory Space External Memory
Kernel RAM (KRAM) H / E Control Regs
KMRAMCTRL KMHECTRL
Kernel Kernel
KMHEDATACTRL
Kernel
4.2.4 DSP Initiated Transfers (Master Mode)
DSP / Crypto includes: All Crypto registers, Hash / Encrypt block, IDMA to DSP internal RAM, and Kernel RAM - if unlocked.
For most DMA transactions, both the source and destination address pointers will be automatically incremented for each word transferred. The only exceptions to this are when either the source or destination of a transfer is: · · · Hash / Encrypt Input FIFO Hash / Encrypt Output FIFO IDMA Data Register (Indirect mode only)
IRE Secure Solutions
Memory Map
0x07FFF IDMA access to internal DSP data memory or program memory 0x04000 Word Address 0x02000 Reserved Kernel RAM
32 kwords
16 kwords
0x00000
ADSP 2141 Registers
IRE Secure Solutions
DMA Control Flow
The following steps are typically followed for a DSP-initiated Master transfer:
Enter
Set-up Source / Destination Addr.
Write Command register w / byte count & other control data
Wait 2 cycles
Poll Master Tranfer Active
Figure 9 Master DMA flowchart
4.2.5 PCI Host Initiated Transfers (Target Mode)
IRE Secure Solutions
Any fetch-ahead reads in IDMA memory space if Indirect mode is used (3.3.5). This is because the IDMA address is automatically incremented for each read. Any extra fetches would cause the memory pointer to be higher than expected for the next IDMA read.
4.2.6 Byte Enables (PCI)
IRE Secure Solutions
Note that all accesses from the PCI bus (Target or Master) to ADSP 2141 External Memory should occur on 32bit dword boundaries for proper operation. The two least-significant PCI address bits (A0, A1) are in fact not passed to the EMI interface in the ADSP 2141.
DMA Register Set
A set of memory-mapped control and status registers are used to operate the DMA controller. These are considered Unprotected Registers, and therefore are visible to either the DSP running in User mode or to an outside PCI bus entity. They are summarized in Table 5 and described in detail in the following subsections.
DSP ADDRESS (word) TARGET ADDRESS (byte) DMA Local ADDRESS (word) Reset Default
REGISTER NAME
DESCRIPTION
DMA & PCI REGISTERS DSP-Visible Registers: 0x1840 N / A 0x1841 N / A 0x1842 N / A 0x1843 N / A 0x1844 N / A 0x1845 N / A 0x1846 N / A 0x1847 N / A PCI Host-Visible Registers: N / A 0x00C0 N / A N / A 0x00C4 0x00C8 N / A N / A N / A N / A N / A N / A N / A N / A 0x0060 0x0062 0x0064 Host Address 15:0 Host Address 31:16 Local Address 15:0 Local Address 31:16 Command Status / Config. PCI Core Status / Config. PCI Extmem Status PCI Target Page PCI Target Read Count Endian R / W Lower 16-bits of Host Address R / W Upper 16-bits of Host Address R / W Lower 16-bits of Local Address R / W Upper 16-bits of Local Address R / W 0x0000 DMA Command R / W 0x8000 Status / Configuration Register for DMA R / W 0x8800 Status / Configuration for PCI core R PCI External Memory Status R / W 0x0000 Target Page specifier when ADSP 2141 External Memory is Target R / W 0x00FF Maximum number of dwords for Target Read Transfer R / W 0x0000 Big / Little Endian select
Table 5 DMA Controller Register Set
4.3.1 DMA Host Address Low Register (DMAHAL)
IRE Secure Solutions
4.3.2 DMA Host Address High Register (DMAHAH)
This 16-bit Read / Write register allows the DSP Software to configure the upper 16 bits of a PCI Host Address for a Master mode transaction. If the transfer is between External Memory and the DSP memory space (case 3), then this register holds the 10 most-significant bits of the External Address 25:16. Note that this is a byte address. Register Address (READ / WRITE) DSP PCI - Target PCI - Master 0x1841 Not Visible Not Visible
4.3.3 DMA Local Address Low Register (DMALAL)
This 16-bit Read / Write register allows the DSP Software to configure the lower 16 bits of Local (ADSP 2141) Address for a PCI Master transaction. If the transfer is to / from the DSP / Crypto-register space (cases 1 & 3), then this will be an address from column 3 of Table 1 in section 2.2. If the transfer is between a PCI Host and External Memory (case 2), then this register holds the 16 leastsignificant bits of the External Address 15:0. Note that this is a 16-bit word address as shown in Figure 8. Since all DMA to external memory is based on dwords, the lsb is forced to 0 in the internal processing. Register Address (READ / WRITE) DSP PCI - Target PCI - Master 0x1842 Not Visible Not Visible
IRE Secure Solutions
4.3.4 DMA Local Address High Register (DMALAH)
4.3.5 DMA Command Register (DMACMD)
IRE Secure Solutions
4.3.6 DMA Status / Configuration Register (DMASC)
This 16-bit Read / Write register allows the DSP to configure / monitor the DMA function. The first 2 bits are Read / Write and select the Wait States when the DMA engine is transferring to or from External Memory. Note that this may or may not be the same number of Wait States selected internal to the DSP in the DWAIT bits of the Wait State Control Register. There are slight timing differences between DSP and DMA access which might result in different wait state settings. Bit 2 is a Read-Only status bit which reflects the Host-selected Endian state. All memory and registers within the DSP are Little Endian. The Endian bit determines whether or not the ADSP 2141 has to do Endian conversion on data to / from the host. The next three bits 3-5 indicate the busy status of the DMA engine for each of its three modes: · Bit 3 set to 1 indicates that a DSP-initiated master transfer is running (could be case 1, 2 or 3). Note that when this bit transitions from 1 to 0, it may cause a Master PCI Transfer Complete interrupt to occur (see section 7.3.1). Generally, it is recommended to read the state of this bit along with bit 15, Command Register Available, to determine whether a newly requested master transfer is running. (In some cases, a previously submitted master transfer could have been postponed due to an intervening target transfer.) Bit 4 set to 1 indicates that a Host-initiated target transfer is running (could be case 1 or 2). Bit 5 set to 1 is a further qualifier on Bit 3 (i.e. bit 3 will also be set): It indicates that the transaction is for case 3 a Local to / from External Memory transfer. Bit 12 indicates that the PCI core has completed a DSP-initiated master transfer. Bit 13 indicates that the PCI core has detected a PCI parity error on the bus. Bit 14 indicates that the PCI core has experienced a PCI fatal error.
