Tags
- Wireless
- SiM3C1xx
- Security
- EFR32FG1V132F256GM32
- EFR32FG1V132F128GM48
- EZR32WG
- Errata
- USBXPress Kits
- EFM32PG1B100F128GM32
- EFR32FG1V132F64GM32
- Blue Gecko Bluetooth Low Energy SoCs
- Software Development Kits
- EFR32BG1V132F256GM32
- EFM32ZG-STK3200
- Wonder Gecko
- EFR32FG1V132F128GM32
- Knowledge Base Articles
- EFM32G-DK3550
- SiM3U1xx
- EFM32GG11B820F2048GL192
- Pearl Gecko
- Simplicity Studio
- Tiny Gecko
- Mighty Gecko SoCs
- EFR32MG1V132F256GM48
- Precision32 Development Suite
- Blue Gecko Bluetooth Low Energy Modules
- Compilers
- DC-DC Converters
- EFR32BG1V132F128GM32
- RF Hardware
- Tiny Gecko S1
- Giant Gecko
- EFR32MG1V132F256GM32
- EFM32GG-DK3750
- IAR Embedded Workbench IDE
- 32-bit MCUs
- Gecko
- 32-bit MCU SDK
- Leopard Gecko
- Gecko SDK
- EFR32FG1V132F64GM48
- Bluetooth SDK
- SiM3L1xx
- EZR32HG
- Jade Gecko
- Giant Gecko S1
- EZR32LG
- Flex Gecko
- 8-bit MCUs
- Zero Gecko
- EFR32FG1V132F256GM48
- Happy Gecko
- EFM32WG-DK3850
- EFR32BG1V132F256GM48
- EFM32LG-DK3650
- 32-bit MCU Kits
- EFR32BG1V132F128GM48
- Interface
Top Authors
Archives
- 2016 January
- 2016 February
- 2016 March
- 2016 April
- 2016 May
- 2016 June
- 2016 July
- 2016 August
- 2016 September
- 2016 October
- 2016 November
- 2016 December
- 2017 January
- 2017 February
- 2017 March
- 2017 April
- 2017 May
- 2017 June
- 2017 July
- 2017 August
- 2017 September
- 2017 October
- 2017 November
- 2017 December
- 2018 January
- 2018 February
- 2018 March
- 2018 April
- 2018 May
- 2018 June
- 2018 July
- 2018 August
- 2018 September
- 2018 October
- 2018 November
- 2018 December
- 2019 January
- 2019 February
- 2019 March
- 2019 April
- 2019 May
- 2019 June
- 2019 November
- 2020 January
- 2020 March
- 2020 April
- 2020 May
- 2020 June
- 2020 October
What is the TRNG (True Random Number Generator) start-up time?
Can you provide some information about how long it takes for the TRNG to start outputting data, particularly after exiting a low energy mode?
As shown in this diagram...
...the TRNG (True Random Number Generator) consists of several sub-blocks that operate together to generate cryptographically secure random numbers. Each of these sub-blocks takes a certain number of clock cycles to do its part of the process.
The "random" part of the TRNG is provided by ring oscillators that make up the entropy source and run asynchronously to the rest of the system. Because the entropy source is asynchronous, we can speak of it in a way similar to an analog-to-digital converter in that its output is "sampled" by the upstream sub-blocks in the TRNG, the clock for which is the HFPERCLK.
So, once the power is supplied, the entropy source begins running, but, naturally, needs some time to "warm-up" before its output is sufficiently random. This start-up delay is determined by the TRNG_INITWAITVAL register and defaults to the maximum possible 256 clocks, which should not be reduced.
How exactly do we know that the output from the entropy source is "sufficiently random?" Obviously, just assuming that 256 clocks is enough because it's the maximum possible value for a register does not sound particularly robust. Instead, the TRNG includes sub-blocks which test if the output of the entropy source meets standards of cryptographic randomness. Specifically, these sub-blocks execute the National Institute of Standards repetition count and adaptive proportion tests with window sizes of 64 and 4096 bits, respectively, as described in standard NIST-800-90B and the Bundesamt für Sicherheit in der Informationstechnik online test described in AIS 31. These tests run in parallel such that the associated delay is 4096 clocks because of the 4096-bit adaptive proportion test.
Whitening, which is the conditioning of the entropy source output to reduce bias and correlation, occurs after the integrity tests run. This takes 128 clocks and is enabled by default because the TRNG_CONTROL register CONDBYPASS = 0 out of reset.
Filling of the output FIFO is the last step in the start-up process and takes 64 words × 32 clocks (bits) / word = 2048 clocks.
Summing up these components, we see that the TRNG takes...
256 (INITWAITVAL) + 4096 (entropy tests) + 128 (whitening) + 2048 (FIFO fill) = 6528 clocks
...which would be about 344 µs at the default HFRCO frequency of 19 MHz.
This delay is incurred not only when the module is first enabled but also upon wake-up from the EM2 and EM3 low-energy modes. Sampling of the entropy source, integrity testing, output whitening/conditioning, and, of course, the output FIFO all run from the HFPERCLK, which, along with the entropy source itself, is disabled in EM2 and EM3. Upon wake-up, all of these must restart, thus necessitating the delay.
Giant Gecko 12 deviates from the figure presented above. Its TRNG_INITWAITVAL register defaults to 1024 instead of 256, yielding a net delay of 1024 (INITWAITVAL) + 4096 (entropy tests) + 128 (whitening) + 2048 (FIFO fill) = 7296 clocks.