Bits 12-14 provide PCI core status to the DSP: · · ·
The last bit 15 indicates that the DSP may write into the DMA engine register set. (Note that another DMA transfer may be underway, but since the DSP side has double-buffered registers, another set of addresses and a command may be queued. Note that when this bit transitions from 0 to 1, it may cause a Master PCI Transfer Queued interrupt to occur (see section 7.3.1). Register Address (READ / WRITE) DSP PCI - Target PCI - Master 0x1845 Not Visible Not Visible
Control (R / W)
Status (R / O)
IRE Secure Solutions
4.3.7 PCI Core Status / Configuration Register (PCICSC)
This 16-bit Read / Write register allows the DSP to configure and monitor the PCI Core function. This register is not normally accessed for most applications. The first 7 bits allow the DSP to terminate PCI transfers under abnormal circumstances. The last 8 bits provide real-time visibility of PCI core operation status. Register Address (READ / WRITE) DSP PCI - Target PCI - Master 0x1846 Not Visible Not Visible
Target Force Retry Target Force Abort Target Transmit FIFO Flush Target Receive FIFO Flush Master Transmit FIFO Flush Master Receive FIFO Flush Force End Transfer Reserved (set to 0 on write) Target Transmit FIFO Write Target Transmit FIFO Full Target Receive FIFO Read Target Receive FIFO Empty Master Transmit FIFO Write Master Transmit FIFO Full Master Receive FIFO Read Master Receive FIFO Empty
Control (R / W)
Status (R / O)
4.3.8 DMA External Memory Status Register (DMAEMS)
This 16-bit Read only register reports the status of External memory and Master DMA transfers. The leastsignificant 8-bits report on the current dword count of a transfer. They will start initialized to the number of dwords in the transfer and will decrement down to 0. Bit 8 indicates if the External Memory bus is in use by the DMA engine. Register Address (READ ONLY) PCI - Target PCI - Master Not Visible Not Visible
DSP 0x1847
IRE Secure Solutions
4.3.9 PCI Target Page Register (TARGPAGE)
Following are the bit definitions for the Target Page Register. These are used in order to select the 64 kbyte page which the PCI Host may access for a Target read or write. This register is not used for DSP-initiated (Master) transfers. Note that this register is only visible to the PCI Host processor. Register Address (READ / WRITE) PCI - Target PCI - Master 0x00C0 0x0060
4.3.10 Target Read Count Register (TARGRDCNT)
This register specifies the maximum number of dwords to fetch after a Target mode read has begun. (This is not applicable for Target writes or Master reads / writes.) Since Target reads can sometimes timeout due to the access latencies in the path from PCI core to the addressed location, it is desirable to fetch enough data so that on the PCI re-try, sufficient data will be available in the PCI core read FIFO to complete the transaction. On the other hand, anticipatory fetching data from an internal FIFO such as the Hash / Encrypt data FIFO can be dangerous. If the Target read only requires 2 bytes from the FIFO, and 8 bytes are pre-fetched, then data will be lost. For Target reads of the FIFOs, this register should be programmed with the exact size of the desired transfer. Register Address (READ / WRITE) PCI - Target PCI - Master 0x00C4 0x0062
Maximum number of dwords to fetch on Target read (0 - 255) Reserved
IRE Secure Solutions
4.3.11 Endian Register (PCIENDIAN)
The following figure illustrates the behavior of the Endian swapper (see also section 5.2.10):
31 PCI Bus 0
Endian Swapper
31 ADSP 2141 Internal 32-bit Bus
IRE Secure Solutions
CHAPTER 5. HASH / ENCRYPT SUBSYSTEM
Hash and Encrypt Block Overview
The Encrypt Block is tightly coupled to the Hash Block in the ADSP 2141 and therefore the two are discussed together. Refer to Figure 10 for the following description: The algorithms implemented in the Combined Hash and Encryption Block are: DES, Triple DES, MD5 and SHA-1. Data can be transferred to and from the module once to perform both hashing and encryption on the same data stream. The DES encrypt / decrypt operations are highly paralleled and pipelined, and execute full 16-round DES in only 4 clock cycles. The internal data flow and buffering allows parallel execution of hashing and encryption where possible, and allows processing of data concurrently with I / O of previous and subsequent blocks. Context switching is optimized to minimize the overhead of changing cryptographic keys to near zero.
Register Address
512-bit FIFO
16 / 32-bit Input Bus
16 / 32-bit Output Bus
Pad Insertion
Pad Consume & Verify
DSP or PCI
DSP or PCI,
Encrypt / Decrypt Block
Write Context
Context Storage (0 / 1) 512-bit FIFO Hash Block
Read Context
Hash Digest
Mutable Bit Handle
Pad Insertion
(Encrypt-then-Hash) (Decrypt-then-Hash)
IRE Secure Solutions
5.1.1 Crypto Contexts
|
